diff options
| author | Enji Cooper <ngie@FreeBSD.org> | 2026-01-29 01:30:35 +0000 |
|---|---|---|
| committer | Enji Cooper <ngie@FreeBSD.org> | 2026-01-29 01:30:35 +0000 |
| commit | 677808048e318ef0c4ad69c0c2cc8d82167bffbe (patch) | |
| tree | bef7f1ad0365b42b56b6b8082996024b8483b96b /ssl | |
| parent | 12b8f7324509729dbf5c06c0e8fbc4723d3eefb3 (diff) | |
Diffstat (limited to 'ssl')
52 files changed, 10416 insertions, 10215 deletions
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index be3159b32a9f..f5d4b5ebd574 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -24,7 +24,7 @@ static int ssl_new(BIO *h); static int ssl_free(BIO *data); static long ssl_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); typedef struct bio_ssl_st { - SSL *ssl; /* The ssl handle :-) */ + SSL *ssl; /* The ssl handle :-) */ /* re-negotiate every time the total number of bytes is this size */ int num_renegotiates; unsigned long renegotiate_count; @@ -37,11 +37,11 @@ static const BIO_METHOD methods_sslp = { BIO_TYPE_SSL, "ssl", ssl_write, - NULL, /* ssl_write_old, */ + NULL, /* ssl_write_old, */ ssl_read, - NULL, /* ssl_read_old, */ + NULL, /* ssl_read_old, */ ssl_puts, - NULL, /* ssl_gets, */ + NULL, /* ssl_gets, */ ssl_ctrl, ssl_new, ssl_free, @@ -258,7 +258,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; case BIO_C_SSL_MODE: - if (num) /* client mode */ + if (num) /* client mode */ SSL_set_connect_state(ssl); else SSL_set_accept_state(ssl); @@ -430,7 +430,7 @@ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) if ((ret = BIO_push(buf, ssl)) == NULL) goto err; return ret; - err: +err: BIO_free(buf); BIO_free(ssl); #endif @@ -449,7 +449,7 @@ BIO *BIO_new_ssl_connect(SSL_CTX *ctx) if ((ret = BIO_push(ssl, con)) == NULL) goto err; return ret; - err: +err: BIO_free(ssl); BIO_free(con); #endif diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 034851d0b58b..3b4328d3c35a 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -137,14 +137,14 @@ void dtls1_clear_sent_buffer(SSL *s) * enc_write_ctx/write_hash and they can be freed */ if (s->enc_write_ctx - != frag->msg_header.saved_retransmit_state.enc_write_ctx) + != frag->msg_header.saved_retransmit_state.enc_write_ctx) EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state - .enc_write_ctx); + .enc_write_ctx); if (s->write_hash - != frag->msg_header.saved_retransmit_state.write_hash) + != frag->msg_header.saved_retransmit_state.write_hash) EVP_MD_CTX_free(frag->msg_header.saved_retransmit_state - .write_hash); + .write_hash); } dtls1_hm_fragment_free(frag); @@ -152,7 +152,6 @@ void dtls1_clear_sent_buffer(SSL *s) } } - void dtls1_free(SSL *s) { DTLS_RECORD_LAYER_free(&s->rlayer); @@ -286,10 +285,10 @@ void dtls1_start_timer(SSL *s) /* Add duration to current time */ - sec = s->d1->timeout_duration_us / 1000000; + sec = s->d1->timeout_duration_us / 1000000; usec = s->d1->timeout_duration_us - (sec * 1000000); - s->d1->next_timeout.tv_sec += sec; + s->d1->next_timeout.tv_sec += sec; s->d1->next_timeout.tv_usec += usec; if (s->d1->next_timeout.tv_usec >= 1000000) { @@ -298,7 +297,7 @@ void dtls1_start_timer(SSL *s) } BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, - &(s->d1->next_timeout)); + &(s->d1->next_timeout)); } struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft) @@ -314,9 +313,7 @@ struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft) get_current_time(&timenow); /* If timer already expired, set remaining time to 0 */ - if (s->d1->next_timeout.tv_sec < timenow.tv_sec || - (s->d1->next_timeout.tv_sec == timenow.tv_sec && - s->d1->next_timeout.tv_usec <= timenow.tv_usec)) { + if (s->d1->next_timeout.tv_sec < timenow.tv_sec || (s->d1->next_timeout.tv_sec == timenow.tv_sec && s->d1->next_timeout.tv_usec <= timenow.tv_usec)) { memset(timeleft, 0, sizeof(*timeleft)); return timeleft; } @@ -373,7 +370,7 @@ void dtls1_stop_timer(SSL *s) memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout)); s->d1->timeout_duration_us = 1000000; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, - &(s->d1->next_timeout)); + &(s->d1->next_timeout)); /* Clear retransmission buffer */ dtls1_clear_sent_buffer(s); } @@ -387,8 +384,7 @@ int dtls1_check_timeout_num(SSL *s) /* Reduce MTU after 2 unsuccessful retransmissions */ if (s->d1->timeout_num_alerts > 2 && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { - mtu = - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); + mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); if (mtu < s->d1->mtu) s->d1->mtu = mtu; } @@ -436,13 +432,13 @@ static void get_current_time(struct timeval *t) GetSystemTime(&st); SystemTimeToFileTime(&st, &now.ft); /* re-bias to 1/1/1970 */ -# ifdef __MINGW32__ +#ifdef __MINGW32__ now.ul -= 116444736000000000ULL; -# else +#else /* *INDENT-OFF* */ now.ul -= 116444736000000000UI64; /* *INDENT-ON* */ -# endif +#endif t->tv_sec = (long)(now.ul / 10000000); t->tv_usec = ((int)(now.ul % 10000000)) / 10; #else @@ -450,8 +446,8 @@ static void get_current_time(struct timeval *t) #endif } -#define LISTEN_SUCCESS 2 -#define LISTEN_SEND_VERIFY_REQUEST 1 +#define LISTEN_SUCCESS 2 +#define LISTEN_SEND_VERIFY_REQUEST 1 #ifndef OPENSSL_NO_SOCK int DTLSv1_listen(SSL *s, BIO_ADDR *client) @@ -505,7 +501,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) buf = RECORD_LAYER_get_rbuf(&s->rlayer)->buf; wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf; #if defined(SSL3_ALIGN_PAYLOAD) -# if SSL3_ALIGN_PAYLOAD != 0 +#if SSL3_ALIGN_PAYLOAD != 0 /* * Using SSL3_RT_HEADER_LENGTH here instead of DTLS1_RT_HEADER_LENGTH for * consistency with ssl3_read_n. In practice it should make no difference @@ -514,7 +510,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) */ align = (size_t)buf + SSL3_RT_HEADER_LENGTH; align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD); -# endif +#endif #endif buf += align; @@ -522,8 +518,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) /* Get a packet */ clear_sys_error(); - n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH - + DTLS1_RT_HEADER_LENGTH); + n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH + DTLS1_RT_HEADER_LENGTH); if (n <= 0) { if (BIO_should_retry(rbio)) { /* Non-blocking IO */ @@ -554,7 +549,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) if (s->msg_callback) s->msg_callback(0, 0, SSL3_RT_HEADER, buf, - DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); + DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); /* Get the record header */ if (!PACKET_get_1(&pkt, &rectype) @@ -617,7 +612,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) } /* Message sequence number can only be 0 or 1 */ - if (msgseq > 2) { + if (msgseq > 1) { ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SEQUENCE_NUMBER); goto end; } @@ -637,8 +632,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, data, - fraglen + DTLS1_HM_HEADER_LENGTH, s, - s->msg_callback_arg); + fraglen + DTLS1_HM_HEADER_LENGTH, s, + s->msg_callback_arg); if (!PACKET_get_net_2(&msgpayload, &clientvers)) { ERR_raise(ERR_LIB_SSL, SSL_R_LENGTH_MISMATCH); @@ -648,8 +643,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) /* * Verify client version is supported */ - if (DTLS_VERSION_LT(clientvers, (unsigned int)s->method->version) && - s->method->version != DTLS_ANY_VERSION) { + if (DTLS_VERSION_LT(clientvers, (unsigned int)s->method->version) && s->method->version != DTLS_ANY_VERSION) { ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_VERSION_NUMBER); goto end; } @@ -681,7 +675,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) return -1; } if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookiepkt), - (unsigned int)PACKET_remaining(&cookiepkt)) == 0) { + (unsigned int)PACKET_remaining(&cookiepkt)) + == 0) { /* * We treat invalid cookies in the same was as no cookie as * per RFC6347 @@ -705,9 +700,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) */ /* Generate the cookie */ - if (s->ctx->app_gen_cookie_cb == NULL || - s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 || - cookielen > 255) { + if (s->ctx->app_gen_cookie_cb == NULL || s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 || cookielen > 255) { ERR_raise(ERR_LIB_SSL, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); /* This is fatal */ return -1; @@ -723,54 +716,54 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) /* Construct the record and message headers */ if (!WPACKET_init_static_len(&wpkt, - wbuf, - ssl_get_max_send_fragment(s) - + DTLS1_RT_HEADER_LENGTH, - 0) - || !WPACKET_put_bytes_u8(&wpkt, SSL3_RT_HANDSHAKE) - || !WPACKET_put_bytes_u16(&wpkt, version) - /* - * Record sequence number is always the same as in the - * received ClientHello - */ - || !WPACKET_memcpy(&wpkt, seq, SEQ_NUM_SIZE) - /* End of record, start sub packet for message */ - || !WPACKET_start_sub_packet_u16(&wpkt) - /* Message type */ - || !WPACKET_put_bytes_u8(&wpkt, - DTLS1_MT_HELLO_VERIFY_REQUEST) - /* - * Message length - doesn't follow normal TLS convention: - * the length isn't the last thing in the message header. - * We'll need to fill this in later when we know the - * length. Set it to zero for now - */ - || !WPACKET_put_bytes_u24(&wpkt, 0) - /* - * Message sequence number is always 0 for a - * HelloVerifyRequest - */ - || !WPACKET_put_bytes_u16(&wpkt, 0) - /* - * We never fragment a HelloVerifyRequest, so fragment - * offset is 0 - */ - || !WPACKET_put_bytes_u24(&wpkt, 0) - /* - * Fragment length is the same as message length, but - * this *is* the last thing in the message header so we - * can just start a sub-packet. No need to come back - * later for this one. - */ - || !WPACKET_start_sub_packet_u24(&wpkt) - /* Create the actual HelloVerifyRequest body */ - || !dtls_raw_hello_verify_request(&wpkt, cookie, cookielen) - /* Close message body */ - || !WPACKET_close(&wpkt) - /* Close record body */ - || !WPACKET_close(&wpkt) - || !WPACKET_get_total_written(&wpkt, &wreclen) - || !WPACKET_finish(&wpkt)) { + wbuf, + ssl_get_max_send_fragment(s) + + DTLS1_RT_HEADER_LENGTH, + 0) + || !WPACKET_put_bytes_u8(&wpkt, SSL3_RT_HANDSHAKE) + || !WPACKET_put_bytes_u16(&wpkt, version) + /* + * Record sequence number is always the same as in the + * received ClientHello + */ + || !WPACKET_memcpy(&wpkt, seq, SEQ_NUM_SIZE) + /* End of record, start sub packet for message */ + || !WPACKET_start_sub_packet_u16(&wpkt) + /* Message type */ + || !WPACKET_put_bytes_u8(&wpkt, + DTLS1_MT_HELLO_VERIFY_REQUEST) + /* + * Message length - doesn't follow normal TLS convention: + * the length isn't the last thing in the message header. + * We'll need to fill this in later when we know the + * length. Set it to zero for now + */ + || !WPACKET_put_bytes_u24(&wpkt, 0) + /* + * Message sequence number is always 0 for a + * HelloVerifyRequest + */ + || !WPACKET_put_bytes_u16(&wpkt, 0) + /* + * We never fragment a HelloVerifyRequest, so fragment + * offset is 0 + */ + || !WPACKET_put_bytes_u24(&wpkt, 0) + /* + * Fragment length is the same as message length, but + * this *is* the last thing in the message header so we + * can just start a sub-packet. No need to come back + * later for this one. + */ + || !WPACKET_start_sub_packet_u24(&wpkt) + /* Create the actual HelloVerifyRequest body */ + || !dtls_raw_hello_verify_request(&wpkt, cookie, cookielen) + /* Close message body */ + || !WPACKET_close(&wpkt) + /* Close record body */ + || !WPACKET_close(&wpkt) + || !WPACKET_get_total_written(&wpkt, &wreclen) + || !WPACKET_finish(&wpkt)) { ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); WPACKET_cleanup(&wpkt); /* This is fatal */ @@ -785,12 +778,12 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) * last 3 bytes of the message header */ memcpy(&wbuf[DTLS1_RT_HEADER_LENGTH + 1], - &wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3], - 3); + &wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3], + 3); if (s->msg_callback) - s->msg_callback(1, 0, SSL3_RT_HEADER, buf, - DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); + s->msg_callback(1, version, SSL3_RT_HEADER, wbuf, + DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); if ((tmpclient = BIO_ADDR_new()) == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); @@ -863,7 +856,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) return -1; ret = 1; - end: +end: BIO_ADDR_free(tmpclient); return ret; } @@ -881,15 +874,14 @@ int dtls1_shutdown(SSL *s) BIO *wbio; wbio = SSL_get_wbio(s); - if (wbio != NULL && BIO_dgram_is_sctp(wbio) && - !(s->shutdown & SSL_SENT_SHUTDOWN)) { + if (wbio != NULL && BIO_dgram_is_sctp(wbio) && !(s->shutdown & SSL_SENT_SHUTDOWN)) { ret = BIO_dgram_sctp_wait_for_dry(wbio); if (ret < 0) return -1; if (ret == 0) BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, - NULL); + NULL); } #endif ret = ssl3_shutdown(s); @@ -902,16 +894,14 @@ int dtls1_shutdown(SSL *s) int dtls1_query_mtu(SSL *s) { if (s->d1->link_mtu) { - s->d1->mtu = - s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); + s->d1->mtu = s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); s->d1->link_mtu = 0; } /* AHA! Figure out the MTU, and stick to the right size */ if (s->d1->mtu < dtls1_min_mtu(s)) { if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { - s->d1->mtu = - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); + s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); /* * I've seen the kernel return bogus numbers when it doesn't know @@ -921,7 +911,7 @@ int dtls1_query_mtu(SSL *s) /* Set to min mtu */ s->d1->mtu = dtls1_min_mtu(s); BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, - (long)s->d1->mtu, NULL); + (long)s->d1->mtu, NULL); } } else return 0; @@ -931,8 +921,7 @@ int dtls1_query_mtu(SSL *s) static size_t dtls1_link_min_mtu(void) { - return (g_probable_mtu[(sizeof(g_probable_mtu) / - sizeof(g_probable_mtu[0])) - 1]); + return (g_probable_mtu[(sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0])) - 1]); } size_t dtls1_min_mtu(SSL *s) @@ -950,7 +939,7 @@ size_t DTLS_get_data_mtu(const SSL *s) return 0; if (!ssl_cipher_get_overhead(ciph, &mac_overhead, &int_overhead, - &blocksize, &ext_overhead)) + &blocksize, &ext_overhead)) return 0; if (SSL_READ_ETM(s)) diff --git a/ssl/d1_msg.c b/ssl/d1_msg.c index 10438a395545..b16a555eeb46 100644 --- a/ssl/d1_msg.c +++ b/ssl/d1_msg.c @@ -10,7 +10,7 @@ #include "ssl_local.h" int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, - size_t *written) + size_t *written) { int i; @@ -35,7 +35,7 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, int dtls1_dispatch_alert(SSL *s) { int i, j; - void (*cb) (const SSL *ssl, int type, int val) = NULL; + void (*cb)(const SSL *ssl, int type, int val) = NULL; unsigned char buf[DTLS1_AL_HEADER_LENGTH]; unsigned char *ptr = &buf[0]; size_t written; @@ -55,7 +55,7 @@ int dtls1_dispatch_alert(SSL *s) if (s->msg_callback) s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert, - 2, s, s->msg_callback_arg); + 2, s, s->msg_callback_arg); if (s->info_callback != NULL) cb = s->info_callback; diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index 23007533826a..13b895021431 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -21,26 +21,26 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { { - "SRTP_AES128_CM_SHA1_80", - SRTP_AES128_CM_SHA1_80, - }, + "SRTP_AES128_CM_SHA1_80", + SRTP_AES128_CM_SHA1_80, + }, { - "SRTP_AES128_CM_SHA1_32", - SRTP_AES128_CM_SHA1_32, - }, + "SRTP_AES128_CM_SHA1_32", + SRTP_AES128_CM_SHA1_32, + }, { - "SRTP_AEAD_AES_128_GCM", - SRTP_AEAD_AES_128_GCM, - }, + "SRTP_AEAD_AES_128_GCM", + SRTP_AEAD_AES_128_GCM, + }, { - "SRTP_AEAD_AES_256_GCM", - SRTP_AEAD_AES_256_GCM, - }, - {0} + "SRTP_AEAD_AES_256_GCM", + SRTP_AEAD_AES_256_GCM, + }, + { 0 } }; static int find_profile_by_name(char *profile_name, - SRTP_PROTECTION_PROFILE **pptr, size_t len) + SRTP_PROTECTION_PROFILE **pptr, size_t len) { SRTP_PROTECTION_PROFILE *p; @@ -59,7 +59,7 @@ static int find_profile_by_name(char *profile_name, } static int ssl_ctx_make_profiles(const char *profiles_string, - STACK_OF(SRTP_PROTECTION_PROFILE) **out) + STACK_OF(SRTP_PROTECTION_PROFILE) **out) { STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; @@ -75,8 +75,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string, do { col = strchr(ptr, ':'); - if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr) - : strlen(ptr))) { + if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr) : strlen(ptr))) { if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); goto err; @@ -100,7 +99,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string, *out = profiles; return 0; - err: +err: sk_SRTP_PROTECTION_PROFILE_free(profiles); return 1; } diff --git a/ssl/ktls.c b/ssl/ktls.c index ddbfd1447c54..745808d2af90 100644 --- a/ssl/ktls.c +++ b/ssl/ktls.c @@ -11,7 +11,7 @@ #include "internal/ktls.h" #if defined(__FreeBSD__) -# include "crypto/cryptodev.h" +#include "crypto/cryptodev.h" /*- * Check if a given cipher is supported by the KTLS interface. @@ -20,7 +20,7 @@ * supports the cipher suite used at all. */ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, - const EVP_CIPHER_CTX *dd) + const EVP_CIPHER_CTX *dd) { switch (s->version) { @@ -56,10 +56,10 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, /* Function to configure kernel TLS structure */ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, - void *rl_sequence, ktls_crypto_info_t *crypto_info, - unsigned char **rec_seq, unsigned char *iv, - unsigned char *key, unsigned char *mac_key, - size_t mac_secret_size) + void *rl_sequence, ktls_crypto_info_t *crypto_info, + unsigned char **rec_seq, unsigned char *iv, + unsigned char *key, unsigned char *mac_key, + size_t mac_secret_size) { memset(crypto_info, 0, sizeof(*crypto_info)); switch (s->s3.tmp.new_cipher->algorithm_enc) { @@ -70,8 +70,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd); if (crypto_info->iv_len < 0) return 0; - } - else + } else crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN; break; case SSL_AES128: @@ -102,24 +101,24 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, crypto_info->iv = iv; crypto_info->tls_vmajor = (s->version >> 8) & 0x000000ff; crypto_info->tls_vminor = (s->version & 0x000000ff); -# ifdef TCP_RXTLS_ENABLE +#ifdef TCP_RXTLS_ENABLE memcpy(crypto_info->rec_seq, rl_sequence, sizeof(crypto_info->rec_seq)); if (rec_seq != NULL) *rec_seq = crypto_info->rec_seq; -# else +#else if (rec_seq != NULL) *rec_seq = NULL; -# endif +#endif return 1; }; -#endif /* __FreeBSD__ */ +#endif /* __FreeBSD__ */ #if defined(OPENSSL_SYS_LINUX) /* Function to check supported ciphers in Linux */ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, - const EVP_CIPHER_CTX *dd) + const EVP_CIPHER_CTX *dd) { switch (s->version) { case TLS1_2_VERSION: @@ -129,27 +128,27 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, return 0; } - /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128 + /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128 * or Chacha20-Poly1305 */ -# ifdef OPENSSL_KTLS_AES_CCM_128 +#ifdef OPENSSL_KTLS_AES_CCM_128 if (EVP_CIPHER_is_a(c, "AES-128-CCM")) { if (s->version == TLS_1_3_VERSION /* broken on 5.x kernels */ || EVP_CIPHER_CTX_get_tag_length(dd) != EVP_CCM_TLS_TAG_LEN) return 0; return 1; } else -# endif - if (0 -# ifdef OPENSSL_KTLS_AES_GCM_128 - || EVP_CIPHER_is_a(c, "AES-128-GCM") -# endif -# ifdef OPENSSL_KTLS_AES_GCM_256 - || EVP_CIPHER_is_a(c, "AES-256-GCM") -# endif -# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 - || EVP_CIPHER_is_a(c, "ChaCha20-Poly1305") -# endif +#endif + if (0 +#ifdef OPENSSL_KTLS_AES_GCM_128 + || EVP_CIPHER_is_a(c, "AES-128-GCM") +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + || EVP_CIPHER_is_a(c, "AES-256-GCM") +#endif +#ifdef OPENSSL_KTLS_CHACHA20_POLY1305 + || EVP_CIPHER_is_a(c, "ChaCha20-Poly1305") +#endif ) { return 1; } @@ -158,90 +157,87 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, /* Function to configure kernel TLS structure */ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, - void *rl_sequence, ktls_crypto_info_t *crypto_info, - unsigned char **rec_seq, unsigned char *iv, - unsigned char *key, unsigned char *mac_key, - size_t mac_secret_size) + void *rl_sequence, ktls_crypto_info_t *crypto_info, + unsigned char **rec_seq, unsigned char *iv, + unsigned char *key, unsigned char *mac_key, + size_t mac_secret_size) { unsigned char geniv[12]; unsigned char *iiv = iv; - if (s->version == TLS1_2_VERSION && - EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) { + if (s->version == TLS1_2_VERSION && EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) { if (!EVP_CIPHER_CTX_get_updated_iv(dd, geniv, - EVP_GCM_TLS_FIXED_IV_LEN - + EVP_GCM_TLS_EXPLICIT_IV_LEN)) + EVP_GCM_TLS_FIXED_IV_LEN + + EVP_GCM_TLS_EXPLICIT_IV_LEN)) return 0; iiv = geniv; } memset(crypto_info, 0, sizeof(*crypto_info)); - switch (EVP_CIPHER_get_nid(c)) - { -# ifdef OPENSSL_KTLS_AES_GCM_128 + switch (EVP_CIPHER_get_nid(c)) { +#ifdef OPENSSL_KTLS_AES_GCM_128 case NID_aes_128_gcm: crypto_info->gcm128.info.cipher_type = TLS_CIPHER_AES_GCM_128; crypto_info->gcm128.info.version = s->version; crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm128); memcpy(crypto_info->gcm128.iv, iiv + EVP_GCM_TLS_FIXED_IV_LEN, - TLS_CIPHER_AES_GCM_128_IV_SIZE); + TLS_CIPHER_AES_GCM_128_IV_SIZE); memcpy(crypto_info->gcm128.salt, iiv, TLS_CIPHER_AES_GCM_128_SALT_SIZE); memcpy(crypto_info->gcm128.key, key, EVP_CIPHER_get_key_length(c)); memcpy(crypto_info->gcm128.rec_seq, rl_sequence, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); if (rec_seq != NULL) *rec_seq = crypto_info->gcm128.rec_seq; return 1; -# endif -# ifdef OPENSSL_KTLS_AES_GCM_256 +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 case NID_aes_256_gcm: crypto_info->gcm256.info.cipher_type = TLS_CIPHER_AES_GCM_256; crypto_info->gcm256.info.version = s->version; crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm256); memcpy(crypto_info->gcm256.iv, iiv + EVP_GCM_TLS_FIXED_IV_LEN, - TLS_CIPHER_AES_GCM_256_IV_SIZE); + TLS_CIPHER_AES_GCM_256_IV_SIZE); memcpy(crypto_info->gcm256.salt, iiv, TLS_CIPHER_AES_GCM_256_SALT_SIZE); memcpy(crypto_info->gcm256.key, key, EVP_CIPHER_get_key_length(c)); memcpy(crypto_info->gcm256.rec_seq, rl_sequence, - TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); + TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); if (rec_seq != NULL) *rec_seq = crypto_info->gcm256.rec_seq; return 1; -# endif -# ifdef OPENSSL_KTLS_AES_CCM_128 +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 case NID_aes_128_ccm: crypto_info->ccm128.info.cipher_type = TLS_CIPHER_AES_CCM_128; crypto_info->ccm128.info.version = s->version; crypto_info->tls_crypto_info_len = sizeof(crypto_info->ccm128); memcpy(crypto_info->ccm128.iv, iiv + EVP_CCM_TLS_FIXED_IV_LEN, - TLS_CIPHER_AES_CCM_128_IV_SIZE); + TLS_CIPHER_AES_CCM_128_IV_SIZE); memcpy(crypto_info->ccm128.salt, iiv, TLS_CIPHER_AES_CCM_128_SALT_SIZE); memcpy(crypto_info->ccm128.key, key, EVP_CIPHER_get_key_length(c)); memcpy(crypto_info->ccm128.rec_seq, rl_sequence, - TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); + TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); if (rec_seq != NULL) *rec_seq = crypto_info->ccm128.rec_seq; return 1; -# endif -# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 +#endif +#ifdef OPENSSL_KTLS_CHACHA20_POLY1305 case NID_chacha20_poly1305: crypto_info->chacha20poly1305.info.cipher_type = TLS_CIPHER_CHACHA20_POLY1305; crypto_info->chacha20poly1305.info.version = s->version; crypto_info->tls_crypto_info_len = sizeof(crypto_info->chacha20poly1305); memcpy(crypto_info->chacha20poly1305.iv, iiv, - TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE); + TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE); memcpy(crypto_info->chacha20poly1305.key, key, - EVP_CIPHER_get_key_length(c)); + EVP_CIPHER_get_key_length(c)); memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence, - TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE); + TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE); if (rec_seq != NULL) *rec_seq = crypto_info->chacha20poly1305.rec_seq; return 1; -# endif +#endif default: return 0; } - } #endif /* OPENSSL_SYS_LINUX */ diff --git a/ssl/methods.c b/ssl/methods.c index 525f59e91231..07098839058d 100644 --- a/ssl/methods.c +++ b/ssl/methods.c @@ -17,29 +17,29 @@ */ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, - TLS_method, - ossl_statem_accept, - ossl_statem_connect, TLSv1_2_enc_data) + TLS_method, + ossl_statem_accept, + ossl_statem_connect, TLSv1_2_enc_data) IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, - tlsv1_3_method, - ossl_statem_accept, - ossl_statem_connect, TLSv1_3_enc_data) + tlsv1_3_method, + ossl_statem_accept, + ossl_statem_connect, TLSv1_3_enc_data) #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, - tlsv1_2_method, - ossl_statem_accept, - ossl_statem_connect, TLSv1_2_enc_data) + tlsv1_2_method, + ossl_statem_accept, + ossl_statem_connect, TLSv1_2_enc_data) #endif #ifndef OPENSSL_NO_TLS1_1_METHOD IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, - tlsv1_1_method, - ossl_statem_accept, - ossl_statem_connect, TLSv1_1_enc_data) + tlsv1_1_method, + ossl_statem_accept, + ossl_statem_connect, TLSv1_1_enc_data) #endif #ifndef OPENSSL_NO_TLS1_METHOD IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, - tlsv1_method, - ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data) + tlsv1_method, + ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data) #endif #ifndef OPENSSL_NO_SSL3_METHOD IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect) @@ -48,133 +48,133 @@ IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect) * TLS/SSLv3 server methods */ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, - TLS_server_method, - ossl_statem_accept, - ssl_undefined_function, TLSv1_2_enc_data) + TLS_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_2_enc_data) IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, - tlsv1_3_server_method, - ossl_statem_accept, - ssl_undefined_function, TLSv1_3_enc_data) + tlsv1_3_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_3_enc_data) #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, - tlsv1_2_server_method, - ossl_statem_accept, - ssl_undefined_function, TLSv1_2_enc_data) + tlsv1_2_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_2_enc_data) #endif #ifndef OPENSSL_NO_TLS1_1_METHOD IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, - tlsv1_1_server_method, - ossl_statem_accept, - ssl_undefined_function, TLSv1_1_enc_data) + tlsv1_1_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_1_enc_data) #endif #ifndef OPENSSL_NO_TLS1_METHOD IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, - tlsv1_server_method, - ossl_statem_accept, - ssl_undefined_function, TLSv1_enc_data) + tlsv1_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_enc_data) #endif #ifndef OPENSSL_NO_SSL3_METHOD IMPLEMENT_ssl3_meth_func(sslv3_server_method, - ossl_statem_accept, ssl_undefined_function) + ossl_statem_accept, ssl_undefined_function) #endif /*- * TLS/SSLv3 client methods */ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, - TLS_client_method, - ssl_undefined_function, - ossl_statem_connect, TLSv1_2_enc_data) + TLS_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_2_enc_data) IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, - tlsv1_3_client_method, - ssl_undefined_function, - ossl_statem_connect, TLSv1_3_enc_data) + tlsv1_3_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_3_enc_data) #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, - tlsv1_2_client_method, - ssl_undefined_function, - ossl_statem_connect, TLSv1_2_enc_data) + tlsv1_2_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_2_enc_data) #endif #ifndef OPENSSL_NO_TLS1_1_METHOD IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, - tlsv1_1_client_method, - ssl_undefined_function, - ossl_statem_connect, TLSv1_1_enc_data) + tlsv1_1_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_1_enc_data) #endif #ifndef OPENSSL_NO_TLS1_METHOD IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, - tlsv1_client_method, - ssl_undefined_function, - ossl_statem_connect, TLSv1_enc_data) + tlsv1_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_enc_data) #endif #ifndef OPENSSL_NO_SSL3_METHOD IMPLEMENT_ssl3_meth_func(sslv3_client_method, - ssl_undefined_function, ossl_statem_connect) + ssl_undefined_function, ossl_statem_connect) #endif /*- * DTLS methods */ #ifndef OPENSSL_NO_DTLS1_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, - dtlsv1_method, - ossl_statem_accept, - ossl_statem_connect, DTLSv1_enc_data) + dtlsv1_method, + ossl_statem_accept, + ossl_statem_connect, DTLSv1_enc_data) #endif #ifndef OPENSSL_NO_DTLS1_2_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2, - dtlsv1_2_method, - ossl_statem_accept, - ossl_statem_connect, DTLSv1_2_enc_data) + dtlsv1_2_method, + ossl_statem_accept, + ossl_statem_connect, DTLSv1_2_enc_data) #endif IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, - DTLS_method, - ossl_statem_accept, - ossl_statem_connect, DTLSv1_2_enc_data) + DTLS_method, + ossl_statem_accept, + ossl_statem_connect, DTLSv1_2_enc_data) /*- * DTLS server methods */ #ifndef OPENSSL_NO_DTLS1_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, - dtlsv1_server_method, - ossl_statem_accept, - ssl_undefined_function, DTLSv1_enc_data) + dtlsv1_server_method, + ossl_statem_accept, + ssl_undefined_function, DTLSv1_enc_data) #endif #ifndef OPENSSL_NO_DTLS1_2_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2, - dtlsv1_2_server_method, - ossl_statem_accept, - ssl_undefined_function, DTLSv1_2_enc_data) + dtlsv1_2_server_method, + ossl_statem_accept, + ssl_undefined_function, DTLSv1_2_enc_data) #endif IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, - DTLS_server_method, - ossl_statem_accept, - ssl_undefined_function, DTLSv1_2_enc_data) + DTLS_server_method, + ossl_statem_accept, + ssl_undefined_function, DTLSv1_2_enc_data) /*- * DTLS client methods */ #ifndef OPENSSL_NO_DTLS1_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, - dtlsv1_client_method, - ssl_undefined_function, - ossl_statem_connect, DTLSv1_enc_data) + dtlsv1_client_method, + ssl_undefined_function, + ossl_statem_connect, DTLSv1_enc_data) IMPLEMENT_dtls1_meth_func(DTLS1_BAD_VER, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, - dtls_bad_ver_client_method, - ssl_undefined_function, - ossl_statem_connect, DTLSv1_enc_data) + dtls_bad_ver_client_method, + ssl_undefined_function, + ossl_statem_connect, DTLSv1_enc_data) #endif #ifndef OPENSSL_NO_DTLS1_2_METHOD IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2, - dtlsv1_2_client_method, - ssl_undefined_function, - ossl_statem_connect, DTLSv1_2_enc_data) + dtlsv1_2_client_method, + ssl_undefined_function, + ossl_statem_connect, DTLSv1_2_enc_data) #endif IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, - DTLS_client_method, - ssl_undefined_function, - ossl_statem_connect, DTLSv1_2_enc_data) + DTLS_client_method, + ssl_undefined_function, + ossl_statem_connect, DTLSv1_2_enc_data) #ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# ifndef OPENSSL_NO_TLS1_2_METHOD +#ifndef OPENSSL_NO_TLS1_2_METHOD const SSL_METHOD *TLSv1_2_method(void) { return tlsv1_2_method(); @@ -189,9 +189,9 @@ const SSL_METHOD *TLSv1_2_client_method(void) { return tlsv1_2_client_method(); } -# endif +#endif -# ifndef OPENSSL_NO_TLS1_1_METHOD +#ifndef OPENSSL_NO_TLS1_1_METHOD const SSL_METHOD *TLSv1_1_method(void) { return tlsv1_1_method(); @@ -206,9 +206,9 @@ const SSL_METHOD *TLSv1_1_client_method(void) { return tlsv1_1_client_method(); } -# endif +#endif -# ifndef OPENSSL_NO_TLS1_METHOD +#ifndef OPENSSL_NO_TLS1_METHOD const SSL_METHOD *TLSv1_method(void) { return tlsv1_method(); @@ -223,9 +223,9 @@ const SSL_METHOD *TLSv1_client_method(void) { return tlsv1_client_method(); } -# endif +#endif -# ifndef OPENSSL_NO_SSL3_METHOD +#ifndef OPENSSL_NO_SSL3_METHOD const SSL_METHOD *SSLv3_method(void) { return sslv3_method(); @@ -240,9 +240,9 @@ const SSL_METHOD *SSLv3_client_method(void) { return sslv3_client_method(); } -# endif +#endif -# ifndef OPENSSL_NO_DTLS1_2_METHOD +#ifndef OPENSSL_NO_DTLS1_2_METHOD const SSL_METHOD *DTLSv1_2_method(void) { return dtlsv1_2_method(); @@ -257,9 +257,9 @@ const SSL_METHOD *DTLSv1_2_client_method(void) { return dtlsv1_2_client_method(); } -# endif +#endif -# ifndef OPENSSL_NO_DTLS1_METHOD +#ifndef OPENSSL_NO_DTLS1_METHOD const SSL_METHOD *DTLSv1_method(void) { return dtlsv1_method(); @@ -274,6 +274,6 @@ const SSL_METHOD *DTLSv1_client_method(void) { return dtlsv1_client_method(); } -# endif +#endif #endif diff --git a/ssl/pqueue.c b/ssl/pqueue.c index 0852aceacff7..43c252f2d450 100644 --- a/ssl/pqueue.c +++ b/ssl/pqueue.c @@ -60,12 +60,12 @@ pitem *pqueue_insert(pqueue *pq, pitem *item) } for (curr = NULL, next = pq->items; - next != NULL; curr = next, next = next->next) { + next != NULL; curr = next, next = next->next) { /* * we can compare 64-bit value in big-endian encoding with memcmp:-) */ int cmp = memcmp(next->priority, item->priority, 8); - if (cmp > 0) { /* next > item */ + if (cmp > 0) { /* next > item */ item->next = next; if (curr == NULL) @@ -76,7 +76,7 @@ pitem *pqueue_insert(pqueue *pq, pitem *item) return item; } - else if (cmp == 0) /* duplicates not allowed */ + else if (cmp == 0) /* duplicates not allowed */ return NULL; } diff --git a/ssl/record/dtls1_bitmap.c b/ssl/record/dtls1_bitmap.c index 4733a62a9663..cf19be0e5933 100644 --- a/ssl/record/dtls1_bitmap.c +++ b/ssl/record/dtls1_bitmap.c @@ -44,13 +44,13 @@ int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) cmp = satsub64be(seq, bitmap->max_seq_num); if (cmp > 0) { SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq); - return 1; /* this record in new */ + return 1; /* this record in new */ } shift = -cmp; if (shift >= sizeof(bitmap->map) * 8) - return 0; /* stale, outside the window */ + return 0; /* stale, outside the window */ else if (bitmap->map & (1UL << shift)) - return 0; /* record previously received */ + return 0; /* record previously received */ SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq); return 1; diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 3e5ec6aec4dd..414aa9b9c23e 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -106,14 +106,14 @@ void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e) { if (e == rl->d->w_epoch - 1) { memcpy(rl->d->curr_write_sequence, - rl->write_sequence, sizeof(rl->write_sequence)); + rl->write_sequence, sizeof(rl->write_sequence)); memcpy(rl->write_sequence, - rl->d->last_write_sequence, sizeof(rl->write_sequence)); + rl->d->last_write_sequence, sizeof(rl->write_sequence)); } else if (e == rl->d->w_epoch + 1) { memcpy(rl->d->last_write_sequence, - rl->write_sequence, sizeof(unsigned char[8])); + rl->write_sequence, sizeof(unsigned char[8])); memcpy(rl->write_sequence, - rl->d->curr_write_sequence, sizeof(rl->write_sequence)); + rl->d->curr_write_sequence, sizeof(rl->write_sequence)); } rl->d->w_epoch = e; } @@ -170,11 +170,9 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) #ifndef OPENSSL_NO_SCTP /* Store bio_dgram_sctp_rcvinfo struct */ - if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - (SSL_get_state(s) == TLS_ST_SR_FINISHED - || SSL_get_state(s) == TLS_ST_CR_FINISHED)) { + if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && (SSL_get_state(s) == TLS_ST_SR_FINISHED || SSL_get_state(s) == TLS_ST_CR_FINISHED)) { BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, - sizeof(rdata->recordinfo), &rdata->recordinfo); + sizeof(rdata->recordinfo), &rdata->recordinfo); } #endif @@ -223,8 +221,8 @@ int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) * processed yet */ #define dtls1_get_unprocessed_record(s) \ - dtls1_retrieve_buffered_record((s), \ - &((s)->rlayer.d->unprocessed_rcds)) + dtls1_retrieve_buffered_record((s), \ + &((s)->rlayer.d->unprocessed_rcds)) int dtls1_process_buffered_records(SSL *s) { @@ -239,7 +237,7 @@ int dtls1_process_buffered_records(SSL *s) if (item) { /* Check if epoch is current. */ if (s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch) - return 1; /* Nothing to do. */ + return 1; /* Nothing to do. */ rr = RECORD_LAYER_get_rrec(&s->rlayer); @@ -265,8 +263,8 @@ int dtls1_process_buffered_records(SSL *s) * current record is from a different epoch. But that cannot * be the case because we already checked the epoch above */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; } #ifndef OPENSSL_NO_SCTP /* Only do replay check if no SCTP bio */ @@ -294,7 +292,8 @@ int dtls1_process_buffered_records(SSL *s) } if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds), - SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < 0) { + SSL3_RECORD_get_seq_num(s->rlayer.rrec)) + < 0) { /* SSLfatal() already called */ return 0; } @@ -341,12 +340,12 @@ int dtls1_process_buffered_records(SSL *s) * none of our business */ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, - size_t len, int peek, size_t *readbytes) + size_t len, int peek, size_t *readbytes) { int i, j, iret; size_t n; SSL3_RECORD *rr; - void (*cb) (const SSL *ssl, int type2, int val) = NULL; + void (*cb)(const SSL *ssl, int type2, int val) = NULL; if (!SSL3_BUFFER_is_initialised(&s->rlayer.rbuf)) { /* Not initialized yet */ @@ -356,9 +355,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } } - if ((type && (type != SSL3_RT_APPLICATION_DATA) && - (type != SSL3_RT_HANDSHAKE)) || - (peek && (type != SSL3_RT_APPLICATION_DATA))) { + if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -373,7 +370,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, return -1; } - start: +start: s->rwstate = SSL_NOTHING; /*- @@ -397,7 +394,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (BIO_dgram_is_sctp(SSL_get_rbio(s))) { DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *)item->data; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, - sizeof(rdata->recordinfo), &rdata->recordinfo); + sizeof(rdata->recordinfo), &rdata->recordinfo); } #endif @@ -440,7 +437,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * record that isn't an alert. */ if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT - && SSL3_RECORD_get_length(rr) != 0) + && SSL3_RECORD_get_length(rr) != 0) s->rlayer.alert_count = 0; /* we now have a packet which can be read and processed */ @@ -454,7 +451,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * data for later processing rather than dropping the connection. */ if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data), - SSL3_RECORD_get_seq_num(rr)) < 0) { + SSL3_RECORD_get_seq_num(rr)) + < 0) { /* SSLfatal() already called */ return -1; } @@ -486,10 +484,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * make sure that we are not getting application data when we are * doing a handshake for the first time */ - if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && - (s->enc_read_ctx == NULL)) { + if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && (s->enc_read_ctx == NULL)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_APP_DATA_IN_HANDSHAKE); + SSL_R_APP_DATA_IN_HANDSHAKE); return -1; } @@ -533,8 +530,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * app data. If there was an alert and there is no message to read * anymore, finally set shutdown. */ - if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - s->d1->shutdown_received + if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && s->d1->shutdown_received && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) <= 0) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; return 0; @@ -552,20 +548,20 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) { unsigned int alert_level, alert_descr; unsigned char *alert_bytes = SSL3_RECORD_get_data(rr) - + SSL3_RECORD_get_off(rr); + + SSL3_RECORD_get_off(rr); PACKET alert; if (!PACKET_buf_init(&alert, alert_bytes, SSL3_RECORD_get_length(rr)) - || !PACKET_get_1(&alert, &alert_level) - || !PACKET_get_1(&alert, &alert_descr) - || PACKET_remaining(&alert) != 0) { + || !PACKET_get_1(&alert, &alert_level) + || !PACKET_get_1(&alert, &alert_descr) + || PACKET_remaining(&alert) != 0) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_INVALID_ALERT); return -1; } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s, - s->msg_callback_arg); + s->msg_callback_arg); if (s->info_callback != NULL) cb = s->info_callback; @@ -584,7 +580,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rlayer.alert_count++; if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_TOO_MANY_WARN_ALERTS); + SSL_R_TOO_MANY_WARN_ALERTS); return -1; } @@ -595,8 +591,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * after a close_notify alert. We have to check this first so * that nothing gets discarded. */ - if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && - BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) { + if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) { s->d1->shutdown_received = 1; s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); @@ -622,8 +617,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rwstate = SSL_NOTHING; s->s3.fatal_alert = alert_descr; SSLfatal_data(s, SSL_AD_NO_ALERT, - SSL_AD_REASON_OFFSET + alert_descr, - "SSL alert number %d", alert_descr); + SSL_AD_REASON_OFFSET + alert_descr, + "SSL alert number %d", alert_descr); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL3_RECORD_set_read(rr); SSL_CTX_remove_session(s->session_ctx, s->session); @@ -657,8 +652,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* * Unexpected handshake message (Client Hello, or protocol violation) */ - if ((SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) && - !ossl_statem_get_in_handshake(s)) { + if ((SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) && !ossl_statem_get_in_handshake(s)) { struct hm_header_st msg_hdr; /* @@ -666,7 +660,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * at least enough record bytes for a message header */ if (SSL3_RECORD_get_epoch(rr) != s->rlayer.d->r_epoch - || SSL3_RECORD_get_length(rr) < DTLS1_HM_HEADER_LENGTH) { + || SSL3_RECORD_get_length(rr) < DTLS1_HM_HEADER_LENGTH) { SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); goto start; @@ -769,9 +763,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * application data at this point (session renegotiation not yet * started), we will indulge it. */ - if (s->s3.in_read_app_data && - (s->s3.total_renegotiations != 0) && - ossl_statem_app_data_allowed(s)) { + if (s->s3.in_read_app_data && (s->s3.total_renegotiations != 0) && ossl_statem_app_data_allowed(s)) { s->s3.in_read_app_data = 2; return -1; } else { @@ -787,7 +779,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * not all data has been sent or non-blocking IO. */ int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, - size_t *written) + size_t *written) { int i; @@ -801,7 +793,7 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, } int do_dtls1_write(SSL *s, int type, const unsigned char *buf, - size_t len, int create_empty_fragment, size_t *written) + size_t len, int create_empty_fragment, size_t *written) { unsigned char *p, *pseq; int i, mac_size, clear = 0; @@ -841,8 +833,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, sess = s->session; if ((sess == NULL) - || (s->enc_write_ctx == NULL) - || (EVP_MD_CTX_get0_md(s->write_hash) == NULL)) + || (s->enc_write_ctx == NULL) + || (EVP_MD_CTX_get0_md(s->write_hash) == NULL)) clear = 1; if (clear) @@ -851,7 +843,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, mac_size = EVP_MD_CTX_get_size(s->write_hash); if (mac_size < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); + SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); return -1; } } @@ -867,8 +859,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, * haven't decided which version to use yet send back using version 1.0 * header: otherwise some clients will ignore it. */ - if (s->method->version == DTLS_ANY_VERSION && - s->max_proto_version != DTLS1_BAD_VER) { + if (s->method->version == DTLS_ANY_VERSION && s->max_proto_version != DTLS1_BAD_VER) { *(p++) = DTLS1_VERSION >> 8; *(p++) = DTLS1_VERSION & 0xff; } else { @@ -919,7 +910,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, } } else { memcpy(SSL3_RECORD_get_data(&wr), SSL3_RECORD_get_input(&wr), - SSL3_RECORD_get_length(&wr)); + SSL3_RECORD_get_length(&wr)); SSL3_RECORD_reset_input(&wr); } @@ -931,8 +922,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, if (!SSL_WRITE_ETM(s) && mac_size != 0) { if (!s->method->ssl3_enc->mac(s, &wr, - &(p[SSL3_RECORD_get_length(&wr) + eivlen]), - 1)) { + &(p[SSL3_RECORD_get_length(&wr) + eivlen]), + 1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -955,7 +946,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, if (SSL_WRITE_ETM(s) && mac_size != 0) { if (!s->method->ssl3_enc->mac(s, &wr, - &(p[SSL3_RECORD_get_length(&wr)]), 1)) { + &(p[SSL3_RECORD_get_length(&wr)]), 1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -974,7 +965,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, if (s->msg_callback) s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH, - DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); + DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); /* * we should now have wr.data pointing to the encrypted data, which is @@ -1012,7 +1003,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, } DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, - unsigned int *is_next_epoch) + unsigned int *is_next_epoch) { *is_next_epoch = 0; @@ -1026,7 +1017,7 @@ DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, * processed all of the unprocessed records from the previous epoch */ else if (rr->epoch == (unsigned long)(s->rlayer.d->r_epoch + 1) - && s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch) { + && s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch) { *is_next_epoch = 1; return &s->rlayer.d->next_bitmap; } @@ -1043,7 +1034,7 @@ void dtls1_reset_seq_numbers(SSL *s, int rw) seq = s->rlayer.read_sequence; s->rlayer.d->r_epoch++; memcpy(&s->rlayer.d->bitmap, &s->rlayer.d->next_bitmap, - sizeof(s->rlayer.d->bitmap)); + sizeof(s->rlayer.d->bitmap)); memset(&s->rlayer.d->next_bitmap, 0, sizeof(s->rlayer.d->next_bitmap)); /* @@ -1054,7 +1045,7 @@ void dtls1_reset_seq_numbers(SSL *s, int rw) } else { seq = s->rlayer.write_sequence; memcpy(s->rlayer.d->last_write_sequence, seq, - sizeof(s->rlayer.write_sequence)); + sizeof(s->rlayer.write_sequence)); s->rlayer.d->w_epoch++; } diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 89ab1f4f1a44..316d5939f52c 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -18,13 +18,9 @@ #include "internal/packet.h" #include "internal/cryptlib.h" -#if defined(OPENSSL_SMALL_FOOTPRINT) || \ - !( defined(AES_ASM) && ( \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) ) \ - ) -# undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK -# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0 +#if defined(OPENSSL_SMALL_FOOTPRINT) || !(defined(AES_ASM) && (defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64))) +#undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK +#define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0 #endif void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s) @@ -189,7 +185,7 @@ const char *SSL_rstate_string(const SSL *s) * Return values are as per SSL_read() */ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, - size_t *readbytes) + size_t *readbytes) { /* * If extend == 0, obtain new n-byte packet; if extend == 1, increase @@ -215,7 +211,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, } left = rb->left; -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 +#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0 align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH; align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD); #endif @@ -309,8 +305,8 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, if (ret >= 0) bioread = ret; if (ret <= 0 - && !BIO_should_retry(s->rbio) - && BIO_eof(s->rbio)) { + && !BIO_should_retry(s->rbio) + && BIO_eof(s->rbio)) { if (s->options & SSL_OP_IGNORE_UNEXPECTED_EOF) { SSL_set_shutdown(s, SSL_RECEIVED_SHUTDOWN); s->s3.warn_alert = SSL_AD_CLOSE_NOTIFY; @@ -320,7 +316,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, * applications for control flow decisions. */ SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_UNEXPECTED_EOF_WHILE_READING); + SSL_R_UNEXPECTED_EOF_WHILE_READING); } } } else { @@ -343,7 +339,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, */ if (SSL_IS_DTLS(s)) { if (n > left) - n = left; /* makes the while condition false */ + n = left; /* makes the while condition false */ } } @@ -361,7 +357,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, * not all data has been sent or non-blocking IO. */ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, - size_t *written) + size_t *written) { const unsigned char *buf = buf_; size_t tot; @@ -391,7 +387,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, } if (s->early_data_state == SSL_EARLY_DATA_WRITING - && !early_data_count_ok(s, len, 0, 1)) { + && !early_data_count_ok(s, len, 0, 1)) { /* SSLfatal() already called */ return -1; } @@ -403,8 +399,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, * into init unless we have writes pending - in which case we should finish * doing that first. */ - if (wb->left == 0 && (s->key_update != SSL_KEY_UPDATE_NONE - || s->ext.extra_tickets_expected > 0)) + if (wb->left == 0 && (s->key_update != SSL_KEY_UPDATE_NONE || s->ext.extra_tickets_expected > 0)) ossl_statem_set_in_init(s, 1); /* @@ -413,7 +408,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, * messages yet. */ if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s) - && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) { + && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) { i = s->handshake_func(s); /* SSLfatal() already called */ if (i < 0) @@ -430,13 +425,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, if (wb->left != 0) { /* SSLfatal() already called if appropriate */ i = ssl3_write_pending(s, type, &buf[tot], s->rlayer.wpend_tot, - &tmpwrit); + &tmpwrit); if (i <= 0) { /* XXX should we ssl3_release_write_buffer if i<0? */ s->rlayer.wnum = tot; return i; } - tot += tmpwrit; /* this might be last fragment */ + tot += tmpwrit; /* this might be last fragment */ } #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK /* @@ -446,14 +441,15 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, * compromise is considered worthy. */ if (type == SSL3_RT_APPLICATION_DATA - && len >= 4 * (max_send_fragment = ssl_get_max_send_fragment(s)) - && s->compress == NULL - && s->msg_callback == NULL - && !SSL_WRITE_ETM(s) - && SSL_USE_EXPLICIT_IV(s) - && BIO_get_ktls_send(s->wbio) == 0 - && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) - & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) != 0) { + && len >= 4 * (max_send_fragment = ssl_get_max_send_fragment(s)) + && s->compress == NULL + && s->msg_callback == NULL + && !SSL_WRITE_ETM(s) + && SSL_USE_EXPLICIT_IV(s) + && BIO_get_ktls_send(s->wbio) == 0 + && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) + & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) + != 0) { unsigned char aad[13]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; size_t packlen; @@ -467,8 +463,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, ssl3_release_write_buffer(s); packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, - EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE, - (int)max_send_fragment, NULL); + EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE, + (int)max_send_fragment, NULL); if (len >= 8 * max_send_fragment) packlen *= 8; @@ -519,8 +515,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, mb_param.len = nw; packleni = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, - EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, - sizeof(mb_param), &mb_param); + EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, + sizeof(mb_param), &mb_param); packlen = (size_t)packleni; if (packleni <= 0 || packlen > wb->len) { /* never happens */ /* free jumbo buffer */ @@ -533,14 +529,16 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, mb_param.len = nw; if (EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, - EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, - sizeof(mb_param), &mb_param) <= 0) + EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, + sizeof(mb_param), &mb_param) + <= 0) return -1; s->rlayer.write_sequence[7] += mb_param.interleave; if (s->rlayer.write_sequence[7] < mb_param.interleave) { int j = 6; - while (j >= 0 && (++s->rlayer.write_sequence[j--]) == 0) ; + while (j >= 0 && (++s->rlayer.write_sequence[j--]) == 0) + ; } wb->offset = 0; @@ -571,14 +569,14 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, tot += tmpwrit; } } else -#endif /* !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK */ - if (tot == len) { /* done? */ - if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) - ssl3_release_write_buffer(s); +#endif /* !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK */ + if (tot == len) { /* done? */ + if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) + ssl3_release_write_buffer(s); - *written = tot; - return 1; - } + *written = tot; + return 1; + } n = (len - tot); @@ -602,12 +600,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, if (maxpipes == 0 || s->enc_write_ctx == NULL || (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) - & EVP_CIPH_FLAG_PIPELINE) == 0 + & EVP_CIPH_FLAG_PIPELINE) + == 0 || !SSL_USE_EXPLICIT_IV(s)) maxpipes = 1; if (max_send_fragment == 0 - || split_send_fragment == 0 - || split_send_fragment > max_send_fragment) { + || split_send_fragment == 0 + || split_send_fragment > max_send_fragment) { /* * We should have prevented this when we set/get the split and max send * fragments so we shouldn't get here @@ -646,7 +645,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, } i = do_ssl3_write(s, type, &(buf[tot]), pipelens, numpipes, 0, - &tmpwrit); + &tmpwrit); if (i <= 0) { /* SSLfatal() already called if appropriate */ /* XXX should we ssl3_release_write_buffer if i<0? */ @@ -654,9 +653,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, return i; } - if (tmpwrit == n || - (type == SSL3_RT_APPLICATION_DATA && - (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { + if (tmpwrit == n || (type == SSL3_RT_APPLICATION_DATA && (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { /* * next chunk of data should get another prepended empty fragment * in ciphersuites with known-IV weakness: @@ -664,8 +661,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, s->s3.empty_fragment_done = 0; if (tmpwrit == n - && (s->mode & SSL_MODE_RELEASE_BUFFERS) != 0 - && !SSL_IS_DTLS(s)) + && (s->mode & SSL_MODE_RELEASE_BUFFERS) != 0 + && !SSL_IS_DTLS(s)) ssl3_release_write_buffer(s); *written = tot + tmpwrit; @@ -678,8 +675,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, } int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - size_t *pipelens, size_t numpipes, - int create_empty_fragment, size_t *written) + size_t *pipelens, size_t numpipes, + int create_empty_fragment, size_t *written) { WPACKET pkt[SSL_MAX_PIPELINES]; SSL3_RECORD wr[SSL_MAX_PIPELINES]; @@ -729,8 +726,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, sess = s->session; if ((sess == NULL) - || (s->enc_write_ctx == NULL) - || (EVP_MD_CTX_get0_md(s->write_hash) == NULL)) { + || (s->enc_write_ctx == NULL) + || (EVP_MD_CTX_get0_md(s->write_hash) == NULL)) { clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ mac_size = 0; } else { @@ -766,8 +763,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, goto err; } - if (prefix_len > - (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { + if (prefix_len > (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { /* insufficient space */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -792,7 +788,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (create_empty_fragment) { wb = &s->rlayer.wbuf[0]; -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 +#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0 /* * extra fragment would be couple of cipher blocks, which would be * multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real @@ -803,8 +799,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, #endif SSL3_BUFFER_set_offset(wb, align); if (!WPACKET_init_static_len(&pkt[0], SSL3_BUFFER_get_buf(wb), - SSL3_BUFFER_get_len(wb), 0) - || !WPACKET_allocate_bytes(&pkt[0], align, NULL)) { + SSL3_BUFFER_get_len(wb), 0) + || !WPACKET_allocate_bytes(&pkt[0], align, NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -812,10 +808,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } else if (prefix_len) { wb = &s->rlayer.wbuf[0]; if (!WPACKET_init_static_len(&pkt[0], - SSL3_BUFFER_get_buf(wb), - SSL3_BUFFER_get_len(wb), 0) - || !WPACKET_allocate_bytes(&pkt[0], SSL3_BUFFER_get_offset(wb) - + prefix_len, NULL)) { + SSL3_BUFFER_get_buf(wb), + SSL3_BUFFER_get_len(wb), 0) + || !WPACKET_allocate_bytes(&pkt[0], SSL3_BUFFER_get_offset(wb) + prefix_len, NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -831,8 +826,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, #endif SSL3_BUFFER_set_offset(wb, align); if (!WPACKET_init_static_len(thispkt, SSL3_BUFFER_get_buf(wb), - SSL3_BUFFER_get_len(wb), 0) - || !WPACKET_allocate_bytes(thispkt, align, NULL)) { + SSL3_BUFFER_get_len(wb), 0) + || !WPACKET_allocate_bytes(thispkt, align, NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -848,7 +843,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (eivlen < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; - } + } if (eivlen <= 1) eivlen = 0; } else if (mode == EVP_CIPH_GCM_MODE) { @@ -859,7 +854,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } } - wpacket_init_complete: +wpacket_init_complete: totlen = 0; /* Clear our SSL3_RECORD structures */ @@ -879,9 +874,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * record type */ if (SSL_TREAT_AS_TLS13(s) - && s->enc_write_ctx != NULL - && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS - || type != SSL3_RT_ALERT)) + && s->enc_write_ctx != NULL + && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS + || type != SSL3_RT_ALERT)) rectype = SSL3_RT_APPLICATION_DATA; else rectype = type; @@ -892,9 +887,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * and record version number > TLS 1.0 */ if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO - && !s->renegotiate - && TLS1_get_version(s) > TLS1_VERSION - && s->hello_retry_request == SSL_HRR_NONE) + && !s->renegotiate + && TLS1_get_version(s) > TLS1_VERSION + && s->hello_retry_request == SSL_HRR_NONE) version = TLS1_VERSION; SSL3_RECORD_set_rec_version(thiswr, version); @@ -907,14 +902,14 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * Otherwise write the header now */ if (!BIO_get_ktls_send(s->wbio) - && (!WPACKET_put_bytes_u8(thispkt, rectype) + && (!WPACKET_put_bytes_u8(thispkt, rectype) || !WPACKET_put_bytes_u16(thispkt, version) || !WPACKET_start_sub_packet_u16(thispkt) || (eivlen > 0 && !WPACKET_allocate_bytes(thispkt, eivlen, NULL)) || (maxcomplen > 0 && !WPACKET_reserve_bytes(thispkt, maxcomplen, - &compressdata)))) { + &compressdata)))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -933,7 +928,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* first we compress */ if (s->compress != NULL) { if (!ssl3_do_compress(s, thiswr) - || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) { + || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COMPRESSION_FAILURE); goto err; } @@ -950,10 +945,10 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } if (SSL_TREAT_AS_TLS13(s) - && !BIO_get_ktls_send(s->wbio) - && s->enc_write_ctx != NULL - && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS - || type != SSL3_RT_ALERT)) { + && !BIO_get_ktls_send(s->wbio) + && s->enc_write_ctx != NULL + && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS + || type != SSL3_RT_ALERT)) { size_t rlen, max_send_fragment; if (!WPACKET_put_bytes_u8(thispkt, type)) { @@ -991,7 +986,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, padding = max_padding; if (!WPACKET_memset(thispkt, 0, padding)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); goto err; } SSL3_RECORD_add_length(thiswr, padding); @@ -1009,29 +1004,30 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned char *mac; if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac) - || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) { + || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } } /* - * Reserve some bytes for any growth that may occur during encryption. If - * we are adding the MAC independently of the cipher algorithm, then the - * max encrypted overhead does not need to include an allocation for that - * MAC - */ + * Reserve some bytes for any growth that may occur during encryption. If + * we are adding the MAC independently of the cipher algorithm, then the + * max encrypted overhead does not need to include an allocation for that + * MAC + */ if (!BIO_get_ktls_send(s->wbio)) { if (!WPACKET_reserve_bytes(thispkt, - SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD - - mac_size, NULL) + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + - mac_size, + NULL) /* * We also need next the amount of bytes written to this * sub-packet */ || !WPACKET_get_length(thispkt, &len)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; } /* Get a pointer to the start of this record excluding header */ @@ -1056,7 +1052,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } else { if (!BIO_get_ktls_send(s->wbio)) { if (s->method->ssl3_enc->enc(s, wr, numpipes, 1, NULL, - mac_size) < 1) { + mac_size) + < 1) { if (!ossl_statem_in_error(s)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); } @@ -1076,15 +1073,16 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* Allocate bytes for the encryption overhead */ if (!WPACKET_get_length(thispkt, &origlen) - /* Check we allowed enough room for the encryption growth */ - || !ossl_assert(origlen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD - - mac_size >= thiswr->length) - /* Encryption should never shrink the data! */ - || origlen > thiswr->length - || (thiswr->length > origlen - && !WPACKET_allocate_bytes(thispkt, - thiswr->length - origlen, - NULL))) { + /* Check we allowed enough room for the encryption growth */ + || !ossl_assert(origlen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + - mac_size + >= thiswr->length) + /* Encryption should never shrink the data! */ + || origlen > thiswr->length + || (thiswr->length > origlen + && !WPACKET_allocate_bytes(thispkt, + thiswr->length - origlen, + NULL))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1092,7 +1090,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned char *mac; if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac) - || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) { + || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1100,23 +1098,23 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } if (!WPACKET_get_length(thispkt, &len) - || !WPACKET_close(thispkt)) { + || !WPACKET_close(thispkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } if (s->msg_callback) { recordstart = WPACKET_get_curr(thispkt) - len - - SSL3_RT_HEADER_LENGTH; + - SSL3_RT_HEADER_LENGTH; s->msg_callback(1, thiswr->rec_version, SSL3_RT_HEADER, recordstart, - SSL3_RT_HEADER_LENGTH, s, - s->msg_callback_arg); + SSL3_RT_HEADER_LENGTH, s, + s->msg_callback_arg); if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) { unsigned char ctype = type; s->msg_callback(1, thiswr->rec_version, SSL3_RT_INNER_CONTENT_TYPE, - &ctype, 1, s, s->msg_callback_arg); + &ctype, 1, s, s->msg_callback_arg); } } @@ -1142,7 +1140,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, return 1; } - mac_done: + mac_done: /* * we should now have thiswr->data pointing to the encrypted data, which * is thiswr->length long @@ -1152,7 +1150,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* now let's set up wb */ SSL3_BUFFER_set_left(&s->rlayer.wbuf[j], - prefix_len + SSL3_RECORD_get_length(thiswr)); + prefix_len + SSL3_RECORD_get_length(thiswr)); } /* @@ -1166,7 +1164,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* we now just need to write the buffer */ return ssl3_write_pending(s, type, buf, totlen, written); - err: +err: for (j = 0; j < wpinited; j++) WPACKET_cleanup(&pkt[j]); return -1; @@ -1177,7 +1175,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * Return values are as per SSL_write() */ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, - size_t *written) + size_t *written) { int i; SSL3_BUFFER *wb = s->rlayer.wbuf; @@ -1213,10 +1211,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, return i; BIO_set_ktls_ctrl_msg(s->wbio, type); } - i = BIO_write(s->wbio, (char *) - &(SSL3_BUFFER_get_buf(&wb[currbuf]) - [SSL3_BUFFER_get_offset(&wb[currbuf])]), - (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf])); + i = BIO_write(s->wbio, (char *)&(SSL3_BUFFER_get_buf(&wb[currbuf])[SSL3_BUFFER_get_offset(&wb[currbuf])]), + (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf])); if (i >= 0) tmpwrit = i; } else { @@ -1284,13 +1280,13 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, * none of our business */ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, - size_t len, int peek, size_t *readbytes) + size_t len, int peek, size_t *readbytes) { int i, j, ret; size_t n, curr_rec, num_recs, totalbytes; SSL3_RECORD *rr; SSL3_BUFFER *rbuf; - void (*cb) (const SSL *ssl, int type2, int val) = NULL; + void (*cb)(const SSL *ssl, int type2, int val) = NULL; int is_tls13 = SSL_IS_TLS13(s); rbuf = &s->rlayer.rbuf; @@ -1304,15 +1300,15 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } if ((type && (type != SSL3_RT_APPLICATION_DATA) - && (type != SSL3_RT_HANDSHAKE)) || (peek - && (type != - SSL3_RT_APPLICATION_DATA))) { + && (type != SSL3_RT_HANDSHAKE)) + || (peek + && (type != SSL3_RT_APPLICATION_DATA))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } if ((type == SSL3_RT_HANDSHAKE) && (s->rlayer.handshake_fragment_len > 0)) - /* (partially) satisfy request from storage */ + /* (partially) satisfy request from storage */ { unsigned char *src = s->rlayer.handshake_fragment; unsigned char *dst = buf; @@ -1350,7 +1346,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (i == 0) return -1; } - start: +start: s->rwstate = SSL_NOTHING; /*- @@ -1380,8 +1376,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } /* Skip over any records we have already read */ for (curr_rec = 0; - curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]); - curr_rec++) ; + curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]); + curr_rec++) + ; if (curr_rec == num_recs) { RECORD_LAYER_set_numrpipes(&s->rlayer, 0); num_recs = 0; @@ -1391,10 +1388,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, rr = &rr[curr_rec]; if (s->rlayer.handshake_fragment_len > 0 - && SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE - && SSL_IS_TLS13(s)) { + && SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE + && SSL_IS_TLS13(s)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA); + SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA); return -1; } @@ -1403,7 +1400,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * record that isn't an alert. */ if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT - && SSL3_RECORD_get_length(rr) != 0) + && SSL3_RECORD_get_length(rr) != 0) s->rlayer.alert_count = 0; /* we now have a packet which can be read and processed */ @@ -1412,7 +1409,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * reset by ssl3_get_finished */ && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); + SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); return -1; } @@ -1439,8 +1436,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * make sure that we are not getting application data when we are * doing a handshake for the first time */ - if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && - (s->enc_read_ctx == NULL)) { + if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && (s->enc_read_ctx == NULL)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_APP_DATA_IN_HANDSHAKE); return -1; } @@ -1497,7 +1493,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } totalbytes += n; } while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs - && totalbytes < len); + && totalbytes < len); if (totalbytes == 0) { /* We must have read empty records. Get more data */ goto start; @@ -1551,20 +1547,20 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) { unsigned int alert_level, alert_descr; unsigned char *alert_bytes = SSL3_RECORD_get_data(rr) - + SSL3_RECORD_get_off(rr); + + SSL3_RECORD_get_off(rr); PACKET alert; if (!PACKET_buf_init(&alert, alert_bytes, SSL3_RECORD_get_length(rr)) - || !PACKET_get_1(&alert, &alert_level) - || !PACKET_get_1(&alert, &alert_descr) - || PACKET_remaining(&alert) != 0) { + || !PACKET_get_1(&alert, &alert_level) + || !PACKET_get_1(&alert, &alert_descr) + || PACKET_remaining(&alert) != 0) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_INVALID_ALERT); return -1; } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s, - s->msg_callback_arg); + s->msg_callback_arg); if (s->info_callback != NULL) cb = s->info_callback; @@ -1577,14 +1573,14 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } if (alert_level == SSL3_AL_WARNING - || (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED)) { + || (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED)) { s->s3.warn_alert = alert_descr; SSL3_RECORD_set_read(rr); s->rlayer.alert_count++; if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_TOO_MANY_WARN_ALERTS); + SSL_R_TOO_MANY_WARN_ALERTS); return -1; } } @@ -1596,15 +1592,15 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED) { goto start; } else if (alert_descr == SSL_AD_CLOSE_NOTIFY - && (is_tls13 || alert_level == SSL3_AL_WARNING)) { + && (is_tls13 || alert_level == SSL3_AL_WARNING)) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; return 0; } else if (alert_level == SSL3_AL_FATAL || is_tls13) { s->rwstate = SSL_NOTHING; s->s3.fatal_alert = alert_descr; SSLfatal_data(s, SSL_AD_NO_ALERT, - SSL_AD_REASON_OFFSET + alert_descr, - "SSL alert number %d", alert_descr); + SSL_AD_REASON_OFFSET + alert_descr, + "SSL alert number %d", alert_descr); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL3_RECORD_set_read(rr); SSL_CTX_remove_session(s->session_ctx, s->session); @@ -1664,7 +1660,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); SSLfatal(s, SSL_AD_NO_ALERT, - SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY); + SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY); return -1; } } @@ -1686,7 +1682,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* now move 'n' bytes: */ memcpy(dest + *dest_len, - SSL3_RECORD_get_data(rr) + SSL3_RECORD_get_off(rr), n); + SSL3_RECORD_get_data(rr) + SSL3_RECORD_get_off(rr), n); SSL3_RECORD_add_off(rr, n); SSL3_RECORD_sub_length(rr, n); *dest_len += n; @@ -1694,7 +1690,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, SSL3_RECORD_set_read(rr); if (*dest_len < dest_maxlen) - goto start; /* fragment was too small */ + goto start; /* fragment was too small */ } if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) { @@ -1707,7 +1703,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * protocol violation) */ if ((s->rlayer.handshake_fragment_len >= 4) - && !ossl_statem_get_in_handshake(s)) { + && !ossl_statem_get_in_handshake(s)) { int ined = (s->early_data_state == SSL_EARLY_DATA_READING); /* We found handshake data, so we're going back into init */ @@ -1792,7 +1788,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * record. */ if (!early_data_count_ok(s, rr->length, - EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { + EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { /* SSLfatal() already called */ return -1; } diff --git a/ssl/record/record.h b/ssl/record/record.h index a2db6aa88e14..fcdbbe012578 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -29,7 +29,7 @@ typedef struct ssl3_buffer_st { int app_buffer; } SSL3_BUFFER; -#define SEQ_NUM_SIZE 8 +#define SEQ_NUM_SIZE 8 typedef struct ssl3_record_st { /* Record layer version */ @@ -184,20 +184,20 @@ struct ssl_mac_buf_st { }; typedef struct ssl_mac_buf_st SSL_MAC_BUF; -#define MIN_SSL2_RECORD_LEN 9 +#define MIN_SSL2_RECORD_LEN 9 -#define RECORD_LAYER_set_read_ahead(rl, ra) ((rl)->read_ahead = (ra)) -#define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead) -#define RECORD_LAYER_get_packet(rl) ((rl)->packet) -#define RECORD_LAYER_get_packet_length(rl) ((rl)->packet_length) +#define RECORD_LAYER_set_read_ahead(rl, ra) ((rl)->read_ahead = (ra)) +#define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead) +#define RECORD_LAYER_get_packet(rl) ((rl)->packet) +#define RECORD_LAYER_get_packet_length(rl) ((rl)->packet_length) #define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc)) -#define DTLS_RECORD_LAYER_get_w_epoch(rl) ((rl)->d->w_epoch) +#define DTLS_RECORD_LAYER_get_w_epoch(rl) ((rl)->d->w_epoch) #define DTLS_RECORD_LAYER_get_processed_rcds(rl) \ - ((rl)->d->processed_rcds) + ((rl)->d->processed_rcds) #define DTLS_RECORD_LAYER_get_unprocessed_rcds(rl) \ - ((rl)->d->unprocessed_rcds) -#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf) -#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf) + ((rl)->d->unprocessed_rcds) +#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf) +#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf) void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s); void RECORD_LAYER_clear(RECORD_LAYER *rl); @@ -212,24 +212,24 @@ int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl); size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl); __owur size_t ssl3_pending(const SSL *s); __owur int ssl3_write_bytes(SSL *s, int type, const void *buf, size_t len, - size_t *written); + size_t *written); int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - size_t *pipelens, size_t numpipes, - int create_empty_fragment, size_t *written); + size_t *pipelens, size_t numpipes, + int create_empty_fragment, size_t *written); __owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type, - unsigned char *buf, size_t len, int peek, - size_t *readbytes); + unsigned char *buf, size_t len, int peek, + size_t *readbytes); __owur int ssl3_setup_buffers(SSL *s); __owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send, - SSL_MAC_BUF *mac, size_t macsize); + SSL_MAC_BUF *mac, size_t macsize); __owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); __owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, - size_t *written); + size_t *written); __owur int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, - SSL_MAC_BUF *mac, size_t macsize); + SSL_MAC_BUF *mac, size_t macsize); __owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); __owur int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send, - SSL_MAC_BUF *mac, size_t macsize); + SSL_MAC_BUF *mac, size_t macsize); int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl); @@ -237,12 +237,12 @@ void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e); void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq); __owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type, - unsigned char *buf, size_t len, int peek, - size_t *readbytes); + unsigned char *buf, size_t len, int peek, + size_t *readbytes); __owur int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, - size_t *written); + size_t *written); int do_dtls1_write(SSL *s, int type, const unsigned char *buf, - size_t len, int create_empty_fragment, size_t *written); + size_t len, int create_empty_fragment, size_t *written); void dtls1_reset_seq_numbers(SSL *s, int rw); int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, - size_t off); + size_t off); diff --git a/ssl/record/record_local.h b/ssl/record/record_local.h index 0a929c696a55..93fb0fd51cb8 100644 --- a/ssl/record/record_local.h +++ b/ssl/record/record_local.h @@ -14,33 +14,33 @@ * * *****************************************************************************/ -#define MAX_WARN_ALERT_COUNT 5 +#define MAX_WARN_ALERT_COUNT 5 /* Functions/macros provided by the RECORD_LAYER component */ -#define RECORD_LAYER_get_rrec(rl) ((rl)->rrec) -#define RECORD_LAYER_set_packet(rl, p) ((rl)->packet = (p)) -#define RECORD_LAYER_reset_packet_length(rl) ((rl)->packet_length = 0) -#define RECORD_LAYER_get_rstate(rl) ((rl)->rstate) -#define RECORD_LAYER_set_rstate(rl, st) ((rl)->rstate = (st)) -#define RECORD_LAYER_get_read_sequence(rl) ((rl)->read_sequence) -#define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence) -#define RECORD_LAYER_get_numrpipes(rl) ((rl)->numrpipes) -#define RECORD_LAYER_set_numrpipes(rl, n) ((rl)->numrpipes = (n)) +#define RECORD_LAYER_get_rrec(rl) ((rl)->rrec) +#define RECORD_LAYER_set_packet(rl, p) ((rl)->packet = (p)) +#define RECORD_LAYER_reset_packet_length(rl) ((rl)->packet_length = 0) +#define RECORD_LAYER_get_rstate(rl) ((rl)->rstate) +#define RECORD_LAYER_set_rstate(rl, st) ((rl)->rstate = (st)) +#define RECORD_LAYER_get_read_sequence(rl) ((rl)->read_sequence) +#define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence) +#define RECORD_LAYER_get_numrpipes(rl) ((rl)->numrpipes) +#define RECORD_LAYER_set_numrpipes(rl, n) ((rl)->numrpipes = (n)) #define RECORD_LAYER_inc_empty_record_count(rl) ((rl)->empty_record_count++) #define RECORD_LAYER_reset_empty_record_count(rl) \ - ((rl)->empty_record_count = 0) + ((rl)->empty_record_count = 0) #define RECORD_LAYER_get_empty_record_count(rl) ((rl)->empty_record_count) -#define RECORD_LAYER_is_first_record(rl) ((rl)->is_first_record) -#define RECORD_LAYER_set_first_record(rl) ((rl)->is_first_record = 1) -#define RECORD_LAYER_clear_first_record(rl) ((rl)->is_first_record = 0) -#define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch) +#define RECORD_LAYER_is_first_record(rl) ((rl)->is_first_record) +#define RECORD_LAYER_set_first_record(rl) ((rl)->is_first_record = 1) +#define RECORD_LAYER_clear_first_record(rl) ((rl)->is_first_record = 0) +#define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch) __owur int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, - size_t *readbytes); + size_t *readbytes); DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, - unsigned int *is_next_epoch); + unsigned int *is_next_epoch); int dtls1_process_buffered_records(SSL *s); int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue); int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority); @@ -53,20 +53,20 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); /* Macros/functions provided by the SSL3_BUFFER component */ -#define SSL3_BUFFER_get_buf(b) ((b)->buf) -#define SSL3_BUFFER_set_buf(b, n) ((b)->buf = (n)) -#define SSL3_BUFFER_get_len(b) ((b)->len) -#define SSL3_BUFFER_set_len(b, l) ((b)->len = (l)) -#define SSL3_BUFFER_get_left(b) ((b)->left) -#define SSL3_BUFFER_set_left(b, l) ((b)->left = (l)) -#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l)) -#define SSL3_BUFFER_get_offset(b) ((b)->offset) -#define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o)) -#define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o)) -#define SSL3_BUFFER_is_initialised(b) ((b)->buf != NULL) -#define SSL3_BUFFER_set_default_len(b, l) ((b)->default_len = (l)) -#define SSL3_BUFFER_set_app_buffer(b, l) ((b)->app_buffer = (l)) -#define SSL3_BUFFER_is_app_buffer(b) ((b)->app_buffer) +#define SSL3_BUFFER_get_buf(b) ((b)->buf) +#define SSL3_BUFFER_set_buf(b, n) ((b)->buf = (n)) +#define SSL3_BUFFER_get_len(b) ((b)->len) +#define SSL3_BUFFER_set_len(b, l) ((b)->len = (l)) +#define SSL3_BUFFER_get_left(b) ((b)->left) +#define SSL3_BUFFER_set_left(b, l) ((b)->left = (l)) +#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l)) +#define SSL3_BUFFER_get_offset(b) ((b)->offset) +#define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o)) +#define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o)) +#define SSL3_BUFFER_is_initialised(b) ((b)->buf != NULL) +#define SSL3_BUFFER_set_default_len(b, l) ((b)->default_len = (l)) +#define SSL3_BUFFER_set_app_buffer(b, l) ((b)->app_buffer = (l)) +#define SSL3_BUFFER_is_app_buffer(b) ((b)->app_buffer) void SSL3_BUFFER_clear(SSL3_BUFFER *b); void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n); @@ -78,28 +78,28 @@ int ssl3_release_write_buffer(SSL *s); /* Macros/functions provided by the SSL3_RECORD component */ -#define SSL3_RECORD_get_type(r) ((r)->type) -#define SSL3_RECORD_set_type(r, t) ((r)->type = (t)) -#define SSL3_RECORD_set_rec_version(r, v) ((r)->rec_version = (v)) -#define SSL3_RECORD_get_length(r) ((r)->length) -#define SSL3_RECORD_set_length(r, l) ((r)->length = (l)) -#define SSL3_RECORD_add_length(r, l) ((r)->length += (l)) -#define SSL3_RECORD_sub_length(r, l) ((r)->length -= (l)) -#define SSL3_RECORD_get_data(r) ((r)->data) -#define SSL3_RECORD_set_data(r, d) ((r)->data = (d)) -#define SSL3_RECORD_get_input(r) ((r)->input) -#define SSL3_RECORD_set_input(r, i) ((r)->input = (i)) -#define SSL3_RECORD_reset_input(r) ((r)->input = (r)->data) -#define SSL3_RECORD_reset_data(r) ((r)->data = (r)->input) -#define SSL3_RECORD_get_seq_num(r) ((r)->seq_num) -#define SSL3_RECORD_get_off(r) ((r)->off) -#define SSL3_RECORD_set_off(r, o) ((r)->off = (o)) -#define SSL3_RECORD_add_off(r, o) ((r)->off += (o)) -#define SSL3_RECORD_get_epoch(r) ((r)->epoch) +#define SSL3_RECORD_get_type(r) ((r)->type) +#define SSL3_RECORD_set_type(r, t) ((r)->type = (t)) +#define SSL3_RECORD_set_rec_version(r, v) ((r)->rec_version = (v)) +#define SSL3_RECORD_get_length(r) ((r)->length) +#define SSL3_RECORD_set_length(r, l) ((r)->length = (l)) +#define SSL3_RECORD_add_length(r, l) ((r)->length += (l)) +#define SSL3_RECORD_sub_length(r, l) ((r)->length -= (l)) +#define SSL3_RECORD_get_data(r) ((r)->data) +#define SSL3_RECORD_set_data(r, d) ((r)->data = (d)) +#define SSL3_RECORD_get_input(r) ((r)->input) +#define SSL3_RECORD_set_input(r, i) ((r)->input = (i)) +#define SSL3_RECORD_reset_input(r) ((r)->input = (r)->data) +#define SSL3_RECORD_reset_data(r) ((r)->data = (r)->input) +#define SSL3_RECORD_get_seq_num(r) ((r)->seq_num) +#define SSL3_RECORD_get_off(r) ((r)->off) +#define SSL3_RECORD_set_off(r, o) ((r)->off = (o)) +#define SSL3_RECORD_add_off(r, o) ((r)->off += (o)) +#define SSL3_RECORD_get_epoch(r) ((r)->epoch) #define SSL3_RECORD_is_sslv2_record(r) \ - ((r)->rec_version == SSL2_VERSION) -#define SSL3_RECORD_is_read(r) ((r)->read) -#define SSL3_RECORD_set_read(r) ((r)->read = 1) + ((r)->rec_version == SSL2_VERSION) +#define SSL3_RECORD_is_read(r) ((r)->read) +#define SSL3_RECORD_set_read(r) ((r)->read = 1) void SSL3_RECORD_clear(SSL3_RECORD *r, size_t); void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs); @@ -108,20 +108,20 @@ int ssl3_get_record(SSL *s); __owur int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr); __owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr); __owur int ssl3_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - OSSL_LIB_CTX *libctx); + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + OSSL_LIB_CTX *libctx); __owur int tls1_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - int aead, - OSSL_LIB_CTX *libctx); + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + int aead, + OSSL_LIB_CTX *libctx); int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap); __owur int dtls1_get_record(SSL *s); int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send); diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index e769235fe0de..f6b03fc0ca65 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -47,7 +47,7 @@ int ssl3_setup_read_buffer(SSL *s) else headerlen = SSL3_RT_HEADER_LENGTH; -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 +#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); #endif @@ -96,7 +96,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) else headerlen = SSL3_RT_HEADER_LENGTH; -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 +#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0 align = SSL3_ALIGN_PAYLOAD - 1; #endif @@ -121,7 +121,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) if (thiswb->len != len) { OPENSSL_free(thiswb->buf); - thiswb->buf = NULL; /* force reallocation */ + thiswb->buf = NULL; /* force reallocation */ } if (thiswb->buf == NULL) { diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 3c0b1323a459..6fd2328a12de 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -114,7 +114,7 @@ int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send) */ if (!s->server && sess->ext.max_early_data == 0) { if (!ossl_assert(s->psksession != NULL - && s->psksession->ext.max_early_data > 0)) { + && s->psksession->ext.max_early_data > 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -127,11 +127,12 @@ int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send) max_early_data = s->recv_max_early_data; else max_early_data = s->recv_max_early_data < sess->ext.max_early_data - ? s->recv_max_early_data : sess->ext.max_early_data; + ? s->recv_max_early_data + : sess->ext.max_early_data; if (max_early_data == 0) { SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_TOO_MUCH_EARLY_DATA); + SSL_R_TOO_MUCH_EARLY_DATA); return 0; } @@ -140,7 +141,7 @@ int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send) if (s->early_data_count + length > max_early_data) { SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_TOO_MUCH_EARLY_DATA); + SSL_R_TOO_MUCH_EARLY_DATA); return 0; } s->early_data_count += length; @@ -156,7 +157,7 @@ int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send) */ #define MAX_EMPTY_RECORDS 32 -#define SSL2_RT_HEADER_LENGTH 2 +#define SSL2_RT_HEADER_LENGTH 2 /*- * Call this to get new input records. * It will return <= 0 if more data is needed, normally due to an error @@ -201,31 +202,29 @@ int ssl3_get_record(SSL *s) thisrr = &rr[num_recs]; /* check if we have the header */ - if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) || - (RECORD_LAYER_get_packet_length(&s->rlayer) - < SSL3_RT_HEADER_LENGTH)) { + if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) || (RECORD_LAYER_get_packet_length(&s->rlayer) < SSL3_RT_HEADER_LENGTH)) { size_t sslv2len; unsigned int type; rret = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, - SSL3_BUFFER_get_len(rbuf), 0, - num_recs == 0 ? 1 : 0, &n); + SSL3_BUFFER_get_len(rbuf), 0, + num_recs == 0 ? 1 : 0, &n); if (rret <= 0) { #ifndef OPENSSL_NO_KTLS if (!BIO_get_ktls_recv(s->rbio) || rret == 0) - return rret; /* error or non-blocking */ + return rret; /* error or non-blocking */ switch (errno) { case EBADMSG: SSLfatal(s, SSL_AD_BAD_RECORD_MAC, - SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); break; case EMSGSIZE: SSLfatal(s, SSL_AD_RECORD_OVERFLOW, - SSL_R_PACKET_LENGTH_TOO_LONG); + SSL_R_PACKET_LENGTH_TOO_LONG); break; case EINVAL: SSLfatal(s, SSL_AD_PROTOCOL_VERSION, - SSL_R_WRONG_VERSION_NUMBER); + SSL_R_WRONG_VERSION_NUMBER); break; default: break; @@ -237,13 +236,13 @@ int ssl3_get_record(SSL *s) p = RECORD_LAYER_get_packet(&s->rlayer); if (!PACKET_buf_init(&pkt, RECORD_LAYER_get_packet(&s->rlayer), - RECORD_LAYER_get_packet_length(&s->rlayer))) { + RECORD_LAYER_get_packet_length(&s->rlayer))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } sslv2pkt = pkt; if (!PACKET_get_net_2_len(&sslv2pkt, &sslv2len) - || !PACKET_get_1(&sslv2pkt, &type)) { + || !PACKET_get_1(&sslv2pkt, &type)) { SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -251,8 +250,8 @@ int ssl3_get_record(SSL *s) * The first record received by the server may be a V2ClientHello. */ if (s->server && RECORD_LAYER_is_first_record(&s->rlayer) - && (sslv2len & 0x8000) != 0 - && (type == SSL2_MT_CLIENT_HELLO)) { + && (sslv2len & 0x8000) != 0 + && (type == SSL2_MT_CLIENT_HELLO)) { /* * SSLv2 style record * @@ -268,9 +267,9 @@ int ssl3_get_record(SSL *s) thisrr->length = sslv2len & 0x7fff; if (thisrr->length > SSL3_BUFFER_get_len(rbuf) - - SSL2_RT_HEADER_LENGTH) { + - SSL2_RT_HEADER_LENGTH) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, - SSL_R_PACKET_LENGTH_TOO_LONG); + SSL_R_PACKET_LENGTH_TOO_LONG); return -1; } @@ -283,11 +282,11 @@ int ssl3_get_record(SSL *s) /* Pull apart the header into the SSL3_RECORD */ if (!PACKET_get_1(&pkt, &type) - || !PACKET_get_net_2(&pkt, &version) - || !PACKET_get_net_2_len(&pkt, &thisrr->length)) { + || !PACKET_get_net_2(&pkt, &version) + || !PACKET_get_net_2_len(&pkt, &thisrr->length)) { if (s->msg_callback) s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s, - s->msg_callback_arg); + s->msg_callback_arg); SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -296,7 +295,7 @@ int ssl3_get_record(SSL *s) if (s->msg_callback) s->msg_callback(0, version, SSL3_RT_HEADER, p, 5, s, - s->msg_callback_arg); + s->msg_callback_arg); /* * Lets check version. In TLSv1.3 we only check this field @@ -306,8 +305,8 @@ int ssl3_get_record(SSL *s) * that explicitly */ if (!s->first_packet && !SSL_IS_TLS13(s) - && s->hello_retry_request != SSL_HRR_PENDING - && version != (unsigned int)s->version) { + && s->hello_retry_request != SSL_HRR_PENDING + && version != (unsigned int)s->version) { if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash) { if (thisrr->type == SSL3_RT_ALERT) { @@ -320,7 +319,7 @@ int ssl3_get_record(SSL *s) * end. */ SSLfatal(s, SSL_AD_NO_ALERT, - SSL_R_WRONG_VERSION_NUMBER); + SSL_R_WRONG_VERSION_NUMBER); return -1; } /* @@ -329,7 +328,7 @@ int ssl3_get_record(SSL *s) s->version = (unsigned short)version; } SSLfatal(s, SSL_AD_PROTOCOL_VERSION, - SSL_R_WRONG_VERSION_NUMBER); + SSL_R_WRONG_VERSION_NUMBER); return -1; } @@ -338,51 +337,47 @@ int ssl3_get_record(SSL *s) /* Go back to start of packet, look at the five bytes * that we have. */ p = RECORD_LAYER_get_packet(&s->rlayer); - if (strncmp((char *)p, "GET ", 4) == 0 || - strncmp((char *)p, "POST ", 5) == 0 || - strncmp((char *)p, "HEAD ", 5) == 0 || - strncmp((char *)p, "PUT ", 4) == 0) { + if (strncmp((char *)p, "GET ", 4) == 0 || strncmp((char *)p, "POST ", 5) == 0 || strncmp((char *)p, "HEAD ", 5) == 0 || strncmp((char *)p, "PUT ", 4) == 0) { SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_HTTP_REQUEST); return -1; } else if (strncmp((char *)p, "CONNE", 5) == 0) { SSLfatal(s, SSL_AD_NO_ALERT, - SSL_R_HTTPS_PROXY_REQUEST); + SSL_R_HTTPS_PROXY_REQUEST); return -1; } /* Doesn't look like TLS - don't send an alert */ SSLfatal(s, SSL_AD_NO_ALERT, - SSL_R_WRONG_VERSION_NUMBER); + SSL_R_WRONG_VERSION_NUMBER); return -1; } else { SSLfatal(s, SSL_AD_PROTOCOL_VERSION, - SSL_R_WRONG_VERSION_NUMBER); + SSL_R_WRONG_VERSION_NUMBER); return -1; } } if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) { if (thisrr->type != SSL3_RT_APPLICATION_DATA - && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC - || !SSL_IS_FIRST_HANDSHAKE(s)) - && (thisrr->type != SSL3_RT_ALERT - || s->statem.enc_read_state - != ENC_READ_STATE_ALLOW_PLAIN_ALERTS)) { + && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC + || !SSL_IS_FIRST_HANDSHAKE(s)) + && (thisrr->type != SSL3_RT_ALERT + || s->statem.enc_read_state + != ENC_READ_STATE_ALLOW_PLAIN_ALERTS)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_BAD_RECORD_TYPE); + SSL_R_BAD_RECORD_TYPE); return -1; } if (thisrr->rec_version != TLS1_2_VERSION) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_WRONG_VERSION_NUMBER); + SSL_R_WRONG_VERSION_NUMBER); return -1; } } - if (thisrr->length > - SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) { + if (thisrr->length > SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, - SSL_R_PACKET_LENGTH_TOO_LONG); + SSL_R_PACKET_LENGTH_TOO_LONG); return -1; } } @@ -393,7 +388,7 @@ int ssl3_get_record(SSL *s) if (SSL_IS_TLS13(s)) { if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, - SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + SSL_R_ENCRYPTED_LENGTH_TOO_LONG); return -1; } } else { @@ -414,7 +409,7 @@ int ssl3_get_record(SSL *s) if (thisrr->length > len) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, - SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + SSL_R_ENCRYPTED_LENGTH_TOO_LONG); return -1; } } @@ -436,7 +431,7 @@ int ssl3_get_record(SSL *s) rret = ssl3_read_n(s, more, more, 1, 0, &n); if (rret <= 0) - return rret; /* error or non-blocking io */ + return rret; /* error or non-blocking io */ } /* set state for later operations */ @@ -448,11 +443,9 @@ int ssl3_get_record(SSL *s) * + thisrr->length and we have that many bytes in s->rlayer.packet */ if (thisrr->rec_version == SSL2_VERSION) { - thisrr->input = - &(RECORD_LAYER_get_packet(&s->rlayer)[SSL2_RT_HEADER_LENGTH]); + thisrr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[SSL2_RT_HEADER_LENGTH]); } else { - thisrr->input = - &(RECORD_LAYER_get_packet(&s->rlayer)[SSL3_RT_HEADER_LENGTH]); + thisrr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[SSL3_RT_HEADER_LENGTH]); } /* @@ -481,23 +474,24 @@ int ssl3_get_record(SSL *s) RECORD_LAYER_reset_packet_length(&s->rlayer); RECORD_LAYER_clear_first_record(&s->rlayer); } while (num_recs < max_recs - && thisrr->type == SSL3_RT_APPLICATION_DATA - && SSL_USE_EXPLICIT_IV(s) - && s->enc_read_ctx != NULL - && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx)) - & EVP_CIPH_FLAG_PIPELINE) != 0 - && ssl3_record_app_data_waiting(s)); + && thisrr->type == SSL3_RT_APPLICATION_DATA + && SSL_USE_EXPLICIT_IV(s) + && s->enc_read_ctx != NULL + && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx)) + & EVP_CIPH_FLAG_PIPELINE) + != 0 + && ssl3_record_app_data_waiting(s)); if (num_recs == 1 - && thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC - && (SSL_IS_TLS13(s) || s->hello_retry_request != SSL_HRR_NONE) - && SSL_IS_FIRST_HANDSHAKE(s)) { + && thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC + && (SSL_IS_TLS13(s) || s->hello_retry_request != SSL_HRR_NONE) + && SSL_IS_FIRST_HANDSHAKE(s)) { /* * CCS messages must be exactly 1 byte long, containing the value 0x01 */ if (thisrr->length != 1 || thisrr->data[0] != 0x01) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INVALID_CCS_MESSAGE); + SSL_R_INVALID_CCS_MESSAGE); return -1; } /* @@ -509,7 +503,7 @@ int ssl3_get_record(SSL *s) if (RECORD_LAYER_get_empty_record_count(&s->rlayer) > MAX_EMPTY_RECORDS) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_UNEXPECTED_CCS_MESSAGE); + SSL_R_UNEXPECTED_CCS_MESSAGE); return -1; } thisrr->read = 1; @@ -531,8 +525,8 @@ int ssl3_get_record(SSL *s) if (tmpmd != NULL) { imac_size = EVP_MD_get_size(tmpmd); if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); - return -1; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); + return -1; } mac_size = (size_t)imac_size; } @@ -554,10 +548,10 @@ int ssl3_get_record(SSL *s) } thisrr->length -= mac_size; mac = thisrr->data + thisrr->length; - i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ ); + i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */); if (i == 0 || CRYPTO_memcmp(md, mac, mac_size) != 0) { SSLfatal(s, SSL_AD_BAD_RECORD_MAC, - SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); return -1; } } @@ -606,7 +600,7 @@ int ssl3_get_record(SSL *s) thisrr = &rr[0]; if (!early_data_count_ok(s, thisrr->length, - EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { + EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { /* SSLfatal() already called */ goto end; } @@ -620,27 +614,29 @@ int ssl3_get_record(SSL *s) } ERR_clear_last_mark(); SSLfatal(s, SSL_AD_BAD_RECORD_MAC, - SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); goto end; } else { ERR_clear_last_mark(); } - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "dec %lu\n", (unsigned long)rr[0].length); BIO_dump_indent(trc_out, rr[0].data, rr[0].length, 4); - } OSSL_TRACE_END(TLS); + } + OSSL_TRACE_END(TLS); /* r->length is now the compressed data plus mac */ if ((sess != NULL) - && (s->enc_read_ctx != NULL) - && (!SSL_READ_ETM(s) && EVP_MD_CTX_get0_md(s->read_hash) != NULL)) { + && (s->enc_read_ctx != NULL) + && (!SSL_READ_ETM(s) && EVP_MD_CTX_get0_md(s->read_hash) != NULL)) { /* s->read_hash != NULL => mac_size != -1 */ for (j = 0; j < num_recs; j++) { SSL_MAC_BUF *thismb = &macbufs[j]; thisrr = &rr[j]; - i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ ); + i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */); if (i == 0 || thismb == NULL || thismb->mac == NULL || CRYPTO_memcmp(md, thismb->mac, (size_t)mac_size) != 0) enc_err = 0; @@ -662,11 +658,11 @@ int ssl3_get_record(SSL *s) * visible to an attacker (e.g. via a logfile) */ SSLfatal(s, SSL_AD_BAD_RECORD_MAC, - SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); goto end; } - skip_decryption: +skip_decryption: for (j = 0; j < num_recs; j++) { thisrr = &rr[j]; @@ -675,43 +671,43 @@ int ssl3_get_record(SSL *s) if (s->expand != NULL) { if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, - SSL_R_COMPRESSED_LENGTH_TOO_LONG); + SSL_R_COMPRESSED_LENGTH_TOO_LONG); goto end; } if (!ssl3_do_uncompress(s, thisrr)) { SSLfatal(s, SSL_AD_DECOMPRESSION_FAILURE, - SSL_R_BAD_DECOMPRESSION); + SSL_R_BAD_DECOMPRESSION); goto end; } } if (SSL_IS_TLS13(s) - && s->enc_read_ctx != NULL - && thisrr->type != SSL3_RT_ALERT) { + && s->enc_read_ctx != NULL + && thisrr->type != SSL3_RT_ALERT) { size_t end; if (thisrr->length == 0 - || thisrr->type != SSL3_RT_APPLICATION_DATA) { + || thisrr->type != SSL3_RT_APPLICATION_DATA) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_RECORD_TYPE); goto end; } /* Strip trailing padding */ for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0; - end--) + end--) continue; thisrr->length = end; thisrr->type = thisrr->data[end]; if (thisrr->type != SSL3_RT_APPLICATION_DATA - && thisrr->type != SSL3_RT_ALERT - && thisrr->type != SSL3_RT_HANDSHAKE) { + && thisrr->type != SSL3_RT_ALERT + && thisrr->type != SSL3_RT_HANDSHAKE) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_RECORD_TYPE); goto end; } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE, - &thisrr->data[end], 1, s, s->msg_callback_arg); + &thisrr->data[end], 1, s, s->msg_callback_arg); } /* @@ -719,9 +715,9 @@ int ssl3_get_record(SSL *s) * length. */ if (SSL_IS_TLS13(s) - && (thisrr->type == SSL3_RT_HANDSHAKE - || thisrr->type == SSL3_RT_ALERT) - && thisrr->length == 0) { + && (thisrr->type == SSL3_RT_HANDSHAKE + || thisrr->type == SSL3_RT_ALERT) + && thisrr->length == 0) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_LENGTH); goto end; } @@ -735,7 +731,7 @@ int ssl3_get_record(SSL *s) * limit in the kernel. */ if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH - && (!BIO_get_ktls_recv(s->rbio) || is_ktls_left)) { + && (!BIO_get_ktls_recv(s->rbio) || is_ktls_left)) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG); goto end; } @@ -746,7 +742,7 @@ int ssl3_get_record(SSL *s) * Note: USE_MAX_FRAGMENT_LENGTH_EXT and KTLS are mutually exclusive. */ if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) - && thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) { + && thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG); goto end; } @@ -776,7 +772,7 @@ int ssl3_get_record(SSL *s) if (s->early_data_state == SSL_EARLY_DATA_READING) { thisrr = &rr[0]; if (thisrr->type == SSL3_RT_APPLICATION_DATA - && !early_data_count_ok(s, thisrr->length, 0, 0)) { + && !early_data_count_ok(s, thisrr->length, 0, 0)) { /* SSLfatal already called */ goto end; } @@ -784,7 +780,7 @@ int ssl3_get_record(SSL *s) RECORD_LAYER_set_numrpipes(&s->rlayer, num_recs); ret = 1; - end: +end: if (macbufs != NULL) { for (j = 0; j < num_recs; j++) { if (macbufs[j].alloced) @@ -808,7 +804,7 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr) return 0; i = COMP_expand_block(ssl->expand, rr->comp, - SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length); + SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length); if (i < 0) return 0; else @@ -824,8 +820,8 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr) int i; i = COMP_compress_block(ssl->compress, wr->data, - (int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD), - wr->input, (int)wr->length); + (int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD), + wr->input, (int)wr->length); if (i < 0) return 0; else @@ -846,7 +842,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr) * 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised) */ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, - SSL_MAC_BUF *mac, size_t macsize) + SSL_MAC_BUF *mac, size_t macsize) { SSL3_RECORD *rec; EVP_CIPHER_CTX *ds; @@ -915,7 +911,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, int outlen; if (!EVP_CipherUpdate(ds, rec->data, &outlen, rec->input, - (unsigned int)l)) + (unsigned int)l)) return 0; rec->length = outlen; @@ -927,8 +923,8 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, mac->alloced = 0; *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC, - (void **)&mac->mac, - macsize); + (void **)&mac->mac, + macsize); *p = OSSL_PARAM_construct_end(); if (!EVP_CIPHER_CTX_get_params(ds, params)) { @@ -946,13 +942,13 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, if (!sending) return ssl3_cbc_remove_padding_and_mac(&rec->length, - rec->orig_len, - rec->data, - (mac != NULL) ? &mac->mac : NULL, - (mac != NULL) ? &mac->alloced : NULL, - bs, - macsize, - s->ctx->libctx); + rec->orig_len, + rec->data, + (mac != NULL) ? &mac->mac : NULL, + (mac != NULL) ? &mac->alloced : NULL, + bs, + macsize, + s->ctx->libctx); } } return 1; @@ -970,7 +966,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, * 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised) */ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, - SSL_MAC_BUF *macs, size_t macsize) + SSL_MAC_BUF *macs, size_t macsize) { EVP_CIPHER_CTX *ds; size_t reclen[SSL_MAX_PIPELINES]; @@ -1019,7 +1015,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } else if (RAND_bytes_ex(s->ctx->libctx, recs[ctr].input, - ivlen, 0) <= 0) { + ivlen, 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1053,7 +1050,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, if (n_recs > 1) { if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds)) - & EVP_CIPH_FLAG_PIPELINE) == 0) { + & EVP_CIPH_FLAG_PIPELINE) + == 0) { /* * We shouldn't have been called with pipeline data if the * cipher doesn't support pipelining @@ -1066,18 +1064,18 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, reclen[ctr] = recs[ctr].length; if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds)) - & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { + & EVP_CIPH_FLAG_AEAD_CIPHER) + != 0) { unsigned char *seq; seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer) - : RECORD_LAYER_get_read_sequence(&s->rlayer); + : RECORD_LAYER_get_read_sequence(&s->rlayer); if (SSL_IS_DTLS(s)) { /* DTLS does not support pipelining */ unsigned char dtlsseq[8], *p = dtlsseq; - s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) : - DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p); + s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) : DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p); memcpy(p, &seq[2], 6); memcpy(buf[ctr], dtlsseq, 8); } else { @@ -1095,7 +1093,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, buf[ctr][11] = (unsigned char)(recs[ctr].length >> 8); buf[ctr][12] = (unsigned char)(recs[ctr].length & 0xff); pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, - EVP_AEAD_TLS1_AAD_LEN, buf[ctr]); + EVP_AEAD_TLS1_AAD_LEN, buf[ctr]); if (pad <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -1140,7 +1138,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, data[ctr] = recs[ctr].data; } if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS, - (int)n_recs, data) <= 0) { + (int)n_recs, data) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_PIPELINE_FAILURE); return 0; } @@ -1149,9 +1148,11 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, data[ctr] = recs[ctr].input; } if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS, - (int)n_recs, data) <= 0 + (int)n_recs, data) + <= 0 || EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS, - (int)n_recs, reclen) <= 0) { + (int)n_recs, reclen) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_PIPELINE_FAILURE); return 0; } @@ -1181,13 +1182,13 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, int outlen; /* Provided cipher - we do not support pipelining on this path */ - if (n_recs > 1) { + if (n_recs > 1) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } if (!EVP_CipherUpdate(ds, recs[0].data, &outlen, recs[0].input, - (unsigned int)reclen[0])) + (unsigned int)reclen[0])) return 0; recs[0].length = outlen; @@ -1198,11 +1199,11 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, */ if (!sending) { if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) { - recs[0].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; - recs[0].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; + recs[0].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; + recs[0].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; } else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) { - recs[0].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; - recs[0].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; + recs[0].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; + recs[0].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; } else if (bs != 1 && SSL_USE_EXPLICIT_IV(s)) { recs[0].data += bs; recs[0].input += bs; @@ -1217,14 +1218,14 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, macs[0].alloced = 0; *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC, - (void **)&macs[0].mac, - macsize); + (void **)&macs[0].mac, + macsize); *p = OSSL_PARAM_construct_end(); if (!EVP_CIPHER_CTX_get_params(ds, params)) { /* Shouldn't normally happen */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); return 0; } } @@ -1233,11 +1234,12 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, /* Legacy cipher */ tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input, - (unsigned int)reclen[0]); + (unsigned int)reclen[0]); if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds)) - & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0 - ? (tmpr < 0) - : (tmpr == 0)) { + & EVP_CIPH_FLAG_CUSTOM_CIPHER) + != 0 + ? (tmpr < 0) + : (tmpr == 0)) { /* AEAD can fail to verify MAC */ return 0; } @@ -1267,16 +1269,17 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, * with a random MAC if padding is invalid */ if (!tls1_cbc_remove_padding_and_mac(&recs[ctr].length, - recs[ctr].orig_len, - recs[ctr].data, - (macs != NULL) ? &macs[ctr].mac : NULL, - (macs != NULL) ? &macs[ctr].alloced - : NULL, - bs, - pad ? (size_t)pad : macsize, - (EVP_CIPHER_get_flags(enc) - & EVP_CIPH_FLAG_AEAD_CIPHER) != 0, - s->ctx->libctx)) + recs[ctr].orig_len, + recs[ctr].data, + (macs != NULL) ? &macs[ctr].mac : NULL, + (macs != NULL) ? &macs[ctr].alloced + : NULL, + bs, + pad ? (size_t)pad : macsize, + (EVP_CIPHER_get_flags(enc) + & EVP_CIPH_FLAG_AEAD_CIPHER) + != 0, + s->ctx->libctx)) return 0; } } @@ -1363,10 +1366,11 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) /* Final param == is SSLv3 */ if (ssl3_cbc_digest_record(EVP_MD_CTX_get0_md(hash), - md, &md_size, - header, rec->input, - rec->length, rec->orig_len, - mac_sec, md_size, 1) <= 0) + md, &md_size, + header, rec->input, + rec->length, rec->orig_len, + mac_sec, md_size, 1) + <= 0) return 0; #endif } else { @@ -1450,8 +1454,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) if (SSL_IS_DTLS(ssl)) { unsigned char dtlsseq[8], *p = dtlsseq; - s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) : - DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p); + s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) : DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p); memcpy(p, &seq[2], 6); memcpy(header, dtlsseq, 8); @@ -1470,11 +1473,11 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) OSSL_PARAM tls_hmac_params[2], *p = tls_hmac_params; *p++ = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_TLS_DATA_SIZE, - &rec->orig_len); + &rec->orig_len); *p++ = OSSL_PARAM_construct_end(); if (!EVP_PKEY_CTX_set_params(EVP_MD_CTX_get_pkey_ctx(mac_ctx), - tls_hmac_params)) { + tls_hmac_params)) { goto end; } } @@ -1485,12 +1488,14 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) goto end; } - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "seq:\n"); BIO_dump_indent(trc_out, seq, 8, 4); BIO_printf(trc_out, "rec:\n"); BIO_dump_indent(trc_out, rec->data, rec->length, 4); - } OSSL_TRACE_END(TLS); + } + OSSL_TRACE_END(TLS); if (!SSL_IS_DTLS(ssl)) { for (i = 7; i >= 0; i--) { @@ -1499,12 +1504,14 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) break; } } - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "md:\n"); BIO_dump_indent(trc_out, md, md_size, 4); - } OSSL_TRACE_END(TLS); + } + OSSL_TRACE_END(TLS); ret = 1; - end: +end: EVP_MD_CTX_free(hmac); return ret; } @@ -1559,8 +1566,8 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) if (tmpmd != NULL) { imac_size = EVP_MD_get_size(tmpmd); if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); - return 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); + return 0; } mac_size = (size_t)imac_size; } @@ -1575,10 +1582,10 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) } rr->length -= mac_size; mac = rr->data + rr->length; - i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ ); + i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */); if (i == 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) { SSLfatal(s, SSL_AD_BAD_RECORD_MAC, - SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); return 0; } /* @@ -1614,19 +1621,21 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) goto end; } ERR_clear_last_mark(); - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "dec %zd\n", rr->length); BIO_dump_indent(trc_out, rr->data, rr->length, 4); - } OSSL_TRACE_END(TLS); + } + OSSL_TRACE_END(TLS); /* r->length is now the compressed data plus mac */ if ((sess != NULL) - && !SSL_READ_ETM(s) - && (s->enc_read_ctx != NULL) - && (EVP_MD_CTX_get0_md(s->read_hash) != NULL)) { + && !SSL_READ_ETM(s) + && (s->enc_read_ctx != NULL) + && (EVP_MD_CTX_get0_md(s->read_hash) != NULL)) { /* s->read_hash != NULL => mac_size != -1 */ - i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ ); + i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */); if (i == 0 || macbuf.mac == NULL || CRYPTO_memcmp(md, macbuf.mac, mac_size) != 0) enc_err = 0; @@ -1645,7 +1654,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) if (s->expand != NULL) { if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, - SSL_R_COMPRESSED_LENGTH_TOO_LONG); + SSL_R_COMPRESSED_LENGTH_TOO_LONG); goto end; } if (!ssl3_do_uncompress(s, rr)) { @@ -1681,7 +1690,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) dtls1_record_bitmap_update(s, bitmap); ret = 1; - end: +end: if (macbuf.alloced) OPENSSL_free(macbuf.mac); return ret; @@ -1690,9 +1699,9 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) /* * Retrieve a buffered record that belongs to the current epoch, i.e. processed */ -#define dtls1_get_processed_record(s) \ - dtls1_retrieve_buffered_record((s), \ - &(DTLS_RECORD_LAYER_get_processed_rcds(&s->rlayer))) +#define dtls1_get_processed_record(s) \ + dtls1_retrieve_buffered_record((s), \ + &(DTLS_RECORD_LAYER_get_processed_rcds(&s->rlayer))) /*- * Call this to get a new input record. @@ -1717,7 +1726,7 @@ int dtls1_get_record(SSL *s) rr = RECORD_LAYER_get_rrec(&s->rlayer); - again: +again: /* * The epoch may have changed. If so, process all the pending records. * This is a non-blocking operation. @@ -1734,19 +1743,17 @@ int dtls1_get_record(SSL *s) /* get something from the wire */ /* check if we have the header */ - if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) || - (RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) { + if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) || (RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) { rret = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, - SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1, &n); + SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1, &n); /* read timeout is handled by dtls1_read_bytes */ if (rret <= 0) { /* SSLfatal() already called if appropriate */ - return rret; /* error or non-blocking */ + return rret; /* error or non-blocking */ } /* this packet contained a partial record, dump it */ - if (RECORD_LAYER_get_packet_length(&s->rlayer) != - DTLS1_RT_HEADER_LENGTH) { + if (RECORD_LAYER_get_packet_length(&s->rlayer) != DTLS1_RT_HEADER_LENGTH) { RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } @@ -1757,7 +1764,7 @@ int dtls1_get_record(SSL *s) if (s->msg_callback) s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH, - s, s->msg_callback_arg); + s, s->msg_callback_arg); /* Pull apart the header into the DTLS1_RECORD */ rr->type = *(p++); @@ -1806,7 +1813,7 @@ int dtls1_get_record(SSL *s) /* If received packet overflows own-client Max Fragment Length setting */ if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) - && rr->length > GET_MAX_FRAGMENT_LENGTH(s->session) + SSL3_RT_MAX_ENCRYPTED_OVERHEAD) { + && rr->length > GET_MAX_FRAGMENT_LENGTH(s->session) + SSL3_RT_MAX_ENCRYPTED_OVERHEAD) { /* record too long, silently discard it */ rr->length = 0; rr->read = 1; @@ -1819,8 +1826,7 @@ int dtls1_get_record(SSL *s) /* s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data */ - if (rr->length > - RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) { + if (rr->length > RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) { /* now s->rlayer.packet_length == DTLS1_RT_HEADER_LENGTH */ more = rr->length; rret = ssl3_read_n(s, more, more, 1, 1, &n); @@ -1849,7 +1855,7 @@ int dtls1_get_record(SSL *s) if (bitmap == NULL) { rr->length = 0; RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ - goto again; /* get another record */ + goto again; /* get another record */ } #ifndef OPENSSL_NO_SCTP /* Only do replay check if no SCTP bio */ @@ -1860,7 +1866,7 @@ int dtls1_get_record(SSL *s) rr->length = 0; rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ - goto again; /* get another record */ + goto again; /* get another record */ } #ifndef OPENSSL_NO_SCTP } @@ -1879,9 +1885,10 @@ int dtls1_get_record(SSL *s) */ if (is_next_epoch) { if ((SSL_in_init(s) || ossl_statem_get_in_handshake(s))) { - if (dtls1_buffer_record (s, + if (dtls1_buffer_record(s, &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)), - rr->seq_num) < 0) { + rr->seq_num) + < 0) { /* SSLfatal() already called */ return -1; } @@ -1900,11 +1907,10 @@ int dtls1_get_record(SSL *s) rr->length = 0; rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ - goto again; /* get another record */ + goto again; /* get another record */ } return 1; - } int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, size_t off) @@ -1924,7 +1930,8 @@ int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, size_t off rr->data = s->rlayer.packet + DTLS1_RT_HEADER_LENGTH; if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds), - SSL3_RECORD_get_seq_num(s->rlayer.rrec)) <= 0) { + SSL3_RECORD_get_seq_num(s->rlayer.rrec)) + <= 0) { /* SSLfatal() already called */ return 0; } diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c index c605fa74d217..cedc32f07adc 100644 --- a/ssl/record/ssl3_record_tls13.c +++ b/ssl/record/ssl3_record_tls13.c @@ -21,7 +21,7 @@ * 1: if the record encryption/decryption was successful. */ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, - ossl_unused SSL_MAC_BUF *mac, ossl_unused size_t macsize) + ossl_unused SSL_MAC_BUF *mac, ossl_unused size_t macsize) { EVP_CIPHER_CTX *ctx; unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH]; @@ -69,12 +69,12 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, } if (s->early_data_state == SSL_EARLY_DATA_WRITING - || s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { + || s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { if (s->session != NULL && s->session->ext.max_early_data > 0) { alg_enc = s->session->cipher->algorithm_enc; } else { if (!ossl_assert(s->psksession != NULL - && s->psksession->ext.max_early_data > 0)) { + && s->psksession->ext.max_early_data > 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -95,10 +95,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, if (alg_enc & SSL_AESCCM) { if (alg_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) taglen = EVP_CCM8_TLS_TAG_LEN; - else + else taglen = EVP_CCM_TLS_TAG_LEN; - if (sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, - NULL) <= 0) { + if (sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -144,21 +143,19 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, } if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0 - || (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - taglen, - rec->data + rec->length) <= 0)) { + || (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, rec->data + rec->length) <= 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } /* Set up the AAD */ if (!WPACKET_init_static_len(&wpkt, recheader, sizeof(recheader), 0) - || !WPACKET_put_bytes_u8(&wpkt, rec->type) - || !WPACKET_put_bytes_u16(&wpkt, rec->rec_version) - || !WPACKET_put_bytes_u16(&wpkt, rec->length + taglen) - || !WPACKET_get_total_written(&wpkt, &hdrlen) - || hdrlen != SSL3_RT_HEADER_LENGTH - || !WPACKET_finish(&wpkt)) { + || !WPACKET_put_bytes_u8(&wpkt, rec->type) + || !WPACKET_put_bytes_u16(&wpkt, rec->rec_version) + || !WPACKET_put_bytes_u16(&wpkt, rec->length + taglen) + || !WPACKET_get_total_written(&wpkt, &hdrlen) + || hdrlen != SSL3_RT_HEADER_LENGTH + || !WPACKET_finish(&wpkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); WPACKET_cleanup(&wpkt); return 0; @@ -169,20 +166,24 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, * any AAD. */ if (((alg_enc & SSL_AESCCM) != 0 - && EVP_CipherUpdate(ctx, NULL, &lenu, NULL, - (unsigned int)rec->length) <= 0) - || EVP_CipherUpdate(ctx, NULL, &lenu, recheader, - sizeof(recheader)) <= 0 - || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input, - (unsigned int)rec->length) <= 0 - || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0 - || (size_t)(lenu + lenf) != rec->length) { + && EVP_CipherUpdate(ctx, NULL, &lenu, NULL, + (unsigned int)rec->length) + <= 0) + || EVP_CipherUpdate(ctx, NULL, &lenu, recheader, + sizeof(recheader)) + <= 0 + || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input, + (unsigned int)rec->length) + <= 0 + || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0 + || (size_t)(lenu + lenf) != rec->length) { return 0; } if (sending) { /* Add the tag */ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, - rec->data + rec->length) <= 0) { + rec->data + rec->length) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } diff --git a/ssl/record/tls_pad.c b/ssl/record/tls_pad.c index d79c4e9f6315..c89d8e40140e 100644 --- a/ssl/record/tls_pad.c +++ b/ssl/record/tls_pad.c @@ -22,31 +22,31 @@ */ static int ssl3_cbc_copy_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, - size_t mac_size, - size_t good, - OSSL_LIB_CTX *libctx); + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, + size_t mac_size, + size_t good, + OSSL_LIB_CTX *libctx); int ssl3_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - OSSL_LIB_CTX *libctx); + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + OSSL_LIB_CTX *libctx); int tls1_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - int aead, - OSSL_LIB_CTX *libctx); + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + int aead, + OSSL_LIB_CTX *libctx); /*- * ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC @@ -66,16 +66,16 @@ int tls1_cbc_remove_padding_and_mac(size_t *reclen, * MAC returned is random. */ int ssl3_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - OSSL_LIB_CTX *libctx) + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + OSSL_LIB_CTX *libctx) { size_t padding_length; size_t good; - const size_t overhead = 1 /* padding length byte */ + mac_size; + const size_t overhead = 1 /* padding length byte */ + mac_size; /* * These lengths are all public so we can test them in non-constant time. @@ -90,7 +90,7 @@ int ssl3_cbc_remove_padding_and_mac(size_t *reclen, *reclen -= good & (padding_length + 1); return ssl3_cbc_copy_mac(reclen, origreclen, recdata, mac, alloced, - block_size, mac_size, good, libctx); + block_size, mac_size, good, libctx); } /*- @@ -111,18 +111,18 @@ int ssl3_cbc_remove_padding_and_mac(size_t *reclen, * MAC returned is random. */ int tls1_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - int aead, - OSSL_LIB_CTX *libctx) + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + int aead, + OSSL_LIB_CTX *libctx) { size_t good = -1; size_t padding_length, to_check, i; size_t overhead = ((block_size == 1) ? 0 : 1) /* padding length byte */ - + mac_size; + + mac_size; /* * These lengths are all public so we can test them in non-constant @@ -151,7 +151,7 @@ int tls1_cbc_remove_padding_and_mac(size_t *reclen, * maximum amount of padding possible. (Again, the length of the record * is public information so we can use it.) */ - to_check = 256; /* maximum amount of padding, inc length byte. */ + to_check = 256; /* maximum amount of padding, inc length byte. */ if (to_check > *reclen) to_check = *reclen; @@ -174,7 +174,7 @@ int tls1_cbc_remove_padding_and_mac(size_t *reclen, } return ssl3_cbc_copy_mac(reclen, origreclen, recdata, mac, alloced, - block_size, mac_size, good, libctx); + block_size, mac_size, good, libctx); } /*- @@ -195,14 +195,14 @@ int tls1_cbc_remove_padding_and_mac(size_t *reclen, #define CBC_MAC_ROTATE_IN_PLACE static int ssl3_cbc_copy_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, - size_t mac_size, - size_t good, - OSSL_LIB_CTX *libctx) + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, + size_t mac_size, + size_t good, + OSSL_LIB_CTX *libctx) { #if defined(CBC_MAC_ROTATE_IN_PLACE) unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE]; @@ -229,7 +229,7 @@ static int ssl3_cbc_copy_mac(size_t *reclen, size_t rotate_offset; if (!ossl_assert(origreclen >= mac_size - && mac_size <= EVP_MAX_MD_SIZE)) + && mac_size <= EVP_MAX_MD_SIZE)) return 0; /* If no MAC then nothing to be done */ @@ -301,8 +301,8 @@ static int ssl3_cbc_copy_mac(size_t *reclen, /* If the padding wasn't good we emit a random MAC */ out[j++] = constant_time_select_8((unsigned char)(good & 0xff), - aux3, - randmac[i]); + aux3, + randmac[i]); rotate_offset &= constant_time_lt_s(rotate_offset, mac_size); } #else @@ -317,7 +317,7 @@ static int ssl3_cbc_copy_mac(size_t *reclen, /* If the padding wasn't good we emit a random MAC */ out[i] = constant_time_select_8((unsigned char)(good & 0xff), out[i], - randmac[i]); + randmac[i]); } #endif diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 85f296b80783..7852c233915b 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -16,7 +16,6 @@ * moved out of libssl. */ - /* * MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for * internal use. @@ -28,41 +27,41 @@ #include <openssl/evp.h> #ifndef FIPS_MODULE -# include <openssl/md5.h> +#include <openssl/md5.h> #endif #include <openssl/sha.h> char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); int ssl3_cbc_digest_record(const EVP_MD *md, - unsigned char *md_out, - size_t *md_out_size, - const unsigned char *header, - const unsigned char *data, - size_t data_size, - size_t data_plus_mac_plus_padding_size, - const unsigned char *mac_secret, - size_t mac_secret_length, char is_sslv3); + unsigned char *md_out, + size_t *md_out_size, + const unsigned char *header, + const unsigned char *data, + size_t data_size, + size_t data_plus_mac_plus_padding_size, + const unsigned char *mac_secret, + size_t mac_secret_length, char is_sslv3); -# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) +#define l2n(l, c) (*((c)++) = (unsigned char)(((l) >> 24) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) -# define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) +#define l2n6(l, c) (*((c)++) = (unsigned char)(((l) >> 40) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 32) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) -# define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ - *((c)++)=(unsigned char)(((l)>>48)&0xff), \ - *((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) +#define l2n8(l, c) (*((c)++) = (unsigned char)(((l) >> 56) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 48) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 40) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 32) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) /* * MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's @@ -82,11 +81,11 @@ int ssl3_cbc_digest_record(const EVP_MD *md, * u32toLE serializes an unsigned, 32-bit number (n) as four bytes at (p) in * little-endian order. The value of p is advanced by four. */ -# define u32toLE(n, p) \ - (*((p)++)=(unsigned char)(n), \ - *((p)++)=(unsigned char)(n>>8), \ - *((p)++)=(unsigned char)(n>>16), \ - *((p)++)=(unsigned char)(n>>24)) +#define u32toLE(n, p) \ + (*((p)++) = (unsigned char)(n), \ + *((p)++) = (unsigned char)(n >> 8), \ + *((p)++) = (unsigned char)(n >> 16), \ + *((p)++) = (unsigned char)(n >> 24)) /* * These functions serialize the state of a hash and thus perform the @@ -133,7 +132,7 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out) } } -#undef LARGEST_DIGEST_CTX +#undef LARGEST_DIGEST_CTX #define LARGEST_DIGEST_CTX SHA512_CTX /*- @@ -156,26 +155,26 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out) * Returns 1 on success or 0 on error */ int ssl3_cbc_digest_record(const EVP_MD *md, - unsigned char *md_out, - size_t *md_out_size, - const unsigned char *header, - const unsigned char *data, - size_t data_size, - size_t data_plus_mac_plus_padding_size, - const unsigned char *mac_secret, - size_t mac_secret_length, char is_sslv3) + unsigned char *md_out, + size_t *md_out_size, + const unsigned char *header, + const unsigned char *data, + size_t data_size, + size_t data_plus_mac_plus_padding_size, + const unsigned char *mac_secret, + size_t mac_secret_length, char is_sslv3) { union { OSSL_UNION_ALIGN; unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state; - void (*md_final_raw) (void *ctx, unsigned char *md_out); - void (*md_transform) (void *ctx, const unsigned char *block); + void (*md_final_raw)(void *ctx, unsigned char *md_out); + void (*md_transform)(void *ctx, const unsigned char *block); size_t md_size, md_block_size = 64; size_t sslv3_pad_length = 40, header_length, variance_blocks, - len, max_mac_bytes, num_blocks, - num_starting_blocks, k, mac_end_offset, c, index_a, index_b; - size_t bits; /* at most 18 bits */ + len, max_mac_bytes, num_blocks, + num_starting_blocks, k, mac_end_offset, c, index_a, index_b; + size_t bits; /* at most 18 bits */ unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES]; /* hmac_pad is the masked HMAC key. */ unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE]; @@ -206,8 +205,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md, if (MD5_Init((MD5_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_md5_final_raw; - md_transform = - (void (*)(void *ctx, const unsigned char *block))MD5_Transform; + md_transform = (void (*)(void *ctx, const unsigned char *block))MD5_Transform; md_size = 16; sslv3_pad_length = 48; length_is_big_endian = 0; @@ -216,29 +214,25 @@ int ssl3_cbc_digest_record(const EVP_MD *md, if (SHA1_Init((SHA_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha1_final_raw; - md_transform = - (void (*)(void *ctx, const unsigned char *block))SHA1_Transform; + md_transform = (void (*)(void *ctx, const unsigned char *block))SHA1_Transform; md_size = 20; } else if (EVP_MD_is_a(md, "SHA2-224")) { if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha256_final_raw; - md_transform = - (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; + md_transform = (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; md_size = 224 / 8; - } else if (EVP_MD_is_a(md, "SHA2-256")) { + } else if (EVP_MD_is_a(md, "SHA2-256")) { if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha256_final_raw; - md_transform = - (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; + md_transform = (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; md_size = 32; - } else if (EVP_MD_is_a(md, "SHA2-384")) { + } else if (EVP_MD_is_a(md, "SHA2-384")) { if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha512_final_raw; - md_transform = - (void (*)(void *ctx, const unsigned char *block))SHA512_Transform; + md_transform = (void (*)(void *ctx, const unsigned char *block))SHA512_Transform; md_size = 384 / 8; md_block_size = 128; md_length_size = 16; @@ -246,8 +240,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md, if (SHA512_Init((SHA512_CTX *)md_state.c) <= 0) return 0; md_final_raw = tls1_sha512_final_raw; - md_transform = - (void (*)(void *ctx, const unsigned char *block))SHA512_Transform; + md_transform = (void (*)(void *ctx, const unsigned char *block))SHA512_Transform; md_size = 64; md_block_size = 128; md_length_size = 16; @@ -262,16 +255,15 @@ int ssl3_cbc_digest_record(const EVP_MD *md, } if (!ossl_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES) - || !ossl_assert(md_block_size <= MAX_HASH_BLOCK_SIZE) - || !ossl_assert(md_size <= EVP_MAX_MD_SIZE)) + || !ossl_assert(md_block_size <= MAX_HASH_BLOCK_SIZE) + || !ossl_assert(md_size <= EVP_MAX_MD_SIZE)) return 0; header_length = 13; if (is_sslv3) { header_length = mac_secret_length + sslv3_pad_length + 8 /* sequence - * number */ + - 1 /* record type */ + - 2 /* record length */ ; + * number */ + + 1 /* record type */ + 2 /* record length */; } /* @@ -289,7 +281,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md, * short and there obviously cannot be this many blocks then * variance_blocks can be reduced. */ - variance_blocks = is_sslv3 ? 2 : ( ((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1); + variance_blocks = is_sslv3 ? 2 : (((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1); /* * From now on we're dealing with the MAC, which conceptually has 13 * bytes of `header' before the start of the data (TLS) or 71/75 bytes @@ -302,9 +294,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md, */ max_mac_bytes = len - md_size - 1; /* num_blocks is the maximum number of hash blocks. */ - num_blocks = - (max_mac_bytes + 1 + md_length_size + md_block_size - - 1) / md_block_size; + num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size; /* * In order to calculate the MAC in constant time we have to handle the * final blocks specially because the padding value could cause the end @@ -427,7 +417,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md, * constant time, to |mac_out|. */ for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks; - i++) { + i++) { unsigned char block[MAX_HASH_BLOCK_SIZE]; unsigned char is_block_a = constant_time_eq_8_s(i, index_a); unsigned char is_block_b = constant_time_eq_8_s(i, index_b); @@ -465,9 +455,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md, if (j >= md_block_size - md_length_size) { /* If this is index_b, write a length byte. */ b = constant_time_select_8(is_block_b, - length_bytes[j - - (md_block_size - - md_length_size)], b); + length_bytes[j - (md_block_size - md_length_size)], b); } block[j] = b; } @@ -483,7 +471,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md, if (md_ctx == NULL) goto err; - if (EVP_DigestInit_ex(md_ctx, md, NULL /* engine */ ) <= 0) + if (EVP_DigestInit_ex(md_ctx, md, NULL /* engine */) <= 0) goto err; if (is_sslv3) { /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ @@ -507,7 +495,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md, *md_out_size = md_out_size_u; ret = 1; - err: +err: EVP_MD_CTX_free(md_ctx); return ret; } diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index ee4f58e75e99..c8a6d9e0b560 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -26,7 +26,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) int ret = 0; #ifdef CHARSET_EBCDIC - c = os_toascii[c]; /* 'A' in ASCII */ + c = os_toascii[c]; /* 'A' in ASCII */ #endif k = 0; md5 = ssl_evp_md_fetch(s->ctx->libctx, NID_md5, s->ctx->propq); @@ -50,13 +50,13 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) if (!EVP_DigestInit_ex(s1, sha1, NULL) || !EVP_DigestUpdate(s1, buf, k) || !EVP_DigestUpdate(s1, s->session->master_key, - s->session->master_key_length) + s->session->master_key_length) || !EVP_DigestUpdate(s1, s->s3.server_random, SSL3_RANDOM_SIZE) || !EVP_DigestUpdate(s1, s->s3.client_random, SSL3_RANDOM_SIZE) || !EVP_DigestFinal_ex(s1, smd, NULL) || !EVP_DigestInit_ex(m5, md5, NULL) || !EVP_DigestUpdate(m5, s->session->master_key, - s->session->master_key_length) + s->session->master_key_length) || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -78,7 +78,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) } OPENSSL_cleanse(smd, sizeof(smd)); ret = 1; - err: +err: EVP_MD_CTX_free(m5); EVP_MD_CTX_free(s1); ssl_evp_md_free(md5); @@ -140,7 +140,7 @@ int ssl3_change_cipher_state(SSL *s, int which) s->expand = COMP_CTX_new(comp); if (s->expand == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_COMPRESSION_LIBRARY_ERROR); + SSL_R_COMPRESSION_LIBRARY_ERROR); goto err; } } @@ -173,7 +173,7 @@ int ssl3_change_cipher_state(SSL *s, int which) s->compress = COMP_CTX_new(comp); if (s->compress == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_COMPRESSION_LIBRARY_ERROR); + SSL_R_COMPRESSION_LIBRARY_ERROR); goto err; } } @@ -195,8 +195,7 @@ int ssl3_change_cipher_state(SSL *s, int which) cl = EVP_CIPHER_get_key_length(c); j = cl; k = EVP_CIPHER_get_iv_length(c); - if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || - (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { + if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { ms = &(p[0]); n = i + i; key = &(p[n]); @@ -230,14 +229,14 @@ int ssl3_change_cipher_state(SSL *s, int which) * different to that in c if we have an ENGINE in use */ if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(dd)) != NULL - && !tls_provider_set_tls_params(s, dd, c, m)) { + && !tls_provider_set_tls_params(s, dd, c, m)) { /* SSLfatal already called */ goto err; } s->statem.enc_write_state = ENC_WRITE_STATE_VALID; return 1; - err: +err: return 0; } @@ -254,7 +253,7 @@ int ssl3_setup_key_block(SSL *s) return 1; if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, &comp, - 0)) { + 0)) { /* Error is already recorded */ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); return 0; @@ -390,7 +389,7 @@ int ssl3_digest_cached_records(SSL *s, int keep) md = ssl_handshake_md(s); if (md == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_NO_SUITABLE_DIGEST_ALGORITHM); + SSL_R_NO_SUITABLE_DIGEST_ALGORITHM); return 0; } if (!EVP_DigestInit_ex(s->s3.handshake_dgst, md, NULL) @@ -408,17 +407,17 @@ int ssl3_digest_cached_records(SSL *s, int keep) } void ssl3_digest_master_key_set_params(const SSL_SESSION *session, - OSSL_PARAM params[]) + OSSL_PARAM params[]) { int n = 0; params[n++] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, - (void *)session->master_key, - session->master_key_length); + (void *)session->master_key, + session->master_key_length); params[n++] = OSSL_PARAM_construct_end(); } size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, - unsigned char *p) + unsigned char *p) { int ret; EVP_MD_CTX *ctx = NULL; @@ -459,19 +458,19 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, if (EVP_DigestUpdate(ctx, sender, len) <= 0 || EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= 0 || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - ret = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + ret = 0; } } - err: +err: EVP_MD_CTX_free(ctx); return ret; } int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, - size_t len, size_t *secret_size) + size_t len, size_t *secret_size) { static const unsigned char *salt[3] = { #ifndef CHARSET_EBCDIC @@ -497,12 +496,15 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, for (i = 0; i < 3; i++) { if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0 || EVP_DigestUpdate(ctx, salt[i], - strlen((const char *)salt[i])) <= 0 + strlen((const char *)salt[i])) + <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0 || EVP_DigestUpdate(ctx, &(s->s3.client_random[0]), - SSL3_RANDOM_SIZE) <= 0 + SSL3_RANDOM_SIZE) + <= 0 || EVP_DigestUpdate(ctx, &(s->s3.server_random[0]), - SSL3_RANDOM_SIZE) <= 0 + SSL3_RANDOM_SIZE) + <= 0 || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0 @@ -573,7 +575,7 @@ int ssl3_alert_code(int code) case SSL_AD_USER_CANCELLED: return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_NO_RENEGOTIATION: - return -1; /* Don't send it :-) */ + return -1; /* Don't send it :-) */ case SSL_AD_UNSUPPORTED_EXTENSION: return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_CERTIFICATE_UNOBTAINABLE: diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 7c76ae13db76..ff2037ceb455 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -21,9 +21,9 @@ #include <openssl/core_names.h> #include "internal/cryptlib.h" -#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers) -#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) -#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs) +#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers) +#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) +#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs) /* TLSv1.3 downgrade protection sentinel values */ const unsigned char tls11downgrade[] = { @@ -44,13 +44,16 @@ static SSL_CIPHER tls13_ciphers[] = { SSL_aANY, SSL_AES128GCM, SSL_AEAD, - TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, + TLS1_3_VERSION, + TLS1_3_VERSION, + 0, + 0, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256, 128, 128, - }, { + }, + { 1, TLS1_3_RFC_AES_256_GCM_SHA384, TLS1_3_RFC_AES_256_GCM_SHA384, @@ -59,8 +62,10 @@ static SSL_CIPHER tls13_ciphers[] = { SSL_aANY, SSL_AES256GCM, SSL_AEAD, - TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, + TLS1_3_VERSION, + TLS1_3_VERSION, + 0, + 0, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA384, 256, @@ -75,8 +80,10 @@ static SSL_CIPHER tls13_ciphers[] = { SSL_aANY, SSL_CHACHA20POLY1305, SSL_AEAD, - TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, + TLS1_3_VERSION, + TLS1_3_VERSION, + 0, + 0, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256, 256, @@ -91,13 +98,16 @@ static SSL_CIPHER tls13_ciphers[] = { SSL_aANY, SSL_AES128CCM, SSL_AEAD, - TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, + TLS1_3_VERSION, + TLS1_3_VERSION, + 0, + 0, SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256, 128, 128, - }, { + }, + { 1, TLS1_3_RFC_AES_128_CCM_8_SHA256, TLS1_3_RFC_AES_128_CCM_8_SHA256, @@ -106,8 +116,10 @@ static SSL_CIPHER tls13_ciphers[] = { SSL_aANY, SSL_AES128CCM8, SSL_AEAD, - TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, + TLS1_3_VERSION, + TLS1_3_VERSION, + 0, + 0, SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256, 128, @@ -127,3091 +139,3473 @@ static SSL_CIPHER tls13_ciphers[] = { */ static SSL_CIPHER ssl3_ciphers[] = { { - 1, - SSL3_TXT_RSA_NULL_MD5, - SSL3_RFC_RSA_NULL_MD5, - SSL3_CK_RSA_NULL_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_eNULL, - SSL_MD5, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, + 1, + SSL3_TXT_RSA_NULL_MD5, + SSL3_RFC_RSA_NULL_MD5, + SSL3_CK_RSA_NULL_MD5, + SSL_kRSA, + SSL_aRSA, + SSL_eNULL, + SSL_MD5, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, { - 1, - SSL3_TXT_RSA_NULL_SHA, - SSL3_RFC_RSA_NULL_SHA, - SSL3_CK_RSA_NULL_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_eNULL, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, + 1, + SSL3_TXT_RSA_NULL_SHA, + SSL3_RFC_RSA_NULL_SHA, + SSL3_CK_RSA_NULL_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_eNULL, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { - 1, - SSL3_TXT_RSA_DES_192_CBC3_SHA, - SSL3_RFC_RSA_DES_192_CBC3_SHA, - SSL3_CK_RSA_DES_192_CBC3_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, + 1, + SSL3_TXT_RSA_DES_192_CBC3_SHA, + SSL3_RFC_RSA_DES_192_CBC3_SHA, + SSL3_CK_RSA_DES_192_CBC3_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, { - 1, - SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA, - SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA, - SSL3_CK_DHE_DSS_DES_192_CBC3_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, + 1, + SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA, + SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA, + SSL3_CK_DHE_DSS_DES_192_CBC3_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, { - 1, - SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA, - SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA, - SSL3_CK_DHE_RSA_DES_192_CBC3_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, + 1, + SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA, + SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA, + SSL3_CK_DHE_RSA_DES_192_CBC3_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, { - 1, - SSL3_TXT_ADH_DES_192_CBC_SHA, - SSL3_RFC_ADH_DES_192_CBC_SHA, - SSL3_CK_ADH_DES_192_CBC_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, + 1, + SSL3_TXT_ADH_DES_192_CBC_SHA, + SSL3_RFC_ADH_DES_192_CBC_SHA, + SSL3_CK_ADH_DES_192_CBC_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, #endif { - 1, - TLS1_TXT_RSA_WITH_AES_128_SHA, - TLS1_RFC_RSA_WITH_AES_128_SHA, - TLS1_CK_RSA_WITH_AES_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_RSA_WITH_AES_128_SHA, + TLS1_RFC_RSA_WITH_AES_128_SHA, + TLS1_CK_RSA_WITH_AES_128_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, - TLS1_RFC_DHE_DSS_WITH_AES_128_SHA, - TLS1_CK_DHE_DSS_WITH_AES_128_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, + TLS1_RFC_DHE_DSS_WITH_AES_128_SHA, + TLS1_CK_DHE_DSS_WITH_AES_128_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, - TLS1_RFC_DHE_RSA_WITH_AES_128_SHA, - TLS1_CK_DHE_RSA_WITH_AES_128_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, + TLS1_RFC_DHE_RSA_WITH_AES_128_SHA, + TLS1_CK_DHE_RSA_WITH_AES_128_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_ADH_WITH_AES_128_SHA, - TLS1_RFC_ADH_WITH_AES_128_SHA, - TLS1_CK_ADH_WITH_AES_128_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_ADH_WITH_AES_128_SHA, + TLS1_RFC_ADH_WITH_AES_128_SHA, + TLS1_CK_ADH_WITH_AES_128_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_RSA_WITH_AES_256_SHA, - TLS1_RFC_RSA_WITH_AES_256_SHA, - TLS1_CK_RSA_WITH_AES_256_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_RSA_WITH_AES_256_SHA, + TLS1_RFC_RSA_WITH_AES_256_SHA, + TLS1_CK_RSA_WITH_AES_256_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, - TLS1_RFC_DHE_DSS_WITH_AES_256_SHA, - TLS1_CK_DHE_DSS_WITH_AES_256_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, + TLS1_RFC_DHE_DSS_WITH_AES_256_SHA, + TLS1_CK_DHE_DSS_WITH_AES_256_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, - TLS1_RFC_DHE_RSA_WITH_AES_256_SHA, - TLS1_CK_DHE_RSA_WITH_AES_256_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, + TLS1_RFC_DHE_RSA_WITH_AES_256_SHA, + TLS1_CK_DHE_RSA_WITH_AES_256_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_ADH_WITH_AES_256_SHA, - TLS1_RFC_ADH_WITH_AES_256_SHA, - TLS1_CK_ADH_WITH_AES_256_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_ADH_WITH_AES_256_SHA, + TLS1_RFC_ADH_WITH_AES_256_SHA, + TLS1_CK_ADH_WITH_AES_256_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_RSA_WITH_NULL_SHA256, - TLS1_RFC_RSA_WITH_NULL_SHA256, - TLS1_CK_RSA_WITH_NULL_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_eNULL, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, + 1, + TLS1_TXT_RSA_WITH_NULL_SHA256, + TLS1_RFC_RSA_WITH_NULL_SHA256, + TLS1_CK_RSA_WITH_NULL_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_eNULL, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, { - 1, - TLS1_TXT_RSA_WITH_AES_128_SHA256, - TLS1_RFC_RSA_WITH_AES_128_SHA256, - TLS1_CK_RSA_WITH_AES_128_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_RSA_WITH_AES_128_SHA256, + TLS1_RFC_RSA_WITH_AES_128_SHA256, + TLS1_CK_RSA_WITH_AES_128_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_RSA_WITH_AES_256_SHA256, - TLS1_RFC_RSA_WITH_AES_256_SHA256, - TLS1_CK_RSA_WITH_AES_256_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES256, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_RSA_WITH_AES_256_SHA256, + TLS1_RFC_RSA_WITH_AES_256_SHA256, + TLS1_CK_RSA_WITH_AES_256_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES256, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, - TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, - SSL_kDHE, - SSL_aDSS, - SSL_AES128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, + TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256, + TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, + SSL_kDHE, + SSL_aDSS, + SSL_AES128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, - TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, - SSL_kDHE, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, + TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, + SSL_kDHE, + SSL_aRSA, + SSL_AES128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, - TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, - SSL_kDHE, - SSL_aDSS, - SSL_AES256, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, + TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256, + TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, + SSL_kDHE, + SSL_aDSS, + SSL_AES256, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, - TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, - SSL_kDHE, - SSL_aRSA, - SSL_AES256, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, + TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, + SSL_kDHE, + SSL_aRSA, + SSL_AES256, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_ADH_WITH_AES_128_SHA256, - TLS1_RFC_ADH_WITH_AES_128_SHA256, - TLS1_CK_ADH_WITH_AES_128_SHA256, - SSL_kDHE, - SSL_aNULL, - SSL_AES128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_ADH_WITH_AES_128_SHA256, + TLS1_RFC_ADH_WITH_AES_128_SHA256, + TLS1_CK_ADH_WITH_AES_128_SHA256, + SSL_kDHE, + SSL_aNULL, + SSL_AES128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_ADH_WITH_AES_256_SHA256, - TLS1_RFC_ADH_WITH_AES_256_SHA256, - TLS1_CK_ADH_WITH_AES_256_SHA256, - SSL_kDHE, - SSL_aNULL, - SSL_AES256, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_ADH_WITH_AES_256_SHA256, + TLS1_RFC_ADH_WITH_AES_256_SHA256, + TLS1_CK_ADH_WITH_AES_256_SHA256, + SSL_kDHE, + SSL_aNULL, + SSL_AES256, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, - TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, + TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, - TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, - SSL_kRSA, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, + TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, + SSL_kRSA, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, - SSL_kDHE, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, + SSL_kDHE, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, - SSL_kDHE, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, + SSL_kDHE, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, - TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, - SSL_kDHE, - SSL_aDSS, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, + SSL_kDHE, + SSL_aDSS, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, - TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, - SSL_kDHE, - SSL_aDSS, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, + TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, + SSL_kDHE, + SSL_aDSS, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, - TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256, - TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, - SSL_kDHE, - SSL_aNULL, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, + TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256, + TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, + SSL_kDHE, + SSL_aNULL, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, - TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384, - TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, - SSL_kDHE, - SSL_aNULL, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, + TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384, + TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, + SSL_kDHE, + SSL_aNULL, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_RSA_WITH_AES_128_CCM, - TLS1_RFC_RSA_WITH_AES_128_CCM, - TLS1_CK_RSA_WITH_AES_128_CCM, - SSL_kRSA, - SSL_aRSA, - SSL_AES128CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_RSA_WITH_AES_128_CCM, + TLS1_RFC_RSA_WITH_AES_128_CCM, + TLS1_CK_RSA_WITH_AES_128_CCM, + SSL_kRSA, + SSL_aRSA, + SSL_AES128CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_RSA_WITH_AES_256_CCM, - TLS1_RFC_RSA_WITH_AES_256_CCM, - TLS1_CK_RSA_WITH_AES_256_CCM, - SSL_kRSA, - SSL_aRSA, - SSL_AES256CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_RSA_WITH_AES_256_CCM, + TLS1_RFC_RSA_WITH_AES_256_CCM, + TLS1_CK_RSA_WITH_AES_256_CCM, + SSL_kRSA, + SSL_aRSA, + SSL_AES256CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_CCM, - TLS1_RFC_DHE_RSA_WITH_AES_128_CCM, - TLS1_CK_DHE_RSA_WITH_AES_128_CCM, - SSL_kDHE, - SSL_aRSA, - SSL_AES128CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_AES_128_CCM, + TLS1_RFC_DHE_RSA_WITH_AES_128_CCM, + TLS1_CK_DHE_RSA_WITH_AES_128_CCM, + SSL_kDHE, + SSL_aRSA, + SSL_AES128CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_CCM, - TLS1_RFC_DHE_RSA_WITH_AES_256_CCM, - TLS1_CK_DHE_RSA_WITH_AES_256_CCM, - SSL_kDHE, - SSL_aRSA, - SSL_AES256CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_AES_256_CCM, + TLS1_RFC_DHE_RSA_WITH_AES_256_CCM, + TLS1_CK_DHE_RSA_WITH_AES_256_CCM, + SSL_kDHE, + SSL_aRSA, + SSL_AES256CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_RSA_WITH_AES_128_CCM_8, - TLS1_RFC_RSA_WITH_AES_128_CCM_8, - TLS1_CK_RSA_WITH_AES_128_CCM_8, - SSL_kRSA, - SSL_aRSA, - SSL_AES128CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_RSA_WITH_AES_128_CCM_8, + TLS1_RFC_RSA_WITH_AES_128_CCM_8, + TLS1_CK_RSA_WITH_AES_128_CCM_8, + SSL_kRSA, + SSL_aRSA, + SSL_AES128CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_RSA_WITH_AES_256_CCM_8, - TLS1_RFC_RSA_WITH_AES_256_CCM_8, - TLS1_CK_RSA_WITH_AES_256_CCM_8, - SSL_kRSA, - SSL_aRSA, - SSL_AES256CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_RSA_WITH_AES_256_CCM_8, + TLS1_RFC_RSA_WITH_AES_256_CCM_8, + TLS1_CK_RSA_WITH_AES_256_CCM_8, + SSL_kRSA, + SSL_aRSA, + SSL_AES256CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8, - TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8, - TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8, - SSL_kDHE, - SSL_aRSA, - SSL_AES128CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8, + TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8, + TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8, + SSL_kDHE, + SSL_aRSA, + SSL_AES128CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8, - TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8, - TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8, - SSL_kDHE, - SSL_aRSA, - SSL_AES256CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8, + TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8, + TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8, + SSL_kDHE, + SSL_aRSA, + SSL_AES256CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_PSK_WITH_AES_128_CCM, - TLS1_RFC_PSK_WITH_AES_128_CCM, - TLS1_CK_PSK_WITH_AES_128_CCM, - SSL_kPSK, - SSL_aPSK, - SSL_AES128CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_PSK_WITH_AES_128_CCM, + TLS1_RFC_PSK_WITH_AES_128_CCM, + TLS1_CK_PSK_WITH_AES_128_CCM, + SSL_kPSK, + SSL_aPSK, + SSL_AES128CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_PSK_WITH_AES_256_CCM, - TLS1_RFC_PSK_WITH_AES_256_CCM, - TLS1_CK_PSK_WITH_AES_256_CCM, - SSL_kPSK, - SSL_aPSK, - SSL_AES256CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_PSK_WITH_AES_256_CCM, + TLS1_RFC_PSK_WITH_AES_256_CCM, + TLS1_CK_PSK_WITH_AES_256_CCM, + SSL_kPSK, + SSL_aPSK, + SSL_AES256CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_CCM, - TLS1_RFC_DHE_PSK_WITH_AES_128_CCM, - TLS1_CK_DHE_PSK_WITH_AES_128_CCM, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_CCM, + TLS1_RFC_DHE_PSK_WITH_AES_128_CCM, + TLS1_CK_DHE_PSK_WITH_AES_128_CCM, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_CCM, - TLS1_RFC_DHE_PSK_WITH_AES_256_CCM, - TLS1_CK_DHE_PSK_WITH_AES_256_CCM, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_AES_256_CCM, + TLS1_RFC_DHE_PSK_WITH_AES_256_CCM, + TLS1_CK_DHE_PSK_WITH_AES_256_CCM, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_PSK_WITH_AES_128_CCM_8, - TLS1_RFC_PSK_WITH_AES_128_CCM_8, - TLS1_CK_PSK_WITH_AES_128_CCM_8, - SSL_kPSK, - SSL_aPSK, - SSL_AES128CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_PSK_WITH_AES_128_CCM_8, + TLS1_RFC_PSK_WITH_AES_128_CCM_8, + TLS1_CK_PSK_WITH_AES_128_CCM_8, + SSL_kPSK, + SSL_aPSK, + SSL_AES128CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_PSK_WITH_AES_256_CCM_8, - TLS1_RFC_PSK_WITH_AES_256_CCM_8, - TLS1_CK_PSK_WITH_AES_256_CCM_8, - SSL_kPSK, - SSL_aPSK, - SSL_AES256CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_PSK_WITH_AES_256_CCM_8, + TLS1_RFC_PSK_WITH_AES_256_CCM_8, + TLS1_CK_PSK_WITH_AES_256_CCM_8, + SSL_kPSK, + SSL_aPSK, + SSL_AES256CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8, - TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8, - TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8, + TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8, + TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8, - TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8, - TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8, + TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8, + TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES128CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES256CCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256CCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES128CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES256CCM8, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256CCM8, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, - TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, - SSL_kECDHE, - SSL_aECDSA, - SSL_eNULL, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, -# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, + TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_eNULL, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - SSL_kECDHE, - SSL_aECDSA, - SSL_3DES, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -# endif + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_3DES, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES128, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES256, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, - TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA, - TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, - SSL_kECDHE, - SSL_aRSA, - SSL_eNULL, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, -# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + 1, + TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, + TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA, + TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_eNULL, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { - 1, - TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - SSL_kECDHE, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -# endif + 1, + TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, - SSL_kECDHE, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, - SSL_kECDHE, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDH_anon_WITH_NULL_SHA, - TLS1_RFC_ECDH_anon_WITH_NULL_SHA, - TLS1_CK_ECDH_anon_WITH_NULL_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_eNULL, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, -# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + 1, + TLS1_TXT_ECDH_anon_WITH_NULL_SHA, + TLS1_RFC_ECDH_anon_WITH_NULL_SHA, + TLS1_CK_ECDH_anon_WITH_NULL_SHA, + SSL_kECDHE, + SSL_aNULL, + SSL_eNULL, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { - 1, - TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, - TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA, - TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_3DES, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -# endif + 1, + TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, + TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA, + TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, + SSL_kECDHE, + SSL_aNULL, + SSL_3DES, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif { - 1, - TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, - TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_AES128, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, + TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, + SSL_kECDHE, + SSL_aNULL, + SSL_AES128, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, - TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_AES256, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, + TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, + SSL_kECDHE, + SSL_aNULL, + SSL_AES256, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES256, - SSL_SHA384, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256, + SSL_SHA384, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, - TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, - SSL_kECDHE, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, + TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256, + TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, + SSL_kECDHE, + SSL_aRSA, + SSL_AES128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, - TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, - SSL_kECDHE, - SSL_aRSA, - SSL_AES256, - SSL_SHA384, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, + TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, + SSL_kECDHE, + SSL_aRSA, + SSL_AES256, + SSL_SHA384, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - SSL_kECDHE, - SSL_aECDSA, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + SSL_kECDHE, + SSL_aECDSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - SSL_kECDHE, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + SSL_kECDHE, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - SSL_kECDHE, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + SSL_kECDHE, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_PSK_WITH_NULL_SHA, - TLS1_RFC_PSK_WITH_NULL_SHA, - TLS1_CK_PSK_WITH_NULL_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, + 1, + TLS1_TXT_PSK_WITH_NULL_SHA, + TLS1_RFC_PSK_WITH_NULL_SHA, + TLS1_CK_PSK_WITH_NULL_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_NULL_SHA, - TLS1_RFC_DHE_PSK_WITH_NULL_SHA, - TLS1_CK_DHE_PSK_WITH_NULL_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_NULL_SHA, + TLS1_RFC_DHE_PSK_WITH_NULL_SHA, + TLS1_CK_DHE_PSK_WITH_NULL_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, { - 1, - TLS1_TXT_RSA_PSK_WITH_NULL_SHA, - TLS1_RFC_RSA_PSK_WITH_NULL_SHA, - TLS1_CK_RSA_PSK_WITH_NULL_SHA, - SSL_kRSAPSK, - SSL_aRSA, - SSL_eNULL, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, -# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + 1, + TLS1_TXT_RSA_PSK_WITH_NULL_SHA, + TLS1_RFC_RSA_PSK_WITH_NULL_SHA, + TLS1_CK_RSA_PSK_WITH_NULL_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_eNULL, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { - 1, - TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -# endif + 1, + TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif { - 1, - TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, - TLS1_RFC_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_PSK_WITH_AES_128_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, + TLS1_RFC_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_PSK_WITH_AES_128_CBC_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, - TLS1_RFC_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_PSK_WITH_AES_256_CBC_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, -# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + 1, + TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, + TLS1_RFC_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_PSK_WITH_AES_256_CBC_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { - 1, - TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -# endif + 1, + TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA, - TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA, - TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, -# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + 1, + TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { - 1, - TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kRSAPSK, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -# endif + 1, + TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif { - 1, - TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA, - TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA, + TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA, - TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA, + TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256, - TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256, - TLS1_CK_PSK_WITH_AES_128_GCM_SHA256, - SSL_kPSK, - SSL_aPSK, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256, + TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_PSK_WITH_AES_128_GCM_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384, - TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384, - TLS1_CK_PSK_WITH_AES_256_GCM_SHA384, - SSL_kPSK, - SSL_aPSK, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384, + TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384, + TLS1_CK_PSK_WITH_AES_256_GCM_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256, - TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256, + TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384, - TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384, + TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256, - TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256, - TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256, + TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384, - TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384, - TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384, + TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384, + TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256, - TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256, - TLS1_CK_PSK_WITH_AES_128_CBC_SHA256, - SSL_kPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256, + TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_PSK_WITH_AES_128_CBC_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384, - TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384, - TLS1_CK_PSK_WITH_AES_256_CBC_SHA384, - SSL_kPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384, + TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_PSK_WITH_AES_256_CBC_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_PSK_WITH_NULL_SHA256, - TLS1_RFC_PSK_WITH_NULL_SHA256, - TLS1_CK_PSK_WITH_NULL_SHA256, - SSL_kPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, + 1, + TLS1_TXT_PSK_WITH_NULL_SHA256, + TLS1_RFC_PSK_WITH_NULL_SHA256, + TLS1_CK_PSK_WITH_NULL_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, { - 1, - TLS1_TXT_PSK_WITH_NULL_SHA384, - TLS1_RFC_PSK_WITH_NULL_SHA384, - TLS1_CK_PSK_WITH_NULL_SHA384, - SSL_kPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 0, - 0, - }, + 1, + TLS1_TXT_PSK_WITH_NULL_SHA384, + TLS1_RFC_PSK_WITH_NULL_SHA384, + TLS1_CK_PSK_WITH_NULL_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256, - TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256, - TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256, + TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384, - TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384, - TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384, - SSL_kDHEPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384, + TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_NULL_SHA256, - TLS1_RFC_DHE_PSK_WITH_NULL_SHA256, - TLS1_CK_DHE_PSK_WITH_NULL_SHA256, - SSL_kDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_NULL_SHA256, + TLS1_RFC_DHE_PSK_WITH_NULL_SHA256, + TLS1_CK_DHE_PSK_WITH_NULL_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_NULL_SHA384, - TLS1_RFC_DHE_PSK_WITH_NULL_SHA384, - TLS1_CK_DHE_PSK_WITH_NULL_SHA384, - SSL_kDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 0, - 0, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_NULL_SHA384, + TLS1_RFC_DHE_PSK_WITH_NULL_SHA384, + TLS1_CK_DHE_PSK_WITH_NULL_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, + }, { - 1, - TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256, - TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256, - TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256, + TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES128, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384, - TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384, - TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384, - SSL_kRSAPSK, - SSL_aRSA, - SSL_AES256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384, + TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES256, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_RSA_PSK_WITH_NULL_SHA256, - TLS1_RFC_RSA_PSK_WITH_NULL_SHA256, - TLS1_CK_RSA_PSK_WITH_NULL_SHA256, - SSL_kRSAPSK, - SSL_aRSA, - SSL_eNULL, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, + 1, + TLS1_TXT_RSA_PSK_WITH_NULL_SHA256, + TLS1_RFC_RSA_PSK_WITH_NULL_SHA256, + TLS1_CK_RSA_PSK_WITH_NULL_SHA256, + SSL_kRSAPSK, + SSL_aRSA, + SSL_eNULL, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, { - 1, - TLS1_TXT_RSA_PSK_WITH_NULL_SHA384, - TLS1_RFC_RSA_PSK_WITH_NULL_SHA384, - TLS1_CK_RSA_PSK_WITH_NULL_SHA384, - SSL_kRSAPSK, - SSL_aRSA, - SSL_eNULL, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 0, - 0, - }, -# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + 1, + TLS1_TXT_RSA_PSK_WITH_NULL_SHA384, + TLS1_RFC_RSA_PSK_WITH_NULL_SHA384, + TLS1_CK_RSA_PSK_WITH_NULL_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_eNULL, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, + }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { - 1, - TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_3DES, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -# endif + 1, + TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_3DES, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif { - 1, - TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, - TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA, - TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256, - TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256, - TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_AES128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384, - TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384, - TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_AES256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA, - TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA, - TLS1_CK_ECDHE_PSK_WITH_NULL_SHA, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, + 1, + TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA, + TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA, + TLS1_CK_ECDHE_PSK_WITH_NULL_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, { - 1, - TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256, - TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256, - TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, + 1, + TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256, + TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256, + TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, { - 1, - TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384, - TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384, - TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_eNULL, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_STRONG_NONE | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 0, - 0, - }, + 1, + TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384, + TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384, + TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, + }, -# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { - 1, - TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, - TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aSRP, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, + 1, + TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + SSL_kSRP, + SSL_aSRP, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, { - 1, - TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, - TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aRSA, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, + 1, + TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + SSL_kSRP, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, { - 1, - TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, - TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, - SSL_kSRP, - SSL_aDSS, - SSL_3DES, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, -# endif + 1, + TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + SSL_kSRP, + SSL_aDSS, + SSL_3DES, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, +#endif { - 1, - TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, - TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aSRP, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, + TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA, + TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, + SSL_kSRP, + SSL_aSRP, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, - TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aRSA, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + SSL_kSRP, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, - TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, - SSL_kSRP, - SSL_aDSS, - SSL_AES128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + SSL_kSRP, + SSL_aDSS, + SSL_AES128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, - TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aSRP, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, + TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA, + TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, + SSL_kSRP, + SSL_aSRP, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, - TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aRSA, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + SSL_kSRP, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, - TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, - TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, - SSL_kSRP, - SSL_aDSS, - SSL_AES256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + SSL_kSRP, + SSL_aDSS, + SSL_AES256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305, - SSL_kDHE, - SSL_aRSA, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305, + SSL_kDHE, + SSL_aRSA, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305, - SSL_kECDHE, - SSL_aRSA, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305, + SSL_kECDHE, + SSL_aRSA, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, - TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, - SSL_kECDHE, - SSL_aECDSA, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + SSL_kECDHE, + SSL_aECDSA, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_PSK_WITH_CHACHA20_POLY1305, - TLS1_RFC_PSK_WITH_CHACHA20_POLY1305, - TLS1_CK_PSK_WITH_CHACHA20_POLY1305, - SSL_kPSK, - SSL_aPSK, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_PSK_WITH_CHACHA20_POLY1305, + TLS1_RFC_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_PSK_WITH_CHACHA20_POLY1305, + SSL_kPSK, + SSL_aPSK, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305, - TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305, - TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305, - TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305, - SSL_kDHEPSK, - SSL_aPSK, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305, + SSL_kDHEPSK, + SSL_aPSK, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305, - TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305, - TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305, - SSL_kRSAPSK, - SSL_aRSA, - SSL_CHACHA20POLY1305, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305, + TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305, + SSL_kRSAPSK, + SSL_aRSA, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kDHE, - SSL_aDSS, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kDHE, + SSL_aDSS, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kDHE, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kDHE, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kDHE, - SSL_aNULL, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kDHE, + SSL_aNULL, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kDHE, - SSL_aDSS, - SSL_CAMELLIA256, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, + SSL_kDHE, + SSL_aDSS, + SSL_CAMELLIA256, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kDHE, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + SSL_kDHE, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kDHE, - SSL_aNULL, - SSL_CAMELLIA256, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, + SSL_kDHE, + SSL_aNULL, + SSL_CAMELLIA256, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_CAMELLIA256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_CAMELLIA256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, - TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_CAMELLIA256, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, + TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_CAMELLIA256, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, { - 1, - TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_CAMELLIA128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_CAMELLIA128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, - TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_CAMELLIA128, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, + TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_CAMELLIA128, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kECDHE, - SSL_aECDSA, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kECDHE, + SSL_aECDSA, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kECDHE, - SSL_aECDSA, - SSL_CAMELLIA256, - SSL_SHA384, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kECDHE, + SSL_aECDSA, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kECDHE, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kECDHE, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kECDHE, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA384, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kECDHE, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kPSK, - SSL_aPSK, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kPSK, - SSL_aPSK, - SSL_CAMELLIA256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kDHEPSK, - SSL_aPSK, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kDHEPSK, - SSL_aPSK, - SSL_CAMELLIA256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kRSAPSK, - SSL_aRSA, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kRSAPSK, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kRSAPSK, - SSL_aRSA, - SSL_CAMELLIA256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_CAMELLIA128, - SSL_SHA256, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_CAMELLIA128, + SSL_SHA256, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_CAMELLIA256, - SSL_SHA384, - TLS1_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_CAMELLIA256, + SSL_SHA384, + TLS1_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, #ifndef OPENSSL_NO_GOST { - 1, - "GOST2001-GOST89-GOST89", - "TLS_GOSTR341001_WITH_28147_CNT_IMIT", - 0x3000081, - SSL_kGOST, - SSL_aGOST01, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, - 256, - 256, - }, + 1, + "GOST2001-GOST89-GOST89", + "TLS_GOSTR341001_WITH_28147_CNT_IMIT", + 0x3000081, + SSL_kGOST, + SSL_aGOST01, + SSL_eGOST2814789CNT, + SSL_GOST89MAC, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, + 256, + 256, + }, { - 1, - "GOST2001-NULL-GOST94", - "TLS_GOSTR341001_WITH_NULL_GOSTR3411", - 0x3000083, - SSL_kGOST, - SSL_aGOST01, - SSL_eNULL, - SSL_GOST94, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, - 0, - 0, - }, + 1, + "GOST2001-NULL-GOST94", + "TLS_GOSTR341001_WITH_NULL_GOSTR3411", + 0x3000083, + SSL_kGOST, + SSL_aGOST01, + SSL_eNULL, + SSL_GOST94, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_STRONG_NONE, + SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, + 0, + 0, + }, { - 1, - "IANA-GOST2012-GOST8912-GOST8912", - NULL, - 0x0300c102, - SSL_kGOST, - SSL_aGOST12 | SSL_aGOST01, - SSL_eGOST2814789CNT12, - SSL_GOST89MAC12, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, - 256, - 256, - }, + 1, + "IANA-GOST2012-GOST8912-GOST8912", + NULL, + 0x0300c102, + SSL_kGOST, + SSL_aGOST12 | SSL_aGOST01, + SSL_eGOST2814789CNT12, + SSL_GOST89MAC12, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, + 256, + 256, + }, { - 1, - "LEGACY-GOST2012-GOST8912-GOST8912", - NULL, - 0x0300ff85, - SSL_kGOST, - SSL_aGOST12 | SSL_aGOST01, - SSL_eGOST2814789CNT12, - SSL_GOST89MAC12, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, - 256, - 256, - }, + 1, + "LEGACY-GOST2012-GOST8912-GOST8912", + NULL, + 0x0300ff85, + SSL_kGOST, + SSL_aGOST12 | SSL_aGOST01, + SSL_eGOST2814789CNT12, + SSL_GOST89MAC12, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, + 256, + 256, + }, { - 1, - "GOST2012-NULL-GOST12", - NULL, - 0x0300ff87, - SSL_kGOST, - SSL_aGOST12 | SSL_aGOST01, - SSL_eNULL, - SSL_GOST12_256, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, - 0, - 0, - }, + 1, + "GOST2012-NULL-GOST12", + NULL, + 0x0300ff87, + SSL_kGOST, + SSL_aGOST12 | SSL_aGOST01, + SSL_eNULL, + SSL_GOST12_256, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_STRONG_NONE, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, + 0, + 0, + }, { - 1, - "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC", - NULL, - 0x0300C100, - SSL_kGOST18, - SSL_aGOST12, - SSL_KUZNYECHIK, - SSL_KUZNYECHIKOMAC, - TLS1_2_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE, - 256, - 256, - }, + 1, + "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC", + NULL, + 0x0300C100, + SSL_kGOST18, + SSL_aGOST12, + SSL_KUZNYECHIK, + SSL_KUZNYECHIKOMAC, + TLS1_2_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE, + 256, + 256, + }, { - 1, - "GOST2012-MAGMA-MAGMAOMAC", - NULL, - 0x0300C101, - SSL_kGOST18, - SSL_aGOST12, - SSL_MAGMA, - SSL_MAGMAOMAC, - TLS1_2_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE, - 256, - 256, - }, -#endif /* OPENSSL_NO_GOST */ + 1, + "GOST2012-MAGMA-MAGMAOMAC", + NULL, + 0x0300C101, + SSL_kGOST18, + SSL_aGOST12, + SSL_MAGMA, + SSL_MAGMAOMAC, + TLS1_2_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE, + 256, + 256, + }, +#endif /* OPENSSL_NO_GOST */ { - 1, - SSL3_TXT_RSA_IDEA_128_SHA, - SSL3_RFC_RSA_IDEA_128_SHA, - SSL3_CK_RSA_IDEA_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_IDEA, - SSL_SHA1, - SSL3_VERSION, TLS1_1_VERSION, - DTLS1_BAD_VER, DTLS1_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + SSL3_TXT_RSA_IDEA_128_SHA, + SSL3_RFC_RSA_IDEA_128_SHA, + SSL3_CK_RSA_IDEA_128_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_IDEA, + SSL_SHA1, + SSL3_VERSION, + TLS1_1_VERSION, + DTLS1_BAD_VER, + DTLS1_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_RSA_WITH_SEED_SHA, - TLS1_RFC_RSA_WITH_SEED_SHA, - TLS1_CK_RSA_WITH_SEED_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_SEED, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_RSA_WITH_SEED_SHA, + TLS1_RFC_RSA_WITH_SEED_SHA, + TLS1_CK_RSA_WITH_SEED_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_SEED, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_DSS_WITH_SEED_SHA, - TLS1_RFC_DHE_DSS_WITH_SEED_SHA, - TLS1_CK_DHE_DSS_WITH_SEED_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_SEED, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_DSS_WITH_SEED_SHA, + TLS1_RFC_DHE_DSS_WITH_SEED_SHA, + TLS1_CK_DHE_DSS_WITH_SEED_SHA, + SSL_kDHE, + SSL_aDSS, + SSL_SEED, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_SEED_SHA, - TLS1_RFC_DHE_RSA_WITH_SEED_SHA, - TLS1_CK_DHE_RSA_WITH_SEED_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_SEED, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_SEED_SHA, + TLS1_RFC_DHE_RSA_WITH_SEED_SHA, + TLS1_CK_DHE_RSA_WITH_SEED_SHA, + SSL_kDHE, + SSL_aRSA, + SSL_SEED, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_ADH_WITH_SEED_SHA, - TLS1_RFC_ADH_WITH_SEED_SHA, - TLS1_CK_ADH_WITH_SEED_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_SEED, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_ADH_WITH_SEED_SHA, + TLS1_RFC_ADH_WITH_SEED_SHA, + TLS1_CK_ADH_WITH_SEED_SHA, + SSL_kDHE, + SSL_aNULL, + SSL_SEED, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + DTLS1_BAD_VER, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { - 1, - SSL3_TXT_RSA_RC4_128_MD5, - SSL3_RFC_RSA_RC4_128_MD5, - SSL3_CK_RSA_RC4_128_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + SSL3_TXT_RSA_RC4_128_MD5, + SSL3_RFC_RSA_RC4_128_MD5, + SSL3_CK_RSA_RC4_128_MD5, + SSL_kRSA, + SSL_aRSA, + SSL_RC4, + SSL_MD5, + SSL3_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - SSL3_TXT_RSA_RC4_128_SHA, - SSL3_RFC_RSA_RC4_128_SHA, - SSL3_CK_RSA_RC4_128_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + SSL3_TXT_RSA_RC4_128_SHA, + SSL3_RFC_RSA_RC4_128_SHA, + SSL3_CK_RSA_RC4_128_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - SSL3_TXT_ADH_RC4_128_MD5, - SSL3_RFC_ADH_RC4_128_MD5, - SSL3_CK_ADH_RC4_128_MD5, - SSL_kDHE, - SSL_aNULL, - SSL_RC4, - SSL_MD5, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + SSL3_TXT_ADH_RC4_128_MD5, + SSL3_RFC_ADH_RC4_128_MD5, + SSL3_CK_ADH_RC4_128_MD5, + SSL_kDHE, + SSL_aNULL, + SSL_RC4, + SSL_MD5, + SSL3_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA, - TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA, - SSL_kECDHEPSK, - SSL_aPSK, - SSL_RC4, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA, + TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_RC4, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, - TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA, - TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, - SSL_kECDHE, - SSL_aNULL, - SSL_RC4, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, + TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA, + TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, + SSL_kECDHE, + SSL_aNULL, + SSL_RC4, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, - SSL_kECDHE, - SSL_aECDSA, - SSL_RC4, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, + SSL_kECDHE, + SSL_aECDSA, + SSL_RC4, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, - TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, - SSL_kECDHE, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, + TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, + SSL_kECDHE, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, + TLS1_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_PSK_WITH_RC4_128_SHA, - TLS1_RFC_PSK_WITH_RC4_128_SHA, - TLS1_CK_PSK_WITH_RC4_128_SHA, - SSL_kPSK, - SSL_aPSK, - SSL_RC4, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_PSK_WITH_RC4_128_SHA, + TLS1_RFC_PSK_WITH_RC4_128_SHA, + TLS1_CK_PSK_WITH_RC4_128_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA, - TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA, - TLS1_CK_RSA_PSK_WITH_RC4_128_SHA, - SSL_kRSAPSK, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, + 1, + TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA, + TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA, + TLS1_CK_RSA_PSK_WITH_RC4_128_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA, - TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA, - TLS1_CK_DHE_PSK_WITH_RC4_128_SHA, - SSL_kDHEPSK, - SSL_aPSK, - SSL_RC4, - SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - 0, 0, - SSL_NOT_DEFAULT | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, -#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */ + 1, + TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA, + TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA, + TLS1_CK_DHE_PSK_WITH_RC4_128_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_RC4, + SSL_SHA1, + SSL3_VERSION, + TLS1_2_VERSION, + 0, + 0, + SSL_NOT_DEFAULT | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, +#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */ { - 1, - TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256, - TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256, - TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256, - SSL_kRSA, - SSL_aRSA, - SSL_ARIA128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384, - TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384, - TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384, - SSL_kRSA, - SSL_aRSA, - SSL_ARIA256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384, + SSL_kRSA, + SSL_aRSA, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256, - TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256, - TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256, - SSL_kDHE, - SSL_aRSA, - SSL_ARIA128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256, + SSL_kDHE, + SSL_aRSA, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384, - TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384, - TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384, - SSL_kDHE, - SSL_aRSA, - SSL_ARIA256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384, + SSL_kDHE, + SSL_aRSA, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256, - TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256, - TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256, - SSL_kDHE, - SSL_aDSS, - SSL_ARIA128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256, + SSL_kDHE, + SSL_aDSS, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384, - TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384, - TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384, - SSL_kDHE, - SSL_aDSS, - SSL_ARIA256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384, + SSL_kDHE, + SSL_aDSS, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, - TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, - SSL_kECDHE, - SSL_aECDSA, - SSL_ARIA128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, + SSL_kECDHE, + SSL_aECDSA, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, - TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, - SSL_kECDHE, - SSL_aECDSA, - SSL_ARIA256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, + SSL_kECDHE, + SSL_aECDSA, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, - TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, - TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, - SSL_kECDHE, - SSL_aRSA, - SSL_ARIA128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, + SSL_kECDHE, + SSL_aRSA, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, - TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, - TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, - SSL_kECDHE, - SSL_aRSA, - SSL_ARIA256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, + SSL_kECDHE, + SSL_aRSA, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256, - TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256, - TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256, - SSL_kPSK, - SSL_aPSK, - SSL_ARIA128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384, - TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384, - TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384, - SSL_kPSK, - SSL_aPSK, - SSL_ARIA256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256, - TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256, - TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256, - SSL_kDHEPSK, - SSL_aPSK, - SSL_ARIA128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384, - TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384, - TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384, - SSL_kDHEPSK, - SSL_aPSK, - SSL_ARIA256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, { - 1, - TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256, - TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256, - TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256, - SSL_kRSAPSK, - SSL_aRSA, - SSL_ARIA128GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, + 1, + TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256, + SSL_kRSAPSK, + SSL_aRSA, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, { - 1, - TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384, - TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384, - TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384, - SSL_kRSAPSK, - SSL_aRSA, - SSL_ARIA256GCM, - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, + 1, + TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, + TLS1_2_VERSION, + DTLS1_2_VERSION, + DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, }; /* @@ -3221,18 +3615,40 @@ static SSL_CIPHER ssl3_ciphers[] = { */ static SSL_CIPHER ssl3_scsvs[] = { { - 0, - "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", - "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", - SSL3_CK_SCSV, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, + "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", + "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", + SSL3_CK_SCSV, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, }, { - 0, - "TLS_FALLBACK_SCSV", - "TLS_FALLBACK_SCSV", - SSL3_CK_FALLBACK_SCSV, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, + "TLS_FALLBACK_SCSV", + "TLS_FALLBACK_SCSV", + SSL3_CK_FALLBACK_SCSV, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, }, }; @@ -3249,15 +3665,15 @@ static int cipher_compare(const void *a, const void *b) void ssl_sort_cipher_list(void) { qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]), - cipher_compare); + cipher_compare); qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]), - cipher_compare); + cipher_compare); qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare); } static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s, - const char * t, size_t u, - const unsigned char * v, size_t w, int x) + const char *t, size_t u, + const unsigned char *v, size_t w, int x) { (void)r; (void)s; @@ -3316,7 +3732,7 @@ int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype) /* Set the content type and 3 bytes for the message len */ if (!WPACKET_put_bytes_u8(pkt, htype) - || !WPACKET_start_sub_packet_u24(pkt)) + || !WPACKET_start_sub_packet_u24(pkt)) return 0; return 1; @@ -3440,46 +3856,42 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ret = (int)(s->s3.flags); break; #if !defined(OPENSSL_NO_DEPRECATED_3_0) - case SSL_CTRL_SET_TMP_DH: - { - EVP_PKEY *pkdh = NULL; - if (parg == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - pkdh = ssl_dh_to_pkey(parg); - if (pkdh == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!SSL_set0_tmp_dh_pkey(s, pkdh)) { - EVP_PKEY_free(pkdh); - return 0; - } - return 1; + case SSL_CTRL_SET_TMP_DH: { + EVP_PKEY *pkdh = NULL; + if (parg == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + return 0; } - break; - case SSL_CTRL_SET_TMP_DH_CB: - { - ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return ret; + pkdh = ssl_dh_to_pkey(parg); + if (pkdh == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + return 0; } + if (!SSL_set0_tmp_dh_pkey(s, pkdh)) { + EVP_PKEY_free(pkdh); + return 0; + } + return 1; + } break; + case SSL_CTRL_SET_TMP_DH_CB: { + ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return ret; + } #endif case SSL_CTRL_SET_DH_AUTO: s->cert->dh_tmp_auto = larg; return 1; #if !defined(OPENSSL_NO_DEPRECATED_3_0) - case SSL_CTRL_SET_TMP_ECDH: - { - if (parg == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups, - &s->ext.supportedgroups_len, - parg); + case SSL_CTRL_SET_TMP_ECDH: { + if (parg == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + return 0; } -#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ + return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups, + &s->ext.supportedgroups_len, + parg); + } +#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ case SSL_CTRL_SET_TLSEXT_HOSTNAME: /* * This API is only used for a client to set what SNI it will request @@ -3549,7 +3961,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: *(unsigned char **)parg = s->ext.ocsp.resp; if (s->ext.ocsp.resp_len == 0 - || s->ext.ocsp.resp_len > LONG_MAX) + || s->ext.ocsp.resp_len > LONG_MAX) return -1; return (long)s->ext.ocsp.resp_len; @@ -3601,59 +4013,56 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } return ssl_cert_set_current(s->cert, larg); - case SSL_CTRL_GET_GROUPS: - { - uint16_t *clist; - size_t clistlen; + case SSL_CTRL_GET_GROUPS: { + uint16_t *clist; + size_t clistlen; - if (!s->session) - return 0; - clist = s->ext.peer_supportedgroups; - clistlen = s->ext.peer_supportedgroups_len; - if (parg) { - size_t i; - int *cptr = parg; + if (!s->session) + return 0; + clist = s->ext.peer_supportedgroups; + clistlen = s->ext.peer_supportedgroups_len; + if (parg) { + size_t i; + int *cptr = parg; - for (i = 0; i < clistlen; i++) { - const TLS_GROUP_INFO *cinf - = tls1_group_id_lookup(s->ctx, clist[i]); + for (i = 0; i < clistlen; i++) { + const TLS_GROUP_INFO *cinf + = tls1_group_id_lookup(s->ctx, clist[i]); - if (cinf != NULL) - cptr[i] = tls1_group_id2nid(cinf->group_id, 1); - else - cptr[i] = TLSEXT_nid_unknown | clist[i]; - } + if (cinf != NULL) + cptr[i] = tls1_group_id2nid(cinf->group_id, 1); + else + cptr[i] = TLSEXT_nid_unknown | clist[i]; } - return (int)clistlen; } + return (int)clistlen; + } case SSL_CTRL_SET_GROUPS: return tls1_set_groups(&s->ext.supportedgroups, - &s->ext.supportedgroups_len, parg, larg); + &s->ext.supportedgroups_len, parg, larg); case SSL_CTRL_SET_GROUPS_LIST: return tls1_set_groups_list(s->ctx, &s->ext.supportedgroups, - &s->ext.supportedgroups_len, parg); + &s->ext.supportedgroups_len, parg); - case SSL_CTRL_GET_SHARED_GROUP: - { - uint16_t id = tls1_shared_group(s, larg); + case SSL_CTRL_GET_SHARED_GROUP: { + uint16_t id = tls1_shared_group(s, larg); - if (larg != -1) - return tls1_group_id2nid(id, 1); - return id; - } - case SSL_CTRL_GET_NEGOTIATED_GROUP: - { - unsigned int id; + if (larg != -1) + return tls1_group_id2nid(id, 1); + return id; + } + case SSL_CTRL_GET_NEGOTIATED_GROUP: { + unsigned int id; - if (SSL_IS_TLS13(s) && s->s3.did_kex) - id = s->s3.group_id; - else - id = s->session->kex_group; - ret = tls1_group_id2nid(id, 1); - break; - } + if (SSL_IS_TLS13(s) && s->s3.did_kex) + id = s->s3.group_id; + else + id = s->session->kex_group; + ret = tls1_group_id2nid(id, 1); + break; + } case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(s->cert, parg, larg, 0); @@ -3666,15 +4075,14 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: return tls1_set_sigalgs_list(s->cert, parg, 1); - case SSL_CTRL_GET_CLIENT_CERT_TYPES: - { - const unsigned char **pctype = parg; - if (s->server || !s->s3.tmp.cert_req) - return 0; - if (pctype) - *pctype = s->s3.tmp.ctype; - return s->s3.tmp.ctype_len; - } + case SSL_CTRL_GET_CLIENT_CERT_TYPES: { + const unsigned char **pctype = parg; + if (s->server || !s->s3.tmp.cert_req) + return 0; + if (pctype) + *pctype = s->s3.tmp.ctype; + return s->s3.tmp.ctype_len; + } case SSL_CTRL_SET_CLIENT_CERT_TYPES: if (!s->server) @@ -3726,15 +4134,14 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return 1; } - case SSL_CTRL_GET_EC_POINT_FORMATS: - { - const unsigned char **pformat = parg; + case SSL_CTRL_GET_EC_POINT_FORMATS: { + const unsigned char **pformat = parg; - if (s->ext.peer_ecpointformats == NULL) - return 0; - *pformat = s->ext.peer_ecpointformats; - return (int)s->ext.peer_ecpointformats_len; - } + if (s->ext.peer_ecpointformats == NULL) + return 0; + *pformat = s->ext.peer_ecpointformats; + return (int)s->ext.peer_ecpointformats_len; + } default: break; @@ -3742,20 +4149,20 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return ret; } -long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) +long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { int ret = 0; switch (cmd) { #if !defined(OPENSSL_NO_DEPRECATED_3_0) case SSL_CTRL_SET_TMP_DH_CB: - s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; + s->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int)) fp; ret = 1; break; #endif case SSL_CTRL_SET_TLSEXT_DEBUG_CB: s->ext.debug_cb = (void (*)(SSL *, int, int, - const unsigned char *, int, void *))fp; + const unsigned char *, int, void *))fp; ret = 1; break; @@ -3773,84 +4180,76 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { switch (cmd) { #if !defined(OPENSSL_NO_DEPRECATED_3_0) - case SSL_CTRL_SET_TMP_DH: - { - EVP_PKEY *pkdh = NULL; - if (parg == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - pkdh = ssl_dh_to_pkey(parg); - if (pkdh == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) { - EVP_PKEY_free(pkdh); - return 0; - } - return 1; + case SSL_CTRL_SET_TMP_DH: { + EVP_PKEY *pkdh = NULL; + if (parg == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + return 0; } - case SSL_CTRL_SET_TMP_DH_CB: - { - ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + pkdh = ssl_dh_to_pkey(parg); + if (pkdh == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 0; } + if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) { + EVP_PKEY_free(pkdh); + return 0; + } + return 1; + } + case SSL_CTRL_SET_TMP_DH_CB: { + ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } #endif case SSL_CTRL_SET_DH_AUTO: ctx->cert->dh_tmp_auto = larg; return 1; #if !defined(OPENSSL_NO_DEPRECATED_3_0) - case SSL_CTRL_SET_TMP_ECDH: - { - if (parg == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups, - &ctx->ext.supportedgroups_len, - parg); + case SSL_CTRL_SET_TMP_ECDH: { + if (parg == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + return 0; } -#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ + return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups, + &ctx->ext.supportedgroups_len, + parg); + } +#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: ctx->ext.servername_arg = parg; break; case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: - case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: - { - unsigned char *keys = parg; - long tick_keylen = (sizeof(ctx->ext.tick_key_name) + - sizeof(ctx->ext.secure->tick_hmac_key) + - sizeof(ctx->ext.secure->tick_aes_key)); - if (keys == NULL) - return tick_keylen; - if (larg != tick_keylen) { - ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH); - return 0; - } - if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { - memcpy(ctx->ext.tick_key_name, keys, - sizeof(ctx->ext.tick_key_name)); - memcpy(ctx->ext.secure->tick_hmac_key, - keys + sizeof(ctx->ext.tick_key_name), - sizeof(ctx->ext.secure->tick_hmac_key)); - memcpy(ctx->ext.secure->tick_aes_key, - keys + sizeof(ctx->ext.tick_key_name) + - sizeof(ctx->ext.secure->tick_hmac_key), - sizeof(ctx->ext.secure->tick_aes_key)); - } else { - memcpy(keys, ctx->ext.tick_key_name, - sizeof(ctx->ext.tick_key_name)); - memcpy(keys + sizeof(ctx->ext.tick_key_name), - ctx->ext.secure->tick_hmac_key, - sizeof(ctx->ext.secure->tick_hmac_key)); - memcpy(keys + sizeof(ctx->ext.tick_key_name) + - sizeof(ctx->ext.secure->tick_hmac_key), - ctx->ext.secure->tick_aes_key, - sizeof(ctx->ext.secure->tick_aes_key)); - } - return 1; + case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: { + unsigned char *keys = parg; + long tick_keylen = (sizeof(ctx->ext.tick_key_name) + sizeof(ctx->ext.secure->tick_hmac_key) + sizeof(ctx->ext.secure->tick_aes_key)); + if (keys == NULL) + return tick_keylen; + if (larg != tick_keylen) { + ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH); + return 0; } + if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { + memcpy(ctx->ext.tick_key_name, keys, + sizeof(ctx->ext.tick_key_name)); + memcpy(ctx->ext.secure->tick_hmac_key, + keys + sizeof(ctx->ext.tick_key_name), + sizeof(ctx->ext.secure->tick_hmac_key)); + memcpy(ctx->ext.secure->tick_aes_key, + keys + sizeof(ctx->ext.tick_key_name) + sizeof(ctx->ext.secure->tick_hmac_key), + sizeof(ctx->ext.secure->tick_aes_key)); + } else { + memcpy(keys, ctx->ext.tick_key_name, + sizeof(ctx->ext.tick_key_name)); + memcpy(keys + sizeof(ctx->ext.tick_key_name), + ctx->ext.secure->tick_hmac_key, + sizeof(ctx->ext.secure->tick_hmac_key)); + memcpy(keys + sizeof(ctx->ext.tick_key_name) + sizeof(ctx->ext.secure->tick_hmac_key), + ctx->ext.secure->tick_aes_key, + sizeof(ctx->ext.secure->tick_aes_key)); + } + return 1; + } case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: return ctx->ext.status_type; @@ -3864,11 +4263,11 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return 1; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG: - *(void**)parg = ctx->ext.status_arg; + *(void **)parg = ctx->ext.status_arg; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB: - *(int (**)(SSL*, void*))parg = ctx->ext.status_cb; + *(int (**)(SSL *, void *))parg = ctx->ext.status_cb; break; #ifndef OPENSSL_NO_SRP @@ -3888,8 +4287,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) } break; case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: - ctx->srp_ctx.SRP_give_srp_client_pwd_callback = - srp_password_from_info_cb; + ctx->srp_ctx.SRP_give_srp_client_pwd_callback = srp_password_from_info_cb; if (ctx->srp_ctx.info != NULL) OPENSSL_free(ctx->srp_ctx.info); if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) { @@ -3909,13 +4307,13 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SET_GROUPS: return tls1_set_groups(&ctx->ext.supportedgroups, - &ctx->ext.supportedgroups_len, - parg, larg); + &ctx->ext.supportedgroups_len, + parg, larg); case SSL_CTRL_SET_GROUPS_LIST: return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups, - &ctx->ext.supportedgroups_len, - parg); + &ctx->ext.supportedgroups_len, + parg); case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(ctx->cert, parg, larg, 0); @@ -4001,15 +4399,13 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return 1; } -long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) +long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { switch (cmd) { #if !defined(OPENSSL_NO_DEPRECATED_3_0) - case SSL_CTRL_SET_TMP_DH_CB: - { - ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; - } - break; + case SSL_CTRL_SET_TMP_DH_CB: { + ctx->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int)) fp; + } break; #endif case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp; @@ -4019,12 +4415,12 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) ctx->ext.status_cb = (int (*)(SSL *, void *))fp; break; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *, - unsigned char *, - EVP_CIPHER_CTX *, - HMAC_CTX *, int))fp; + unsigned char *, + EVP_CIPHER_CTX *, + HMAC_CTX *, int))fp; break; #endif @@ -4035,29 +4431,23 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) break; case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB: ctx->srp_ctx.srp_Mask |= SSL_kSRP; - ctx->srp_ctx.TLS_ext_srp_username_callback = - (int (*)(SSL *, int *, void *))fp; + ctx->srp_ctx.TLS_ext_srp_username_callback = (int (*)(SSL *, int *, void *))fp; break; case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB: ctx->srp_ctx.srp_Mask |= SSL_kSRP; - ctx->srp_ctx.SRP_give_srp_client_pwd_callback = - (char *(*)(SSL *, void *))fp; + ctx->srp_ctx.SRP_give_srp_client_pwd_callback = (char *(*)(SSL *, void *))fp; break; #endif - case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB: - { - ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp; - } - break; + case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB: { + ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp; + } break; default: return 0; } return 1; } -int SSL_CTX_set_tlsext_ticket_key_evp_cb - (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *, - EVP_CIPHER_CTX *, EVP_MAC_CTX *, int)) +int SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *, EVP_CIPHER_CTX *, EVP_MAC_CTX *, int)) { ctx->ext.ticket_key_evp_cb = fp; return 1; @@ -4081,9 +4471,8 @@ const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id) const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname) { SSL_CIPHER *tbl; - SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs}; - size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS, - SSL3_NUM_SCSVS}; + SSL_CIPHER *alltabs[] = { tls13_ciphers, ssl3_ciphers, ssl3_scsvs }; + size_t i, j, tblsize[] = { TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS, SSL3_NUM_SCSVS }; /* this is not efficient, necessary to optimize this? */ for (j = 0; j < OSSL_NELEM(alltabs); j++) { @@ -4105,8 +4494,8 @@ const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname) const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) { return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG - | ((uint32_t)p[0] << 8L) - | (uint32_t)p[1]); + | ((uint32_t)p[0] << 8L) + | (uint32_t)p[1]); } int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) @@ -4132,7 +4521,7 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) * Returns the selected cipher or NULL when no common ciphers. */ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, - STACK_OF(SSL_CIPHER) *srvr) + STACK_OF(SSL_CIPHER) *srvr) { const SSL_CIPHER *c, *ret = NULL; STACK_OF(SSL_CIPHER) *prio, *allow; @@ -4149,20 +4538,22 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, * pay with the price of sk_SSL_CIPHER_dup(). */ - OSSL_TRACE_BEGIN(TLS_CIPHER) { + OSSL_TRACE_BEGIN(TLS_CIPHER) + { BIO_printf(trc_out, "Server has %d from %p:\n", - sk_SSL_CIPHER_num(srvr), (void *)srvr); + sk_SSL_CIPHER_num(srvr), (void *)srvr); for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) { c = sk_SSL_CIPHER_value(srvr, i); BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name); } BIO_printf(trc_out, "Client sent %d from %p:\n", - sk_SSL_CIPHER_num(clnt), (void *)clnt); + sk_SSL_CIPHER_num(clnt), (void *)clnt); for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) { c = sk_SSL_CIPHER_value(clnt, i); BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name); } - } OSSL_TRACE_END(TLS_CIPHER); + } + OSSL_TRACE_END(TLS_CIPHER); /* SUITE-B takes precedence over server preference and ChaCha priortiy */ if (tls1_suiteb(s)) { @@ -4227,7 +4618,8 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, * that. */ if (s->psk_server_callback != NULL) { - for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++); + for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++) + ; if (j == SSL_PKEY_NUM) { /* There are no certificates */ prefer_sha256 = 1; @@ -4243,12 +4635,9 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, c = sk_SSL_CIPHER_value(prio, i); /* Skip ciphers not supported by the protocol version */ - if (!SSL_IS_DTLS(s) && - ((s->version < c->min_tls) || (s->version > c->max_tls))) + if (!SSL_IS_DTLS(s) && ((s->version < c->min_tls) || (s->version > c->max_tls))) continue; - if (SSL_IS_DTLS(s) && - (DTLS_VERSION_LT(s->version, c->min_dtls) || - DTLS_VERSION_GT(s->version, c->max_dtls))) + if (SSL_IS_DTLS(s) && (DTLS_VERSION_LT(s->version, c->min_dtls) || DTLS_VERSION_GT(s->version, c->max_dtls))) continue; /* @@ -4272,12 +4661,12 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, /* with PSK there must be server callback set */ if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL) continue; -#endif /* OPENSSL_NO_PSK */ +#endif /* OPENSSL_NO_PSK */ ok = (alg_k & mask_k) && (alg_a & mask_a); OSSL_TRACE7(TLS_CIPHER, - "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", - ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name); + "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", + ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name); /* * if we are considering an ECC cipher suite that uses an ephemeral @@ -4293,7 +4682,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (ii >= 0) { /* Check security callback permits this cipher */ if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED, - c->strength_bits, 0, (void *)c)) + c->strength_bits, 0, (void *)c)) continue; if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA) @@ -4308,7 +4697,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, const EVP_MD *md = ssl_md(s->ctx, tmp->algorithm2); if (md != NULL - && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) { + && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) { ret = tmp; break; } @@ -4357,7 +4746,7 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH)) return 0; if (!(alg_a & SSL_aDSS) - && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH)) + && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH)) return 0; } if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN)) @@ -4370,8 +4759,8 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) * need to check for SSL_kECDH or SSL_kECDHE */ if (s->version >= TLS1_VERSION - && !(alg_a & SSL_aECDSA) - && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN)) + && !(alg_a & SSL_aECDSA) + && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN)) return 0; return 1; @@ -4414,7 +4803,7 @@ int ssl3_shutdown(SSL *s) * written, s->s3.alert_dispatch will be true */ if (s->s3.alert_dispatch) - return -1; /* return WANT_WRITE */ + return -1; /* return WANT_WRITE */ } else if (s->s3.alert_dispatch) { /* resend it if not sent */ ret = s->method->ssl_dispatch_alert(s); @@ -4433,12 +4822,11 @@ int ssl3_shutdown(SSL *s) */ s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes); if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { - return -1; /* return WANT_READ */ + return -1; /* return WANT_READ */ } } - if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) && - !s->s3.alert_dispatch) + if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) && !s->s3.alert_dispatch) return 1; else return 0; @@ -4451,11 +4839,11 @@ int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written) ssl3_renegotiate_check(s, 0); return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, - written); + written); } static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek, - size_t *readbytes) + size_t *readbytes) { int ret; @@ -4463,9 +4851,8 @@ static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek, if (s->s3.renegotiate) ssl3_renegotiate_check(s, 0); s->s3.in_read_app_data = 1; - ret = - s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len, - peek, readbytes); + ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len, + peek, readbytes); if ((ret == -1) && (s->s3.in_read_app_data == 2)) { /* * ssl3_read_bytes decided to call s->handshake_func, which called @@ -4475,9 +4862,8 @@ static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek, * application data again. */ ossl_statem_set_in_handshake(s, 1); - ret = - s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, - len, peek, readbytes); + ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, + len, peek, readbytes); ossl_statem_set_in_handshake(s, 0); } else s->s3.in_read_app_data = 0; @@ -4562,7 +4948,7 @@ long ssl_get_algorithm2(SSL *s) * failure, 1 on success. */ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, - DOWNGRADE dgrd) + DOWNGRADE dgrd) { int send_time = 0, ret; @@ -4584,21 +4970,21 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, if (ret > 0) { if (!ossl_assert(sizeof(tls11downgrade) < len) - || !ossl_assert(sizeof(tls12downgrade) < len)) - return 0; + || !ossl_assert(sizeof(tls12downgrade) < len)) + return 0; if (dgrd == DOWNGRADE_TO_1_2) memcpy(result + len - sizeof(tls12downgrade), tls12downgrade, - sizeof(tls12downgrade)); + sizeof(tls12downgrade)); else if (dgrd == DOWNGRADE_TO_1_1) memcpy(result + len - sizeof(tls11downgrade), tls11downgrade, - sizeof(tls11downgrade)); + sizeof(tls11downgrade)); } return ret; } int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, - int free_pms) + int free_pms) { unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; int ret = 0; @@ -4633,8 +5019,8 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, s->s3.tmp.psk = NULL; s->s3.tmp.psklen = 0; if (!s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, pskpms, pskpmslen, - &s->session->master_key_length)) { + s->session->master_key, pskpms, pskpmslen, + &s->session->master_key_length)) { OPENSSL_clear_free(pskpms, pskpmslen); /* SSLfatal() already called */ goto err; @@ -4654,7 +5040,7 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, } ret = 1; - err: +err: if (pms) { if (free_pms) OPENSSL_clear_free(pms, pmslen); @@ -4686,7 +5072,7 @@ EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm) pkey = NULL; } - err: +err: EVP_PKEY_CTX_free(pctx); return pkey; } @@ -4704,7 +5090,7 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) } pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm, - s->ctx->propq); + s->ctx->propq); if (pctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); @@ -4724,7 +5110,7 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) pkey = NULL; } - err: +err: EVP_PKEY_CTX_free(pctx); return pkey; } @@ -4742,7 +5128,7 @@ EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id) goto err; pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm, - s->ctx->propq); + s->ctx->propq); if (pctx == NULL) goto err; @@ -4757,7 +5143,7 @@ EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id) pkey = NULL; } - err: +err: EVP_PKEY_CTX_free(pctx); return pkey; } @@ -4775,8 +5161,8 @@ int ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen) */ if (!s->hit) rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, - 0, - (unsigned char *)&s->early_secret); + 0, + (unsigned char *)&s->early_secret); else rv = 1; @@ -4810,7 +5196,7 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret) goto err; } - if (SSL_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH")) + if (SSL_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH")) EVP_PKEY_CTX_set_dh_pad(pctx, 1); pms = OPENSSL_malloc(pmslen); @@ -4838,7 +5224,7 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret) rv = 1; } - err: +err: OPENSSL_clear_free(pms, pmslen); EVP_PKEY_CTX_free(pctx); return rv; @@ -4846,8 +5232,8 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret) /* Decapsulate secrets for KEM */ int ssl_decapsulate(SSL *s, EVP_PKEY *privkey, - const unsigned char *ct, size_t ctlen, - int gensecret) + const unsigned char *ct, size_t ctlen, + int gensecret) { int rv = 0; unsigned char *pms = NULL; @@ -4862,7 +5248,7 @@ int ssl_decapsulate(SSL *s, EVP_PKEY *privkey, pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq); if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0 - || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) { + || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -4889,15 +5275,15 @@ int ssl_decapsulate(SSL *s, EVP_PKEY *privkey, rv = 1; } - err: +err: OPENSSL_clear_free(pms, pmslen); EVP_PKEY_CTX_free(pctx); return rv; } int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey, - unsigned char **ctp, size_t *ctlenp, - int gensecret) + unsigned char **ctp, size_t *ctlenp, + int gensecret) { int rv = 0; unsigned char *pms = NULL, *ct = NULL; @@ -4912,8 +5298,8 @@ int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey, pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pubkey, s->ctx->propq); if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0 - || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0 - || pmslen == 0 || ctlen == 0) { + || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0 + || pmslen == 0 || ctlen == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -4948,14 +5334,15 @@ int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey, ct = NULL; } - err: +err: OPENSSL_clear_free(pms, pmslen); OPENSSL_free(ct); EVP_PKEY_CTX_free(pctx); return rv; } -const char *SSL_group_to_name(SSL *s, int nid) { +const char *SSL_group_to_name(SSL *s, int nid) +{ int group_id = 0; const TLS_GROUP_INFO *cinf = NULL; diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index c0f0dbc17dcc..f2f2c595e3e7 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c @@ -76,13 +76,13 @@ int ssl3_dispatch_alert(SSL *s) { int i, j; size_t alertlen; - void (*cb) (const SSL *ssl, int type, int val) = NULL; + void (*cb)(const SSL *ssl, int type, int val) = NULL; size_t written; s->s3.alert_dispatch = 0; alertlen = 2; i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3.send_alert[0], &alertlen, 1, 0, - &written); + &written); if (i <= 0) { s->s3.alert_dispatch = 1; } else { @@ -94,7 +94,7 @@ int ssl3_dispatch_alert(SSL *s) if (s->msg_callback) s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert, - 2, s, s->msg_callback_arg); + 2, s, s->msg_callback_arg); if (s->info_callback != NULL) cb = s->info_callback; diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 3503fdc21060..081f7f28475b 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -78,14 +78,14 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = { ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, kex_group, UINT32, 19) } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1) -IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1) + IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1) /* Utility functions for i2d_SSL_SESSION */ /* Initialise OCTET STRING from buffer and length */ static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, - const unsigned char *data, size_t len) + const unsigned char *data, size_t len) { os->data = (unsigned char *)data; /* justified cast: data is not modified */ os->length = (int)len; @@ -95,7 +95,7 @@ static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, /* Initialise OCTET STRING from string */ static void ssl_session_sinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, - const char *data) + const char *data) { if (data != NULL) ssl_session_oinit(dest, os, (const unsigned char *)data, strlen(data)); @@ -155,13 +155,13 @@ int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp) #endif ssl_session_oinit(&as.master_key, &master_key, - in->master_key, in->master_key_length); + in->master_key, in->master_key_length); ssl_session_oinit(&as.session_id, &session_id, - in->session_id, in->session_id_length); + in->session_id, in->session_id_length); ssl_session_oinit(&as.session_id_context, &sid_ctx, - in->sid_ctx, in->sid_ctx_length); + in->sid_ctx, in->sid_ctx_length); as.time = (int64_t)in->time; as.timeout = (int64_t)in->timeout; @@ -170,22 +170,22 @@ int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp) as.peer = in->peer; ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname, - in->ext.hostname); + in->ext.hostname); if (in->ext.tick) { ssl_session_oinit(&as.tlsext_tick, &tlsext_tick, - in->ext.tick, in->ext.ticklen); + in->ext.tick, in->ext.ticklen); } if (in->ext.tick_lifetime_hint > 0) as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint; as.tlsext_tick_age_add = in->ext.tick_age_add; #ifndef OPENSSL_NO_PSK ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint, - in->psk_identity_hint); + in->psk_identity_hint); ssl_session_sinit(&as.psk_identity, &psk_identity, in->psk_identity); -#endif /* OPENSSL_NO_PSK */ +#endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP ssl_session_sinit(&as.srp_username, &srp_username, in->srp_username); -#endif /* OPENSSL_NO_SRP */ +#endif /* OPENSSL_NO_SRP */ as.flags = in->flags; as.max_early_data = in->ext.max_early_data; @@ -194,7 +194,7 @@ int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp) as.alpn_selected = NULL; else ssl_session_oinit(&as.alpn_selected, &alpn_selected, - in->ext.alpn_selected, in->ext.alpn_selected_len); + in->ext.alpn_selected, in->ext.alpn_selected_len); as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode; @@ -202,10 +202,9 @@ int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp) as.ticket_appdata = NULL; else ssl_session_oinit(&as.ticket_appdata, &ticket_appdata, - in->ticket_appdata, in->ticket_appdata_len); + in->ticket_appdata, in->ticket_appdata_len); return i2d_SSL_SESSION_ASN1(&as, pp); - } /* Utility functions for d2i_SSL_SESSION */ @@ -227,7 +226,7 @@ static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src) /* Copy an OCTET STRING, return error if it exceeds maximum length */ static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen, - ASN1_OCTET_STRING *src, size_t maxlen) + ASN1_OCTET_STRING *src, size_t maxlen) { if (src == NULL || src->length == 0) { *pdstlen = 0; @@ -241,7 +240,7 @@ static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen, } SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, - long length) + long length) { long id; size_t tmpl; @@ -284,7 +283,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, } id = 0x03000000L | ((unsigned long)as->cipher->data[0] << 8L) - | (unsigned long)as->cipher->data[1]; + | (unsigned long)as->cipher->data[1]; ret->cipher_id = id; ret->cipher = ssl3_get_cipher_by_id(id); @@ -292,11 +291,11 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, goto err; if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length, - as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH)) + as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH)) goto err; if (!ssl_session_memcpy(ret->master_key, &tmpl, - as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH)) + as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH)) goto err; ret->master_key_length = tmpl; @@ -317,7 +316,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, as->peer = NULL; if (!ssl_session_memcpy(ret->sid_ctx, &ret->sid_ctx_length, - as->session_id_context, SSL_MAX_SID_CTX_LENGTH)) + as->session_id_context, SSL_MAX_SID_CTX_LENGTH)) goto err; /* NB: this defaults to zero which is X509_V_OK */ @@ -358,7 +357,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, #ifndef OPENSSL_NO_SRP if (!ssl_session_strndup(&ret->srp_username, as->srp_username)) goto err; -#endif /* OPENSSL_NO_SRP */ +#endif /* OPENSSL_NO_SRP */ /* Flags defaults to zero which is fine */ ret->flags = (int32_t)as->flags; ret->ext.max_early_data = as->max_early_data; @@ -392,7 +391,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, *pp = p; return ret; - err: +err: M_ASN1_free_of(as, SSL_SESSION_ASN1); if ((a == NULL) || (*a != ret)) SSL_SESSION_free(ret); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index a8d6df924bce..4e3794bffe42 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -25,19 +25,18 @@ #include "ssl_cert_table.h" #include "internal/thread_once.h" #ifndef OPENSSL_NO_POSIX_IO -# include <sys/stat.h> -# ifdef _WIN32 -# define stat _stat -# endif -# ifndef S_ISDIR -# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) -# endif +#include <sys/stat.h> +#ifdef _WIN32 +#define stat _stat +#endif +#ifndef S_ISDIR +#define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +#endif #endif - static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, - int op, int bits, int nid, void *other, - void *ex); + int op, int bits, int nid, void *other, + void *ex); static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT; static volatile int ssl_x509_store_ctx_idx = -1; @@ -45,8 +44,8 @@ static volatile int ssl_x509_store_ctx_idx = -1; DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init) { ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0, - "SSL for verify callback", - NULL, NULL, NULL); + "SSL for verify callback", + NULL, NULL, NULL); return ssl_x509_store_ctx_idx >= 0; } @@ -131,37 +130,36 @@ CERT *ssl_cert_dup(CERT *cert) } if (cert->pkeys[i].serverinfo != NULL) { /* Just copy everything. */ - ret->pkeys[i].serverinfo = - OPENSSL_malloc(cert->pkeys[i].serverinfo_length); + ret->pkeys[i].serverinfo = OPENSSL_malloc(cert->pkeys[i].serverinfo_length); if (ret->pkeys[i].serverinfo == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); goto err; } ret->pkeys[i].serverinfo_length = cert->pkeys[i].serverinfo_length; memcpy(ret->pkeys[i].serverinfo, - cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length); + cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length); } } /* Configured sigalgs copied across */ if (cert->conf_sigalgs) { ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen - * sizeof(*cert->conf_sigalgs)); + * sizeof(*cert->conf_sigalgs)); if (ret->conf_sigalgs == NULL) goto err; memcpy(ret->conf_sigalgs, cert->conf_sigalgs, - cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs)); + cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs)); ret->conf_sigalgslen = cert->conf_sigalgslen; } else ret->conf_sigalgs = NULL; if (cert->client_sigalgs) { ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen - * sizeof(*cert->client_sigalgs)); + * sizeof(*cert->client_sigalgs)); if (ret->client_sigalgs == NULL) goto err; memcpy(ret->client_sigalgs, cert->client_sigalgs, - cert->client_sigalgslen * sizeof(*cert->client_sigalgs)); + cert->client_sigalgslen * sizeof(*cert->client_sigalgs)); ret->client_sigalgslen = cert->client_sigalgslen; } else ret->client_sigalgs = NULL; @@ -203,7 +201,7 @@ CERT *ssl_cert_dup(CERT *cert) #endif return ret; - err: +err: ssl_cert_free(ret); return NULL; @@ -366,7 +364,7 @@ int ssl_cert_set_current(CERT *c, long op) return 0; } -void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg) +void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg) { c->cert_cb = cb; c->cert_cb_arg = arg; @@ -416,8 +414,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) /* Set suite B flags if needed */ X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s)); - if (!X509_STORE_CTX_set_ex_data - (ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) { + if (!X509_STORE_CTX_set_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) { goto end; } @@ -463,13 +460,13 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) /* Move peername from the store context params to the SSL handle's */ X509_VERIFY_PARAM_move_peername(s->param, param); - end: +end: X509_STORE_CTX_free(ctx); return i; } static void set0_CA_list(STACK_OF(X509_NAME) **ca_list, - STACK_OF(X509_NAME) *name_list) + STACK_OF(X509_NAME) *name_list) { sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); *ca_list = name_list; @@ -494,7 +491,7 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk) sk_X509_NAME_pop_free(ret, X509_NAME_free); return NULL; } - sk_X509_NAME_push(ret, name); /* Cannot fail after reserve call */ + sk_X509_NAME_push(ret, name); /* Cannot fail after reserve call */ } return ret; } @@ -543,7 +540,7 @@ STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) { if (!s->server) return s->s3.tmp.peer_ca_names; - return s->client_ca_names != NULL ? s->client_ca_names + return s->client_ca_names != NULL ? s->client_ca_names : s->ctx->client_ca_names; } @@ -626,8 +623,8 @@ static unsigned long xname_hash(const X509_NAME *a) } STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file, - OSSL_LIB_CTX *libctx, - const char *propq) + OSSL_LIB_CTX *libctx, + const char *propq) { BIO *in = BIO_new(BIO_s_file()); X509 *x = NULL; @@ -679,11 +676,11 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file, } goto done; - err: +err: X509_NAME_free(xn); sk_X509_NAME_pop_free(ret, X509_NAME_free); ret = NULL; - done: +done: /* restore the old libctx */ OSSL_LIB_CTX_set0_default(prev_libctx); BIO_free(in); @@ -700,13 +697,13 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) } int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - const char *file) + const char *file) { BIO *in; X509 *x = NULL; X509_NAME *xn = NULL; int ret = 1; - int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b); + int (*oldcmp)(const X509_NAME *const *a, const X509_NAME *const *b); oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp); @@ -740,9 +737,9 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, ERR_clear_error(); goto done; - err: +err: ret = 0; - done: +done: BIO_free(in); X509_free(x); (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); @@ -750,7 +747,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, } int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - const char *dir) + const char *dir) { OPENSSL_DIR_CTX *d = NULL; const char *filename; @@ -791,14 +788,14 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, if (errno) { ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), - "calling OPENSSL_dir_read(%s)", dir); + "calling OPENSSL_dir_read(%s)", dir); ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB); goto err; } ret = 1; - err: +err: if (d) OPENSSL_DIR_end(&d); @@ -806,7 +803,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, } static int add_uris_recursive(STACK_OF(X509_NAME) *stack, - const char *uri, int depth) + const char *uri, int depth) { int ok = 1; OSSL_STORE_CTX *ctx = NULL; @@ -831,7 +828,7 @@ static int add_uris_recursive(STACK_OF(X509_NAME) *stack, */ if (depth > 0) ok = add_uris_recursive(stack, OSSL_STORE_INFO_get0_NAME(info), - depth - 1); + depth - 1); } else if (infotype == OSSL_STORE_INFO_CERT) { if ((x = OSSL_STORE_INFO_get0_CERT(info)) == NULL || (xn = X509_get_subject_name(x)) == NULL @@ -853,19 +850,19 @@ static int add_uris_recursive(STACK_OF(X509_NAME) *stack, ERR_clear_error(); goto done; - err: +err: ok = 0; OSSL_STORE_INFO_free(info); - done: +done: OSSL_STORE_close(ctx); return ok; } int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, - const char *store) + const char *store) { - int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b) + int (*oldcmp)(const X509_NAME *const *a, const X509_NAME *const *b) = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp); int ret = add_uris_recursive(stack, store, 1); @@ -925,7 +922,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) } /* Set suite B flags if needed */ X509_STORE_CTX_set_flags(xs_ctx, - c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS); + c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS); i = X509_verify_cert(xs_ctx); if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR) { @@ -939,7 +936,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) if (i <= 0) { i = X509_STORE_CTX_get_error(xs_ctx); ERR_raise_data(ERR_LIB_SSL, SSL_R_CERTIFICATE_VERIFY_FAILED, - "Verify error:%s", X509_verify_cert_error_string(i)); + "Verify error:%s", X509_verify_cert_error_string(i)); goto err; } @@ -974,7 +971,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) cpk->chain = chain; if (rv == 0) rv = 1; - err: +err: if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) X509_STORE_free(chain_store); X509_STORE_CTX_free(xs_ctx); @@ -1029,8 +1026,8 @@ int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp) } static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, - int op, int bits, int nid, void *other, - void *ex) + int op, int bits, int nid, void *other, + void *ex) { int level, minbits, pfs_mask; @@ -1048,31 +1045,29 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, switch (op) { case SSL_SECOP_CIPHER_SUPPORTED: case SSL_SECOP_CIPHER_SHARED: - case SSL_SECOP_CIPHER_CHECK: - { - const SSL_CIPHER *c = other; - /* No ciphers below security level */ - if (bits < minbits) - return 0; - /* No unauthenticated ciphersuites */ - if (c->algorithm_auth & SSL_aNULL) - return 0; - /* No MD5 mac ciphersuites */ - if (c->algorithm_mac & SSL_MD5) - return 0; - /* SHA1 HMAC is 160 bits of security */ - if (minbits > 160 && c->algorithm_mac & SSL_SHA1) - return 0; - /* Level 2: no RC4 */ - if (level >= 2 && c->algorithm_enc == SSL_RC4) - return 0; - /* Level 3: forward secure ciphersuites only */ - pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK; - if (level >= 3 && c->min_tls != TLS1_3_VERSION && - !(c->algorithm_mkey & pfs_mask)) - return 0; - break; - } + case SSL_SECOP_CIPHER_CHECK: { + const SSL_CIPHER *c = other; + /* No ciphers below security level */ + if (bits < minbits) + return 0; + /* No unauthenticated ciphersuites */ + if (c->algorithm_auth & SSL_aNULL) + return 0; + /* No MD5 mac ciphersuites */ + if (c->algorithm_mac & SSL_MD5) + return 0; + /* SHA1 HMAC is 160 bits of security */ + if (minbits > 160 && c->algorithm_mac & SSL_SHA1) + return 0; + /* Level 2: no RC4 */ + if (level >= 2 && c->algorithm_enc == SSL_RC4) + return 0; + /* Level 3: forward secure ciphersuites only */ + pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK; + if (level >= 3 && c->min_tls != TLS1_3_VERSION && !(c->algorithm_mkey & pfs_mask)) + return 0; + break; + } case SSL_SECOP_VERSION: if (!SSL_IS_DTLS(s)) { /* SSLv3 not allowed at level 2 */ @@ -1114,7 +1109,7 @@ int ssl_security(const SSL *s, int op, int bits, int nid, void *other) int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other) { return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other, - ctx->cert->sec_ex); + ctx->cert->sec_ex); } int ssl_cert_lookup_by_nid(int nid, size_t *pidx) diff --git a/ssl/ssl_cert_table.h b/ssl/ssl_cert_table.h index f66c5fe39075..a8098e39724c 100644 --- a/ssl/ssl_cert_table.h +++ b/ssl/ssl_cert_table.h @@ -10,14 +10,14 @@ /* * Certificate table information. NB: table entries must match SSL_PKEY indices */ -static const SSL_CERT_LOOKUP ssl_cert_info [] = { - {EVP_PKEY_RSA, SSL_aRSA}, /* SSL_PKEY_RSA */ - {EVP_PKEY_RSA_PSS, SSL_aRSA}, /* SSL_PKEY_RSA_PSS_SIGN */ - {EVP_PKEY_DSA, SSL_aDSS}, /* SSL_PKEY_DSA_SIGN */ - {EVP_PKEY_EC, SSL_aECDSA}, /* SSL_PKEY_ECC */ - {NID_id_GostR3410_2001, SSL_aGOST01}, /* SSL_PKEY_GOST01 */ - {NID_id_GostR3410_2012_256, SSL_aGOST12}, /* SSL_PKEY_GOST12_256 */ - {NID_id_GostR3410_2012_512, SSL_aGOST12}, /* SSL_PKEY_GOST12_512 */ - {EVP_PKEY_ED25519, SSL_aECDSA}, /* SSL_PKEY_ED25519 */ - {EVP_PKEY_ED448, SSL_aECDSA} /* SSL_PKEY_ED448 */ +static const SSL_CERT_LOOKUP ssl_cert_info[] = { + { EVP_PKEY_RSA, SSL_aRSA }, /* SSL_PKEY_RSA */ + { EVP_PKEY_RSA_PSS, SSL_aRSA }, /* SSL_PKEY_RSA_PSS_SIGN */ + { EVP_PKEY_DSA, SSL_aDSS }, /* SSL_PKEY_DSA_SIGN */ + { EVP_PKEY_EC, SSL_aECDSA }, /* SSL_PKEY_ECC */ + { NID_id_GostR3410_2001, SSL_aGOST01 }, /* SSL_PKEY_GOST01 */ + { NID_id_GostR3410_2012_256, SSL_aGOST12 }, /* SSL_PKEY_GOST12_256 */ + { NID_id_GostR3410_2012_512, SSL_aGOST12 }, /* SSL_PKEY_GOST12_512 */ + { EVP_PKEY_ED25519, SSL_aECDSA }, /* SSL_PKEY_ED25519 */ + { EVP_PKEY_ED448, SSL_aECDSA } /* SSL_PKEY_ED448 */ }; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 9e32417e75d8..051674f26393 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -31,35 +31,35 @@ typedef struct { /* Table of NIDs for each cipher */ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { - {SSL_DES, NID_des_cbc}, /* SSL_ENC_DES_IDX 0 */ - {SSL_3DES, NID_des_ede3_cbc}, /* SSL_ENC_3DES_IDX 1 */ - {SSL_RC4, NID_rc4}, /* SSL_ENC_RC4_IDX 2 */ - {SSL_RC2, NID_rc2_cbc}, /* SSL_ENC_RC2_IDX 3 */ - {SSL_IDEA, NID_idea_cbc}, /* SSL_ENC_IDEA_IDX 4 */ - {SSL_eNULL, NID_undef}, /* SSL_ENC_NULL_IDX 5 */ - {SSL_AES128, NID_aes_128_cbc}, /* SSL_ENC_AES128_IDX 6 */ - {SSL_AES256, NID_aes_256_cbc}, /* SSL_ENC_AES256_IDX 7 */ - {SSL_CAMELLIA128, NID_camellia_128_cbc}, /* SSL_ENC_CAMELLIA128_IDX 8 */ - {SSL_CAMELLIA256, NID_camellia_256_cbc}, /* SSL_ENC_CAMELLIA256_IDX 9 */ - {SSL_eGOST2814789CNT, NID_gost89_cnt}, /* SSL_ENC_GOST89_IDX 10 */ - {SSL_SEED, NID_seed_cbc}, /* SSL_ENC_SEED_IDX 11 */ - {SSL_AES128GCM, NID_aes_128_gcm}, /* SSL_ENC_AES128GCM_IDX 12 */ - {SSL_AES256GCM, NID_aes_256_gcm}, /* SSL_ENC_AES256GCM_IDX 13 */ - {SSL_AES128CCM, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM_IDX 14 */ - {SSL_AES256CCM, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM_IDX 15 */ - {SSL_AES128CCM8, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM8_IDX 16 */ - {SSL_AES256CCM8, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM8_IDX 17 */ - {SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX 18 */ - {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */ - {SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */ - {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */ - {SSL_MAGMA, NID_magma_ctr_acpkm}, /* SSL_ENC_MAGMA_IDX */ - {SSL_KUZNYECHIK, NID_kuznyechik_ctr_acpkm}, /* SSL_ENC_KUZNYECHIK_IDX */ + { SSL_DES, NID_des_cbc }, /* SSL_ENC_DES_IDX 0 */ + { SSL_3DES, NID_des_ede3_cbc }, /* SSL_ENC_3DES_IDX 1 */ + { SSL_RC4, NID_rc4 }, /* SSL_ENC_RC4_IDX 2 */ + { SSL_RC2, NID_rc2_cbc }, /* SSL_ENC_RC2_IDX 3 */ + { SSL_IDEA, NID_idea_cbc }, /* SSL_ENC_IDEA_IDX 4 */ + { SSL_eNULL, NID_undef }, /* SSL_ENC_NULL_IDX 5 */ + { SSL_AES128, NID_aes_128_cbc }, /* SSL_ENC_AES128_IDX 6 */ + { SSL_AES256, NID_aes_256_cbc }, /* SSL_ENC_AES256_IDX 7 */ + { SSL_CAMELLIA128, NID_camellia_128_cbc }, /* SSL_ENC_CAMELLIA128_IDX 8 */ + { SSL_CAMELLIA256, NID_camellia_256_cbc }, /* SSL_ENC_CAMELLIA256_IDX 9 */ + { SSL_eGOST2814789CNT, NID_gost89_cnt }, /* SSL_ENC_GOST89_IDX 10 */ + { SSL_SEED, NID_seed_cbc }, /* SSL_ENC_SEED_IDX 11 */ + { SSL_AES128GCM, NID_aes_128_gcm }, /* SSL_ENC_AES128GCM_IDX 12 */ + { SSL_AES256GCM, NID_aes_256_gcm }, /* SSL_ENC_AES256GCM_IDX 13 */ + { SSL_AES128CCM, NID_aes_128_ccm }, /* SSL_ENC_AES128CCM_IDX 14 */ + { SSL_AES256CCM, NID_aes_256_ccm }, /* SSL_ENC_AES256CCM_IDX 15 */ + { SSL_AES128CCM8, NID_aes_128_ccm }, /* SSL_ENC_AES128CCM8_IDX 16 */ + { SSL_AES256CCM8, NID_aes_256_ccm }, /* SSL_ENC_AES256CCM8_IDX 17 */ + { SSL_eGOST2814789CNT12, NID_gost89_cnt_12 }, /* SSL_ENC_GOST8912_IDX 18 */ + { SSL_CHACHA20POLY1305, NID_chacha20_poly1305 }, /* SSL_ENC_CHACHA_IDX 19 */ + { SSL_ARIA128GCM, NID_aria_128_gcm }, /* SSL_ENC_ARIA128GCM_IDX 20 */ + { SSL_ARIA256GCM, NID_aria_256_gcm }, /* SSL_ENC_ARIA256GCM_IDX 21 */ + { SSL_MAGMA, NID_magma_ctr_acpkm }, /* SSL_ENC_MAGMA_IDX */ + { SSL_KUZNYECHIK, NID_kuznyechik_ctr_acpkm }, /* SSL_ENC_KUZNYECHIK_IDX */ }; -#define SSL_COMP_NULL_IDX 0 -#define SSL_COMP_ZLIB_IDX 1 -#define SSL_COMP_NUM_IDX 2 +#define SSL_COMP_NULL_IDX 0 +#define SSL_COMP_ZLIB_IDX 1 +#define SSL_COMP_NUM_IDX 2 static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; @@ -69,53 +69,53 @@ static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT; /* NB: make sure indices in this table matches values above */ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { - {SSL_MD5, NID_md5}, /* SSL_MD_MD5_IDX 0 */ - {SSL_SHA1, NID_sha1}, /* SSL_MD_SHA1_IDX 1 */ - {SSL_GOST94, NID_id_GostR3411_94}, /* SSL_MD_GOST94_IDX 2 */ - {SSL_GOST89MAC, NID_id_Gost28147_89_MAC}, /* SSL_MD_GOST89MAC_IDX 3 */ - {SSL_SHA256, NID_sha256}, /* SSL_MD_SHA256_IDX 4 */ - {SSL_SHA384, NID_sha384}, /* SSL_MD_SHA384_IDX 5 */ - {SSL_GOST12_256, NID_id_GostR3411_2012_256}, /* SSL_MD_GOST12_256_IDX 6 */ - {SSL_GOST89MAC12, NID_gost_mac_12}, /* SSL_MD_GOST89MAC12_IDX 7 */ - {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */ - {0, NID_md5_sha1}, /* SSL_MD_MD5_SHA1_IDX 9 */ - {0, NID_sha224}, /* SSL_MD_SHA224_IDX 10 */ - {0, NID_sha512}, /* SSL_MD_SHA512_IDX 11 */ - {SSL_MAGMAOMAC, NID_magma_mac}, /* sSL_MD_MAGMAOMAC_IDX */ - {SSL_KUZNYECHIKOMAC, NID_kuznyechik_mac} /* SSL_MD_KUZNYECHIKOMAC_IDX */ + { SSL_MD5, NID_md5 }, /* SSL_MD_MD5_IDX 0 */ + { SSL_SHA1, NID_sha1 }, /* SSL_MD_SHA1_IDX 1 */ + { SSL_GOST94, NID_id_GostR3411_94 }, /* SSL_MD_GOST94_IDX 2 */ + { SSL_GOST89MAC, NID_id_Gost28147_89_MAC }, /* SSL_MD_GOST89MAC_IDX 3 */ + { SSL_SHA256, NID_sha256 }, /* SSL_MD_SHA256_IDX 4 */ + { SSL_SHA384, NID_sha384 }, /* SSL_MD_SHA384_IDX 5 */ + { SSL_GOST12_256, NID_id_GostR3411_2012_256 }, /* SSL_MD_GOST12_256_IDX 6 */ + { SSL_GOST89MAC12, NID_gost_mac_12 }, /* SSL_MD_GOST89MAC12_IDX 7 */ + { SSL_GOST12_512, NID_id_GostR3411_2012_512 }, /* SSL_MD_GOST12_512_IDX 8 */ + { 0, NID_md5_sha1 }, /* SSL_MD_MD5_SHA1_IDX 9 */ + { 0, NID_sha224 }, /* SSL_MD_SHA224_IDX 10 */ + { 0, NID_sha512 }, /* SSL_MD_SHA512_IDX 11 */ + { SSL_MAGMAOMAC, NID_magma_mac }, /* sSL_MD_MAGMAOMAC_IDX */ + { SSL_KUZNYECHIKOMAC, NID_kuznyechik_mac } /* SSL_MD_KUZNYECHIKOMAC_IDX */ }; /* *INDENT-OFF* */ static const ssl_cipher_table ssl_cipher_table_kx[] = { - {SSL_kRSA, NID_kx_rsa}, - {SSL_kECDHE, NID_kx_ecdhe}, - {SSL_kDHE, NID_kx_dhe}, - {SSL_kECDHEPSK, NID_kx_ecdhe_psk}, - {SSL_kDHEPSK, NID_kx_dhe_psk}, - {SSL_kRSAPSK, NID_kx_rsa_psk}, - {SSL_kPSK, NID_kx_psk}, - {SSL_kSRP, NID_kx_srp}, - {SSL_kGOST, NID_kx_gost}, - {SSL_kGOST18, NID_kx_gost18}, - {SSL_kANY, NID_kx_any} + { SSL_kRSA, NID_kx_rsa }, + { SSL_kECDHE, NID_kx_ecdhe }, + { SSL_kDHE, NID_kx_dhe }, + { SSL_kECDHEPSK, NID_kx_ecdhe_psk }, + { SSL_kDHEPSK, NID_kx_dhe_psk }, + { SSL_kRSAPSK, NID_kx_rsa_psk }, + { SSL_kPSK, NID_kx_psk }, + { SSL_kSRP, NID_kx_srp }, + { SSL_kGOST, NID_kx_gost }, + { SSL_kGOST18, NID_kx_gost18 }, + { SSL_kANY, NID_kx_any } }; static const ssl_cipher_table ssl_cipher_table_auth[] = { - {SSL_aRSA, NID_auth_rsa}, - {SSL_aECDSA, NID_auth_ecdsa}, - {SSL_aPSK, NID_auth_psk}, - {SSL_aDSS, NID_auth_dss}, - {SSL_aGOST01, NID_auth_gost01}, - {SSL_aGOST12, NID_auth_gost12}, - {SSL_aSRP, NID_auth_srp}, - {SSL_aNULL, NID_auth_null}, - {SSL_aANY, NID_auth_any} + { SSL_aRSA, NID_auth_rsa }, + { SSL_aECDSA, NID_auth_ecdsa }, + { SSL_aPSK, NID_auth_psk }, + { SSL_aDSS, NID_auth_dss }, + { SSL_aGOST01, NID_auth_gost01 }, + { SSL_aGOST12, NID_auth_gost12 }, + { SSL_aSRP, NID_auth_srp }, + { SSL_aNULL, NID_auth_null }, + { SSL_aANY, NID_auth_any } }; /* *INDENT-ON* */ /* Utility function for table lookup */ -static int ssl_cipher_info_find(const ssl_cipher_table * table, - size_t table_cnt, uint32_t mask) +static int ssl_cipher_info_find(const ssl_cipher_table *table, + size_t table_cnt, uint32_t mask) { size_t i; for (i = 0; i < table_cnt; i++, table++) { @@ -144,16 +144,16 @@ static const int default_mac_pkey_id[SSL_MD_NUM_IDX] = { NID_undef, NID_undef, NID_undef, NID_undef, NID_undef }; -#define CIPHER_ADD 1 -#define CIPHER_KILL 2 -#define CIPHER_DEL 3 -#define CIPHER_ORD 4 -#define CIPHER_SPECIAL 5 +#define CIPHER_ADD 1 +#define CIPHER_KILL 2 +#define CIPHER_DEL 3 +#define CIPHER_ORD 4 +#define CIPHER_SPECIAL 5 /* * Bump the ciphers to the top of the list. * This rule isn't currently supported by the public cipherstring API. */ -#define CIPHER_BUMP 6 +#define CIPHER_BUMP 6 typedef struct cipher_order_st { const SSL_CIPHER *cipher; @@ -164,122 +164,122 @@ typedef struct cipher_order_st { static const SSL_CIPHER cipher_aliases[] = { /* "ALL" doesn't include eNULL (must be specifically enabled) */ - {0, SSL_TXT_ALL, NULL, 0, 0, 0, ~SSL_eNULL}, + { 0, SSL_TXT_ALL, NULL, 0, 0, 0, ~SSL_eNULL }, /* "COMPLEMENTOFALL" */ - {0, SSL_TXT_CMPALL, NULL, 0, 0, 0, SSL_eNULL}, + { 0, SSL_TXT_CMPALL, NULL, 0, 0, 0, SSL_eNULL }, /* * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in * ALL!) */ - {0, SSL_TXT_CMPDEF, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT}, + { 0, SSL_TXT_CMPDEF, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT }, /* * key exchange aliases (some of those using only a single bit here * combine multiple key exchange algs according to the RFCs, e.g. kDHE * combines DHE_DSS and DHE_RSA) */ - {0, SSL_TXT_kRSA, NULL, 0, SSL_kRSA}, + { 0, SSL_TXT_kRSA, NULL, 0, SSL_kRSA }, - {0, SSL_TXT_kEDH, NULL, 0, SSL_kDHE}, - {0, SSL_TXT_kDHE, NULL, 0, SSL_kDHE}, - {0, SSL_TXT_DH, NULL, 0, SSL_kDHE}, + { 0, SSL_TXT_kEDH, NULL, 0, SSL_kDHE }, + { 0, SSL_TXT_kDHE, NULL, 0, SSL_kDHE }, + { 0, SSL_TXT_DH, NULL, 0, SSL_kDHE }, - {0, SSL_TXT_kEECDH, NULL, 0, SSL_kECDHE}, - {0, SSL_TXT_kECDHE, NULL, 0, SSL_kECDHE}, - {0, SSL_TXT_ECDH, NULL, 0, SSL_kECDHE}, + { 0, SSL_TXT_kEECDH, NULL, 0, SSL_kECDHE }, + { 0, SSL_TXT_kECDHE, NULL, 0, SSL_kECDHE }, + { 0, SSL_TXT_ECDH, NULL, 0, SSL_kECDHE }, - {0, SSL_TXT_kPSK, NULL, 0, SSL_kPSK}, - {0, SSL_TXT_kRSAPSK, NULL, 0, SSL_kRSAPSK}, - {0, SSL_TXT_kECDHEPSK, NULL, 0, SSL_kECDHEPSK}, - {0, SSL_TXT_kDHEPSK, NULL, 0, SSL_kDHEPSK}, - {0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP}, - {0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST}, - {0, SSL_TXT_kGOST18, NULL, 0, SSL_kGOST18}, + { 0, SSL_TXT_kPSK, NULL, 0, SSL_kPSK }, + { 0, SSL_TXT_kRSAPSK, NULL, 0, SSL_kRSAPSK }, + { 0, SSL_TXT_kECDHEPSK, NULL, 0, SSL_kECDHEPSK }, + { 0, SSL_TXT_kDHEPSK, NULL, 0, SSL_kDHEPSK }, + { 0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP }, + { 0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST }, + { 0, SSL_TXT_kGOST18, NULL, 0, SSL_kGOST18 }, /* server authentication aliases */ - {0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA}, - {0, SSL_TXT_aDSS, NULL, 0, 0, SSL_aDSS}, - {0, SSL_TXT_DSS, NULL, 0, 0, SSL_aDSS}, - {0, SSL_TXT_aNULL, NULL, 0, 0, SSL_aNULL}, - {0, SSL_TXT_aECDSA, NULL, 0, 0, SSL_aECDSA}, - {0, SSL_TXT_ECDSA, NULL, 0, 0, SSL_aECDSA}, - {0, SSL_TXT_aPSK, NULL, 0, 0, SSL_aPSK}, - {0, SSL_TXT_aGOST01, NULL, 0, 0, SSL_aGOST01}, - {0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12}, - {0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12}, - {0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP}, + { 0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA }, + { 0, SSL_TXT_aDSS, NULL, 0, 0, SSL_aDSS }, + { 0, SSL_TXT_DSS, NULL, 0, 0, SSL_aDSS }, + { 0, SSL_TXT_aNULL, NULL, 0, 0, SSL_aNULL }, + { 0, SSL_TXT_aECDSA, NULL, 0, 0, SSL_aECDSA }, + { 0, SSL_TXT_ECDSA, NULL, 0, 0, SSL_aECDSA }, + { 0, SSL_TXT_aPSK, NULL, 0, 0, SSL_aPSK }, + { 0, SSL_TXT_aGOST01, NULL, 0, 0, SSL_aGOST01 }, + { 0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12 }, + { 0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12 }, + { 0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP }, /* aliases combining key exchange and server authentication */ - {0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL}, - {0, SSL_TXT_DHE, NULL, 0, SSL_kDHE, ~SSL_aNULL}, - {0, SSL_TXT_EECDH, NULL, 0, SSL_kECDHE, ~SSL_aNULL}, - {0, SSL_TXT_ECDHE, NULL, 0, SSL_kECDHE, ~SSL_aNULL}, - {0, SSL_TXT_NULL, NULL, 0, 0, 0, SSL_eNULL}, - {0, SSL_TXT_RSA, NULL, 0, SSL_kRSA, SSL_aRSA}, - {0, SSL_TXT_ADH, NULL, 0, SSL_kDHE, SSL_aNULL}, - {0, SSL_TXT_AECDH, NULL, 0, SSL_kECDHE, SSL_aNULL}, - {0, SSL_TXT_PSK, NULL, 0, SSL_PSK}, - {0, SSL_TXT_SRP, NULL, 0, SSL_kSRP}, + { 0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL }, + { 0, SSL_TXT_DHE, NULL, 0, SSL_kDHE, ~SSL_aNULL }, + { 0, SSL_TXT_EECDH, NULL, 0, SSL_kECDHE, ~SSL_aNULL }, + { 0, SSL_TXT_ECDHE, NULL, 0, SSL_kECDHE, ~SSL_aNULL }, + { 0, SSL_TXT_NULL, NULL, 0, 0, 0, SSL_eNULL }, + { 0, SSL_TXT_RSA, NULL, 0, SSL_kRSA, SSL_aRSA }, + { 0, SSL_TXT_ADH, NULL, 0, SSL_kDHE, SSL_aNULL }, + { 0, SSL_TXT_AECDH, NULL, 0, SSL_kECDHE, SSL_aNULL }, + { 0, SSL_TXT_PSK, NULL, 0, SSL_PSK }, + { 0, SSL_TXT_SRP, NULL, 0, SSL_kSRP }, /* symmetric encryption aliases */ - {0, SSL_TXT_3DES, NULL, 0, 0, 0, SSL_3DES}, - {0, SSL_TXT_RC4, NULL, 0, 0, 0, SSL_RC4}, - {0, SSL_TXT_RC2, NULL, 0, 0, 0, SSL_RC2}, - {0, SSL_TXT_IDEA, NULL, 0, 0, 0, SSL_IDEA}, - {0, SSL_TXT_SEED, NULL, 0, 0, 0, SSL_SEED}, - {0, SSL_TXT_eNULL, NULL, 0, 0, 0, SSL_eNULL}, - {0, SSL_TXT_GOST, NULL, 0, 0, 0, - SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12 | SSL_MAGMA | SSL_KUZNYECHIK}, - {0, SSL_TXT_AES128, NULL, 0, 0, 0, - SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8}, - {0, SSL_TXT_AES256, NULL, 0, 0, 0, - SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8}, - {0, SSL_TXT_AES, NULL, 0, 0, 0, SSL_AES}, - {0, SSL_TXT_AES_GCM, NULL, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM}, - {0, SSL_TXT_AES_CCM, NULL, 0, 0, 0, - SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8}, - {0, SSL_TXT_AES_CCM_8, NULL, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8}, - {0, SSL_TXT_CAMELLIA128, NULL, 0, 0, 0, SSL_CAMELLIA128}, - {0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256}, - {0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA}, - {0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20}, - {0, SSL_TXT_GOST2012_GOST8912_GOST8912, NULL, 0, 0, 0, SSL_eGOST2814789CNT12}, + { 0, SSL_TXT_3DES, NULL, 0, 0, 0, SSL_3DES }, + { 0, SSL_TXT_RC4, NULL, 0, 0, 0, SSL_RC4 }, + { 0, SSL_TXT_RC2, NULL, 0, 0, 0, SSL_RC2 }, + { 0, SSL_TXT_IDEA, NULL, 0, 0, 0, SSL_IDEA }, + { 0, SSL_TXT_SEED, NULL, 0, 0, 0, SSL_SEED }, + { 0, SSL_TXT_eNULL, NULL, 0, 0, 0, SSL_eNULL }, + { 0, SSL_TXT_GOST, NULL, 0, 0, 0, + SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12 | SSL_MAGMA | SSL_KUZNYECHIK }, + { 0, SSL_TXT_AES128, NULL, 0, 0, 0, + SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8 }, + { 0, SSL_TXT_AES256, NULL, 0, 0, 0, + SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8 }, + { 0, SSL_TXT_AES, NULL, 0, 0, 0, SSL_AES }, + { 0, SSL_TXT_AES_GCM, NULL, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM }, + { 0, SSL_TXT_AES_CCM, NULL, 0, 0, 0, + SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8 }, + { 0, SSL_TXT_AES_CCM_8, NULL, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8 }, + { 0, SSL_TXT_CAMELLIA128, NULL, 0, 0, 0, SSL_CAMELLIA128 }, + { 0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256 }, + { 0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA }, + { 0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20 }, + { 0, SSL_TXT_GOST2012_GOST8912_GOST8912, NULL, 0, 0, 0, SSL_eGOST2814789CNT12 }, - {0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA}, - {0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM}, - {0, SSL_TXT_ARIA128, NULL, 0, 0, 0, SSL_ARIA128GCM}, - {0, SSL_TXT_ARIA256, NULL, 0, 0, 0, SSL_ARIA256GCM}, - {0, SSL_TXT_CBC, NULL, 0, 0, 0, SSL_CBC}, + { 0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA }, + { 0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM }, + { 0, SSL_TXT_ARIA128, NULL, 0, 0, 0, SSL_ARIA128GCM }, + { 0, SSL_TXT_ARIA256, NULL, 0, 0, 0, SSL_ARIA256GCM }, + { 0, SSL_TXT_CBC, NULL, 0, 0, 0, SSL_CBC }, /* MAC aliases */ - {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5}, - {0, SSL_TXT_SHA1, NULL, 0, 0, 0, 0, SSL_SHA1}, - {0, SSL_TXT_SHA, NULL, 0, 0, 0, 0, SSL_SHA1}, - {0, SSL_TXT_GOST94, NULL, 0, 0, 0, 0, SSL_GOST94}, - {0, SSL_TXT_GOST89MAC, NULL, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12}, - {0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256}, - {0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384}, - {0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256}, + { 0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5 }, + { 0, SSL_TXT_SHA1, NULL, 0, 0, 0, 0, SSL_SHA1 }, + { 0, SSL_TXT_SHA, NULL, 0, 0, 0, 0, SSL_SHA1 }, + { 0, SSL_TXT_GOST94, NULL, 0, 0, 0, 0, SSL_GOST94 }, + { 0, SSL_TXT_GOST89MAC, NULL, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12 }, + { 0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256 }, + { 0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384 }, + { 0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256 }, /* protocol version aliases */ - {0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION}, - {0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION}, - {0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION}, - {0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION}, + { 0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION }, + { 0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION }, + { 0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION }, + { 0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION }, /* strength classes */ - {0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW}, - {0, SSL_TXT_MEDIUM, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM}, - {0, SSL_TXT_HIGH, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH}, + { 0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW }, + { 0, SSL_TXT_MEDIUM, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM }, + { 0, SSL_TXT_HIGH, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH }, /* FIPS 140-2 approved ciphersuite */ - {0, SSL_TXT_FIPS, NULL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS}, + { 0, SSL_TXT_FIPS, NULL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS }, /* "EDH-" aliases to "DHE-" labels (for backward compatibility) */ - {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, NULL, 0, - SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS}, - {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, NULL, 0, - SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS}, + { 0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, NULL, 0, + SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS }, + { 0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, NULL, 0, + SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS }, }; @@ -294,8 +294,7 @@ static int get_optional_pkey_id(const char *pkey_name) const EVP_PKEY_ASN1_METHOD *ameth; int pkey_id = 0; ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1); - if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, - ameth) > 0) + if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth) > 0) return pkey_id; return 0; } @@ -310,7 +309,8 @@ static int get_optional_pkey_id(const char *pkey_name) ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1); if (ameth) { if (EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, - ameth) <= 0) + ameth) + <= 0) pkey_id = 0; } tls_engine_finish(tmpeng); @@ -396,31 +396,27 @@ int ssl_load_ciphers(SSL_CTX *ctx) * present, disable appropriate auth and key exchange */ memcpy(ctx->ssl_mac_pkey_id, default_mac_pkey_id, - sizeof(ctx->ssl_mac_pkey_id)); + sizeof(ctx->ssl_mac_pkey_id)); - ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = - get_optional_pkey_id(SN_id_Gost28147_89_MAC); + ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id(SN_id_Gost28147_89_MAC); if (ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) ctx->ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; else ctx->disabled_mac_mask |= SSL_GOST89MAC; - ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] = - get_optional_pkey_id(SN_gost_mac_12); + ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] = get_optional_pkey_id(SN_gost_mac_12); if (ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) ctx->ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32; else ctx->disabled_mac_mask |= SSL_GOST89MAC12; - ctx->ssl_mac_pkey_id[SSL_MD_MAGMAOMAC_IDX] = - get_optional_pkey_id(SN_magma_mac); + ctx->ssl_mac_pkey_id[SSL_MD_MAGMAOMAC_IDX] = get_optional_pkey_id(SN_magma_mac); if (ctx->ssl_mac_pkey_id[SSL_MD_MAGMAOMAC_IDX]) ctx->ssl_mac_secret_size[SSL_MD_MAGMAOMAC_IDX] = 32; else ctx->disabled_mac_mask |= SSL_MAGMAOMAC; - ctx->ssl_mac_pkey_id[SSL_MD_KUZNYECHIKOMAC_IDX] = - get_optional_pkey_id(SN_kuznyechik_mac); + ctx->ssl_mac_pkey_id[SSL_MD_KUZNYECHIKOMAC_IDX] = get_optional_pkey_id(SN_kuznyechik_mac); if (ctx->ssl_mac_pkey_id[SSL_MD_KUZNYECHIKOMAC_IDX]) ctx->ssl_mac_secret_size[SSL_MD_KUZNYECHIKOMAC_IDX] = 32; else @@ -435,11 +431,10 @@ int ssl_load_ciphers(SSL_CTX *ctx) /* * Disable GOST key exchange if no GOST signature algs are available * */ - if ((ctx->disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) == - (SSL_aGOST01 | SSL_aGOST12)) + if ((ctx->disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) == (SSL_aGOST01 | SSL_aGOST12)) ctx->disabled_mkey_mask |= SSL_kGOST; - if ((ctx->disabled_auth_mask & SSL_aGOST12) == SSL_aGOST12) + if ((ctx->disabled_auth_mask & SSL_aGOST12) == SSL_aGOST12) ctx->disabled_mkey_mask |= SSL_kGOST18; return 1; @@ -480,7 +475,7 @@ static int load_builtin_compressions(void) #endif int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc, - const EVP_CIPHER **enc) + const EVP_CIPHER **enc) { int i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, sslc->algorithm_enc); @@ -500,7 +495,7 @@ int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc, const EVP_CIPHER *cipher = ctx->ssl_cipher_methods[i]; if (cipher == NULL - || !ssl_evp_cipher_up_ref(cipher)) + || !ssl_evp_cipher_up_ref(cipher)) return 0; *enc = ctx->ssl_cipher_methods[i]; } @@ -509,9 +504,9 @@ int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc, } int ssl_cipher_get_evp(SSL_CTX *ctx, const SSL_SESSION *s, - const EVP_CIPHER **enc, const EVP_MD **md, - int *mac_pkey_type, size_t *mac_secret_size, - SSL_COMP **comp, int use_etm) + const EVP_CIPHER **enc, const EVP_MD **md, + int *mac_pkey_type, size_t *mac_secret_size, + SSL_COMP **comp, int use_etm) { int i; const SSL_CIPHER *c; @@ -560,7 +555,7 @@ int ssl_cipher_get_evp(SSL_CTX *ctx, const SSL_SESSION *s, const EVP_MD *digest = ctx->ssl_digest_methods[i]; if (digest == NULL - || !ssl_evp_md_up_ref(digest)) { + || !ssl_evp_md_up_ref(digest)) { ssl_evp_cipher_free(*enc); return 0; } @@ -572,40 +567,40 @@ int ssl_cipher_get_evp(SSL_CTX *ctx, const SSL_SESSION *s, } if ((*enc != NULL) - && (*md != NULL + && (*md != NULL || (EVP_CIPHER_get_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER)) && (!mac_pkey_type || *mac_pkey_type != NID_undef)) { const EVP_CIPHER *evp = NULL; if (use_etm - || s->ssl_version >> 8 != TLS1_VERSION_MAJOR - || s->ssl_version < TLS1_VERSION) + || s->ssl_version >> 8 != TLS1_VERSION_MAJOR + || s->ssl_version < TLS1_VERSION) return 1; if (c->algorithm_enc == SSL_RC4 - && c->algorithm_mac == SSL_MD5) + && c->algorithm_mac == SSL_MD5) evp = ssl_evp_cipher_fetch(ctx->libctx, NID_rc4_hmac_md5, - ctx->propq); + ctx->propq); else if (c->algorithm_enc == SSL_AES128 - && c->algorithm_mac == SSL_SHA1) + && c->algorithm_mac == SSL_SHA1) evp = ssl_evp_cipher_fetch(ctx->libctx, - NID_aes_128_cbc_hmac_sha1, - ctx->propq); + NID_aes_128_cbc_hmac_sha1, + ctx->propq); else if (c->algorithm_enc == SSL_AES256 - && c->algorithm_mac == SSL_SHA1) - evp = ssl_evp_cipher_fetch(ctx->libctx, - NID_aes_256_cbc_hmac_sha1, - ctx->propq); + && c->algorithm_mac == SSL_SHA1) + evp = ssl_evp_cipher_fetch(ctx->libctx, + NID_aes_256_cbc_hmac_sha1, + ctx->propq); else if (c->algorithm_enc == SSL_AES128 - && c->algorithm_mac == SSL_SHA256) + && c->algorithm_mac == SSL_SHA256) evp = ssl_evp_cipher_fetch(ctx->libctx, - NID_aes_128_cbc_hmac_sha256, - ctx->propq); + NID_aes_128_cbc_hmac_sha256, + ctx->propq); else if (c->algorithm_enc == SSL_AES256 - && c->algorithm_mac == SSL_SHA256) + && c->algorithm_mac == SSL_SHA256) evp = ssl_evp_cipher_fetch(ctx->libctx, - NID_aes_256_cbc_hmac_sha256, - ctx->propq); + NID_aes_256_cbc_hmac_sha256, + ctx->propq); if (evp != NULL) { ssl_evp_cipher_free(*enc); @@ -638,10 +633,10 @@ const EVP_MD *ssl_prf_md(SSL *s) } #define ITEM_SEP(a) \ - (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) + (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, - CIPHER_ORDER **tail) + CIPHER_ORDER **tail) { if (curr == *tail) return; @@ -658,7 +653,7 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, } static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, - CIPHER_ORDER **tail) + CIPHER_ORDER **tail) { if (curr == *head) return; @@ -675,14 +670,14 @@ static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, } static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, - int num_of_ciphers, - uint32_t disabled_mkey, - uint32_t disabled_auth, - uint32_t disabled_enc, - uint32_t disabled_mac, - CIPHER_ORDER *co_list, - CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p) + int num_of_ciphers, + uint32_t disabled_mkey, + uint32_t disabled_auth, + uint32_t disabled_enc, + uint32_t disabled_mac, + CIPHER_ORDER *co_list, + CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p) { int i, co_list_num; const SSL_CIPHER *c; @@ -695,22 +690,17 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, */ /* Get the initial list of ciphers */ - co_list_num = 0; /* actual count of ciphers */ + co_list_num = 0; /* actual count of ciphers */ for (i = 0; i < num_of_ciphers; i++) { c = ssl_method->get_cipher(i); /* drop those that use any of that is not available */ if (c == NULL || !c->valid) continue; - if ((c->algorithm_mkey & disabled_mkey) || - (c->algorithm_auth & disabled_auth) || - (c->algorithm_enc & disabled_enc) || - (c->algorithm_mac & disabled_mac)) + if ((c->algorithm_mkey & disabled_mkey) || (c->algorithm_auth & disabled_auth) || (c->algorithm_enc & disabled_enc) || (c->algorithm_mac & disabled_mac)) continue; - if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) == 0) && - c->min_tls == 0) + if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) == 0) && c->min_tls == 0) continue; - if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) != 0) && - c->min_dtls == 0) + if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) != 0) && c->min_dtls == 0) continue; co_list[co_list_num].cipher = c; @@ -745,12 +735,12 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, } static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, - int num_of_group_aliases, - uint32_t disabled_mkey, - uint32_t disabled_auth, - uint32_t disabled_enc, - uint32_t disabled_mac, - CIPHER_ORDER *head) + int num_of_group_aliases, + uint32_t disabled_mkey, + uint32_t disabled_auth, + uint32_t disabled_enc, + uint32_t disabled_mac, + CIPHER_ORDER *head) { CIPHER_ORDER *ciph_curr; const SSL_CIPHER **ca_curr; @@ -803,30 +793,31 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, ca_curr++; } - *ca_curr = NULL; /* end of list */ + *ca_curr = NULL; /* end of list */ } static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, - uint32_t alg_auth, uint32_t alg_enc, - uint32_t alg_mac, int min_tls, - uint32_t algo_strength, int rule, - int32_t strength_bits, CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p) + uint32_t alg_auth, uint32_t alg_enc, + uint32_t alg_mac, int min_tls, + uint32_t algo_strength, int rule, + int32_t strength_bits, CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p) { CIPHER_ORDER *head, *tail, *curr, *next, *last; const SSL_CIPHER *cp; int reverse = 0; - OSSL_TRACE_BEGIN(TLS_CIPHER){ + OSSL_TRACE_BEGIN(TLS_CIPHER) + { BIO_printf(trc_out, - "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n", - rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls, - algo_strength, strength_bits); + "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n", + rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls, + algo_strength, strength_bits); } if (rule == CIPHER_DEL || rule == CIPHER_BUMP) - reverse = 1; /* needed to maintain sorting between currently - * deleted ciphers */ + reverse = 1; /* needed to maintain sorting between currently + * deleted ciphers */ head = *head_p; tail = *tail_p; @@ -863,11 +854,11 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, } else { if (trc_out != NULL) { BIO_printf(trc_out, - "\nName: %s:" - "\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n", - cp->name, cp->algorithm_mkey, cp->algorithm_auth, - cp->algorithm_enc, cp->algorithm_mac, cp->min_tls, - cp->algo_strength); + "\nName: %s:" + "\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n", + cp->name, cp->algorithm_mkey, cp->algorithm_auth, + cp->algorithm_enc, cp->algorithm_mac, cp->min_tls, + cp->algo_strength); } if (cipher_id != 0 && (cipher_id != cp->id)) continue; @@ -945,7 +936,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, } static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p) + CIPHER_ORDER **tail_p) { int32_t max_strength_bits; int i, *number_uses; @@ -986,16 +977,16 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, for (i = max_strength_bits; i >= 0; i--) if (number_uses[i] > 0) ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, - tail_p); + tail_p); OPENSSL_free(number_uses); return 1; } static int ssl_cipher_process_rulestr(const char *rule_str, - CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p, - const SSL_CIPHER **ca_list, CERT *c) + CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p, + const SSL_CIPHER **ca_list, CERT *c) { uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength; int min_tls; @@ -1006,11 +997,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str, retval = 1; l = rule_str; - for ( ; ; ) { + for (;;) { ch = *l; if (ch == '\0') - break; /* done */ + break; /* done */ if (ch == '-') { rule = CIPHER_DEL; l++; @@ -1044,13 +1035,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str, buf = l; buflen = 0; #ifndef CHARSET_EBCDIC - while (((ch >= 'A') && (ch <= 'Z')) || - ((ch >= '0') && (ch <= '9')) || - ((ch >= 'a') && (ch <= 'z')) || - (ch == '-') || (ch == '.') || (ch == '=')) + while (((ch >= 'A') && (ch <= 'Z')) || ((ch >= '0') && (ch <= '9')) || ((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.') || (ch == '=')) #else while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.') - || (ch == '=')) + || (ch == '=')) #endif { ch = *(++l); @@ -1068,8 +1056,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str, } if (rule == CIPHER_SPECIAL) { - found = 0; /* unused -- avoid compiler warning */ - break; /* special treatment */ + found = 0; /* unused -- avoid compiler warning */ + break; /* special treatment */ } /* check for multi-part specification */ @@ -1103,7 +1091,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, } if (!found) - break; /* ignore this entry */ + break; /* ignore this entry */ if (ca_list[j]->algorithm_mkey) { if (alg_mkey) { @@ -1155,9 +1143,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { if (algo_strength & SSL_STRONG_MASK) { - algo_strength &= - (ca_list[j]->algo_strength & SSL_STRONG_MASK) | - ~SSL_STRONG_MASK; + algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; @@ -1169,16 +1155,13 @@ static int ssl_cipher_process_rulestr(const char *rule_str, if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) { if (algo_strength & SSL_DEFAULT_MASK) { - algo_strength &= - (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) | - ~SSL_DEFAULT_MASK; + algo_strength &= (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) | ~SSL_DEFAULT_MASK; if (!(algo_strength & SSL_DEFAULT_MASK)) { found = 0; break; } } else { - algo_strength |= - ca_list[j]->algo_strength & SSL_DEFAULT_MASK; + algo_strength |= ca_list[j]->algo_strength & SSL_DEFAULT_MASK; } } @@ -1239,22 +1222,22 @@ static int ssl_cipher_process_rulestr(const char *rule_str, l++; } else if (found) { ssl_cipher_apply_rule(cipher_id, - alg_mkey, alg_auth, alg_enc, alg_mac, - min_tls, algo_strength, rule, -1, head_p, - tail_p); + alg_mkey, alg_auth, alg_enc, alg_mac, + min_tls, algo_strength, rule, -1, head_p, + tail_p); } else { while ((*l != '\0') && !ITEM_SEP(*l)) l++; } if (*l == '\0') - break; /* done */ + break; /* done */ } return retval; } static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, - const char **prule_str) + const char **prule_str) { unsigned int suiteb_flags = 0, suiteb_comb2 = 0; if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) { @@ -1289,8 +1272,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, if (suiteb_comb2) *prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384"; else - *prule_str = - "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384"; + *prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384"; break; case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY: *prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256"; @@ -1338,8 +1320,8 @@ static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const cha /* Parse the list. We explicitly allow an empty list */ if (*str != '\0' - && (CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers) <= 0 - || sk_SSL_CIPHER_num(newciphers) == 0)) { + && (CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers) <= 0 + || sk_SSL_CIPHER_num(newciphers) == 0)) { ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH); sk_SSL_CIPHER_free(newciphers); return 0; @@ -1351,7 +1333,7 @@ static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const cha } static int update_cipher_list_by_id(STACK_OF(SSL_CIPHER) **cipher_list_by_id, - STACK_OF(SSL_CIPHER) *cipherstack) + STACK_OF(SSL_CIPHER) *cipherstack) { STACK_OF(SSL_CIPHER) *tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); @@ -1369,9 +1351,9 @@ static int update_cipher_list_by_id(STACK_OF(SSL_CIPHER) **cipher_list_by_id, } static int update_cipher_list(SSL_CTX *ctx, - STACK_OF(SSL_CIPHER) **cipher_list, - STACK_OF(SSL_CIPHER) **cipher_list_by_id, - STACK_OF(SSL_CIPHER) *tls13_ciphersuites) + STACK_OF(SSL_CIPHER) **cipher_list, + STACK_OF(SSL_CIPHER) **cipher_list_by_id, + STACK_OF(SSL_CIPHER) *tls13_ciphersuites) { int i; STACK_OF(SSL_CIPHER) *tmp_cipher_list = sk_SSL_CIPHER_dup(*cipher_list); @@ -1384,8 +1366,8 @@ static int update_cipher_list(SSL_CTX *ctx, * list. */ while (sk_SSL_CIPHER_num(tmp_cipher_list) > 0 - && sk_SSL_CIPHER_value(tmp_cipher_list, 0)->min_tls - == TLS1_3_VERSION) + && sk_SSL_CIPHER_value(tmp_cipher_list, 0)->min_tls + == TLS1_3_VERSION) (void)sk_SSL_CIPHER_delete(tmp_cipher_list, 0); /* Insert the new TLSv1.3 ciphersuites */ @@ -1394,9 +1376,11 @@ static int update_cipher_list(SSL_CTX *ctx, /* Don't include any TLSv1.3 ciphersuites that are disabled */ if ((sslc->algorithm_enc & ctx->disabled_enc_mask) == 0 - && (ssl_cipher_table_mac[sslc->algorithm2 - & SSL_HANDSHAKE_MAC_MASK].mask - & ctx->disabled_mac_mask) == 0) { + && (ssl_cipher_table_mac[sslc->algorithm2 + & SSL_HANDSHAKE_MAC_MASK] + .mask + & ctx->disabled_mac_mask) + == 0) { sk_SSL_CIPHER_unshift(tmp_cipher_list, sslc); } } @@ -1418,7 +1402,7 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) if (ret && ctx->cipher_list != NULL) return update_cipher_list(ctx, &ctx->cipher_list, &ctx->cipher_list_by_id, - ctx->tls13_ciphersuites); + ctx->tls13_ciphersuites); return ret; } @@ -1434,17 +1418,17 @@ int SSL_set_ciphersuites(SSL *s, const char *str) } if (ret && s->cipher_list != NULL) return update_cipher_list(s->ctx, &s->cipher_list, &s->cipher_list_by_id, - s->tls13_ciphersuites); + s->tls13_ciphersuites); return ret; } STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, - STACK_OF(SSL_CIPHER) *tls13_ciphersuites, - STACK_OF(SSL_CIPHER) **cipher_list, - STACK_OF(SSL_CIPHER) **cipher_list_by_id, - const char *rule_str, - CERT *c) + STACK_OF(SSL_CIPHER) *tls13_ciphersuites, + STACK_OF(SSL_CIPHER) **cipher_list, + STACK_OF(SSL_CIPHER) **cipher_list_by_id, + const char *rule_str, + CERT *c) { int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases, i; uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac; @@ -1483,12 +1467,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); - return NULL; /* Failure */ + return NULL; /* Failure */ } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, - disabled_mkey, disabled_auth, disabled_enc, - disabled_mac, co_list, &head, &tail); + disabled_mkey, disabled_auth, disabled_enc, + disabled_mac, co_list, &head, &tail); /* Now arrange all ciphers by preference. */ @@ -1500,17 +1484,17 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * preference). */ ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD, - -1, &head, &tail); + -1, &head, &tail); ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, - &tail); + &tail); ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, - &tail); + &tail); /* Within each strength group, we prefer GCM over CHACHA... */ ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1, - &head, &tail); + &head, &tail); ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1, - &head, &tail); + &head, &tail); /* * ...and generally, our preferred cipher is AES. @@ -1518,14 +1502,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * strength. */ ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD, - -1, &head, &tail); + -1, &head, &tail); /* Temporarily enable everything else for sorting */ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); /* Low priority for MD5 */ ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, - &tail); + &tail); /* * Move anonymous ciphers to the end. Usually, these will remain @@ -1533,16 +1517,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * we prefer authenticated ciphers.) */ ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, - &tail); + &tail); ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, - &tail); + &tail); ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, - &tail); + &tail); /* RC4 is sort-of broken -- move to the end */ ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, - &tail); + &tail); /* * Now sort by symmetric encryption strength. The above ordering remains @@ -1557,7 +1541,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs. */ ssl_cipher_apply_rule(0, 0, 0, 0, 0, TLS1_2_VERSION, 0, CIPHER_BUMP, -1, - &head, &tail); + &head, &tail); /* * Irrespective of strength, enforce the following order: @@ -1573,11 +1557,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * reverse order of preference. */ ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_BUMP, -1, - &head, &tail); + &head, &tail); ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, 0, 0, 0, - CIPHER_BUMP, -1, &head, &tail); + CIPHER_BUMP, -1, &head, &tail); ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0, - CIPHER_BUMP, -1, &head, &tail); + CIPHER_BUMP, -1, &head, &tail); /* Now disable everything (maintaining the ordering!) */ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); @@ -1596,11 +1580,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, if (ca_list == NULL) { OPENSSL_free(co_list); ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); - return NULL; /* Failure */ + return NULL; /* Failure */ } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, - disabled_mkey, disabled_auth, disabled_enc, - disabled_mac, head); + disabled_mkey, disabled_auth, disabled_enc, + disabled_mac, head); /* * If the rule_string begins with DEFAULT, apply the default rule @@ -1610,7 +1594,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, rule_p = rule_str; if (strncmp(rule_str, "DEFAULT", 7) == 0) { ok = ssl_cipher_process_rulestr(OSSL_default_cipher_list(), - &head, &tail, ca_list, c); + &head, &tail, ca_list, c); rule_p += 7; if (*rule_p == ':') rule_p++; @@ -1619,9 +1603,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, if (ok && (rule_p[0] != '\0')) ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c); - OPENSSL_free(ca_list); /* Not needed anymore */ + OPENSSL_free(ca_list); /* Not needed anymore */ - if (!ok) { /* Rule processing failure */ + if (!ok) { /* Rule processing failure */ OPENSSL_free(co_list); return NULL; } @@ -1641,9 +1625,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, /* Don't include any TLSv1.3 ciphers that are disabled */ if ((sslc->algorithm_enc & disabled_enc) != 0 - || (ssl_cipher_table_mac[sslc->algorithm2 - & SSL_HANDSHAKE_MAC_MASK].mask - & ctx->disabled_mac_mask) != 0) { + || (ssl_cipher_table_mac[sslc->algorithm2 + & SSL_HANDSHAKE_MAC_MASK] + .mask + & ctx->disabled_mac_mask) + != 0) { sk_SSL_CIPHER_delete(tls13_ciphersuites, i); i--; continue; @@ -1656,7 +1642,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, } } - OSSL_TRACE_BEGIN(TLS_CIPHER) { + OSSL_TRACE_BEGIN(TLS_CIPHER) + { BIO_printf(trc_out, "cipher selection:\n"); } /* @@ -1675,7 +1662,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, BIO_printf(trc_out, "<%s>\n", curr->cipher->name); } } - OPENSSL_free(co_list); /* Not needed any longer */ + OPENSSL_free(co_list); /* Not needed any longer */ OSSL_TRACE_END(TLS_CIPHER); if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) { @@ -1984,7 +1971,7 @@ STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) } STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) - *meths) + *meths) { return meths; } @@ -2002,7 +1989,7 @@ STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) } STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) - *meths) + *meths) { STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods; ssl_comp_methods = meths; @@ -2092,7 +2079,7 @@ int SSL_COMP_get_id(const SSL_COMP *comp) } const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr, - int all) + int all) { const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr); @@ -2159,8 +2146,8 @@ int SSL_CIPHER_is_aead(const SSL_CIPHER *c) } int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, - size_t *int_overhead, size_t *blocksize, - size_t *ext_overhead) + size_t *int_overhead, size_t *blocksize, + size_t *ext_overhead) { size_t mac = 0, in = 0, blk = 0, out = 0; @@ -2192,8 +2179,7 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, /* If it wasn't AEAD or SSL_eNULL, we expect it to be a known CBC cipher. */ - if (e_ciph == NULL || - EVP_CIPHER_get_mode(e_ciph) != EVP_CIPH_CBC_MODE) + if (e_ciph == NULL || EVP_CIPHER_get_mode(e_ciph) != EVP_CIPH_CBC_MODE) return 0; in = 1; /* padding length byte */ diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 698280288e9d..626ba9422c9f 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -34,38 +34,38 @@ typedef struct { } ssl_switch_tbl; /* Sense of name is inverted e.g. "TLSv1" will clear SSL_OP_NO_TLSv1 */ -#define SSL_TFLAG_INV 0x1 +#define SSL_TFLAG_INV 0x1 /* Mask for type of flag referred to */ #define SSL_TFLAG_TYPE_MASK 0xf00 /* Flag is for options */ -#define SSL_TFLAG_OPTION 0x000 +#define SSL_TFLAG_OPTION 0x000 /* Flag is for cert_flags */ -#define SSL_TFLAG_CERT 0x100 +#define SSL_TFLAG_CERT 0x100 /* Flag is for verify mode */ -#define SSL_TFLAG_VFY 0x200 +#define SSL_TFLAG_VFY 0x200 /* Option can only be used for clients */ #define SSL_TFLAG_CLIENT SSL_CONF_FLAG_CLIENT /* Option can only be used for servers */ #define SSL_TFLAG_SERVER SSL_CONF_FLAG_SERVER -#define SSL_TFLAG_BOTH (SSL_TFLAG_CLIENT|SSL_TFLAG_SERVER) +#define SSL_TFLAG_BOTH (SSL_TFLAG_CLIENT | SSL_TFLAG_SERVER) #define SSL_FLAG_TBL(str, flag) \ - {str, (int)(sizeof(str) - 1), SSL_TFLAG_BOTH, flag} + { str, (int)(sizeof(str) - 1), SSL_TFLAG_BOTH, flag } #define SSL_FLAG_TBL_SRV(str, flag) \ - {str, (int)(sizeof(str) - 1), SSL_TFLAG_SERVER, flag} + { str, (int)(sizeof(str) - 1), SSL_TFLAG_SERVER, flag } #define SSL_FLAG_TBL_CLI(str, flag) \ - {str, (int)(sizeof(str) - 1), SSL_TFLAG_CLIENT, flag} + { str, (int)(sizeof(str) - 1), SSL_TFLAG_CLIENT, flag } #define SSL_FLAG_TBL_INV(str, flag) \ - {str, (int)(sizeof(str) - 1), SSL_TFLAG_INV|SSL_TFLAG_BOTH, flag} + { str, (int)(sizeof(str) - 1), SSL_TFLAG_INV | SSL_TFLAG_BOTH, flag } #define SSL_FLAG_TBL_SRV_INV(str, flag) \ - {str, (int)(sizeof(str) - 1), SSL_TFLAG_INV|SSL_TFLAG_SERVER, flag} + { str, (int)(sizeof(str) - 1), SSL_TFLAG_INV | SSL_TFLAG_SERVER, flag } #define SSL_FLAG_TBL_CERT(str, flag) \ - {str, (int)(sizeof(str) - 1), SSL_TFLAG_CERT|SSL_TFLAG_BOTH, flag} + { str, (int)(sizeof(str) - 1), SSL_TFLAG_CERT | SSL_TFLAG_BOTH, flag } #define SSL_FLAG_VFY_CLI(str, flag) \ - {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_CLIENT, flag} + { str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_CLIENT, flag } #define SSL_FLAG_VFY_SRV(str, flag) \ - {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_SERVER, flag} + { str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_SERVER, flag } /* * Opaque structure containing SSL configuration context. @@ -104,7 +104,7 @@ struct ssl_conf_ctx_st { }; static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags, - uint64_t option_value, int onoff) + uint64_t option_value, int onoff) { uint32_t *pflags; @@ -131,7 +131,6 @@ static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags, default: return; - } if (onoff) *pflags |= option_value; @@ -140,7 +139,7 @@ static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags, } static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl, - const char *name, int namelen, int onoff) + const char *name, int namelen, int onoff) { /* If name not relevant for context skip */ if (!(cctx->flags & tbl->name_flags & SSL_TFLAG_BOTH)) @@ -149,7 +148,7 @@ static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl, if (strcmp(tbl->name, name)) return 0; } else if (tbl->namelen != namelen - || OPENSSL_strncasecmp(tbl->name, name, namelen)) + || OPENSSL_strncasecmp(tbl->name, name, namelen)) return 0; ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff); return 1; @@ -233,11 +232,10 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) /* Ignore values supported by 1.0.2 for the automatic selection */ if ((cctx->flags & SSL_CONF_FLAG_FILE) - && (OPENSSL_strcasecmp(value, "+automatic") == 0 - || OPENSSL_strcasecmp(value, "automatic") == 0)) + && (OPENSSL_strcasecmp(value, "+automatic") == 0 + || OPENSSL_strcasecmp(value, "automatic") == 0)) return 1; - if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) && - strcmp(value, "auto") == 0) + if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) && strcmp(value, "auto") == 0) return 1; /* ECDHParameters accepts a single group name */ @@ -311,14 +309,14 @@ static int protocol_from_string(const char *value) * shrink. */ static const struct protocol_versions versions[] = { - {"None", 0}, - {"SSLv3", SSL3_VERSION}, - {"TLSv1", TLS1_VERSION}, - {"TLSv1.1", TLS1_1_VERSION}, - {"TLSv1.2", TLS1_2_VERSION}, - {"TLSv1.3", TLS1_3_VERSION}, - {"DTLSv1", DTLS1_VERSION}, - {"DTLSv1.2", DTLS1_2_VERSION} + { "None", 0 }, + { "SSLv3", SSL3_VERSION }, + { "TLSv1", TLS1_VERSION }, + { "TLSv1.1", TLS1_1_VERSION }, + { "TLSv1.2", TLS1_2_VERSION }, + { "TLSv1.3", TLS1_3_VERSION }, + { "DTLSv1", DTLS1_VERSION }, + { "DTLSv1.2", DTLS1_2_VERSION } }; size_t i; size_t n = OSSL_NELEM(versions); @@ -374,20 +372,20 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) static const ssl_flag_tbl ssl_option_list[] = { SSL_FLAG_TBL_INV("SessionTicket", SSL_OP_NO_TICKET), SSL_FLAG_TBL_INV("EmptyFragments", - SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS), + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS), SSL_FLAG_TBL("Bugs", SSL_OP_ALL), SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION), SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE), SSL_FLAG_TBL_SRV("NoResumptionOnRenegotiation", - SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION), + SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION), SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE), SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE), SSL_FLAG_TBL("UnsafeLegacyRenegotiation", - SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), SSL_FLAG_TBL("UnsafeLegacyServerConnect", - SSL_OP_LEGACY_SERVER_CONNECT), + SSL_OP_LEGACY_SERVER_CONNECT), SSL_FLAG_TBL("ClientRenegotiation", - SSL_OP_ALLOW_CLIENT_RENEGOTIATION), + SSL_OP_ALLOW_CLIENT_RENEGOTIATION), SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC), SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION), SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX), @@ -411,13 +409,12 @@ static int cmd_VerifyMode(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_VFY_CLI("Peer", SSL_VERIFY_PEER), SSL_FLAG_VFY_SRV("Request", SSL_VERIFY_PEER), SSL_FLAG_VFY_SRV("Require", - SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT), + SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT), SSL_FLAG_VFY_SRV("Once", SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE), SSL_FLAG_VFY_SRV("RequestPostHandshake", - SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE), + SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE), SSL_FLAG_VFY_SRV("RequirePostHandshake", - SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE | - SSL_VERIFY_FAIL_IF_NO_PEER_CERT), + SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE | SSL_VERIFY_FAIL_IF_NO_PEER_CERT), }; if (value == NULL) return -3; @@ -470,8 +467,8 @@ static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value) } static int do_store(SSL_CONF_CTX *cctx, - const char *CAfile, const char *CApath, const char *CAstore, - int verify_store) + const char *CAfile, const char *CApath, const char *CAstore, + int verify_store) { CERT *cert; X509_STORE **st; @@ -503,8 +500,7 @@ static int do_store(SSL_CONF_CTX *cctx, return 0; if (CApath != NULL && !X509_STORE_load_path(*st, CApath)) return 0; - if (CAstore != NULL && !X509_STORE_load_store_ex(*st, CAstore, libctx, - propq)) + if (CAstore != NULL && !X509_STORE_load_store_ex(*st, CAstore, libctx, propq)) return 0; return 1; } @@ -598,14 +594,15 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) decoderctx = OSSL_DECODER_CTX_new_for_pkey(&dhpkey, "PEM", NULL, "DH", - OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - sslctx->libctx, sslctx->propq); + OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + sslctx->libctx, sslctx->propq); if (decoderctx == NULL) goto end; ERR_set_mark(); while (!OSSL_DECODER_from_bio(decoderctx, in) - && dhpkey == NULL - && !BIO_eof(in)); + && dhpkey == NULL + && !BIO_eof(in)) + ; OSSL_DECODER_CTX_free(decoderctx); if (dhpkey == NULL) { @@ -625,7 +622,7 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) if ((rv = SSL_set0_tmp_dh_pkey(cctx->ssl, dhpkey)) > 0) dhpkey = NULL; } - end: +end: EVP_PKEY_free(dhpkey); BIO_free(in); return rv > 0; @@ -649,7 +646,6 @@ static int cmd_RecordPadding(SSL_CONF_CTX *cctx, const char *value) return rv; } - static int cmd_NumTickets(SSL_CONF_CTX *cctx, const char *value) { int rv = 0; @@ -665,7 +661,7 @@ static int cmd_NumTickets(SSL_CONF_CTX *cctx, const char *value) } typedef struct { - int (*cmd) (SSL_CONF_CTX *cctx, const char *value); + int (*cmd)(SSL_CONF_CTX *cctx, const char *value); const char *str_file; const char *str_cmdline; unsigned short flags; @@ -675,13 +671,13 @@ typedef struct { /* Table of supported parameters */ #define SSL_CONF_CMD(name, cmdopt, flags, type) \ - {cmd_##name, #name, cmdopt, flags, type} + { cmd_##name, #name, cmdopt, flags, type } #define SSL_CONF_CMD_STRING(name, cmdopt, flags) \ - SSL_CONF_CMD(name, cmdopt, flags, SSL_CONF_TYPE_STRING) + SSL_CONF_CMD(name, cmdopt, flags, SSL_CONF_TYPE_STRING) #define SSL_CONF_CMD_SWITCH(name, flags) \ - {0, NULL, name, flags, SSL_CONF_TYPE_NONE} + { 0, NULL, name, flags, SSL_CONF_TYPE_NONE } /* See apps/include/opt.h if you change this table. */ /* The SSL_CONF_CMD_SWITCH should be the same order as ssl_cmd_switches */ @@ -723,84 +719,84 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_STRING(Options, NULL, 0), SSL_CONF_CMD_STRING(VerifyMode, NULL, 0), SSL_CONF_CMD(Certificate, "cert", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE), + SSL_CONF_TYPE_FILE), SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE), + SSL_CONF_TYPE_FILE), SSL_CONF_CMD(ServerInfoFile, NULL, - SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE), + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_FILE), SSL_CONF_CMD(ChainCAPath, "chainCApath", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_DIR), + SSL_CONF_TYPE_DIR), SSL_CONF_CMD(ChainCAFile, "chainCAfile", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE), + SSL_CONF_TYPE_FILE), SSL_CONF_CMD(ChainCAStore, "chainCAstore", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_STORE), + SSL_CONF_TYPE_STORE), SSL_CONF_CMD(VerifyCAPath, "verifyCApath", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_DIR), + SSL_CONF_TYPE_DIR), SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE), + SSL_CONF_TYPE_FILE), SSL_CONF_CMD(VerifyCAStore, "verifyCAstore", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_STORE), + SSL_CONF_TYPE_STORE), SSL_CONF_CMD(RequestCAFile, "requestCAFile", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE), + SSL_CONF_TYPE_FILE), SSL_CONF_CMD(ClientCAFile, NULL, - SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE), + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_FILE), SSL_CONF_CMD(RequestCAPath, NULL, SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_DIR), + SSL_CONF_TYPE_DIR), SSL_CONF_CMD(ClientCAPath, NULL, - SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_DIR), + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_DIR), SSL_CONF_CMD(RequestCAStore, "requestCAStore", SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_STORE), + SSL_CONF_TYPE_STORE), SSL_CONF_CMD(ClientCAStore, NULL, - SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_STORE), + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_STORE), SSL_CONF_CMD(DHParameters, "dhparam", - SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE), + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_FILE), SSL_CONF_CMD_STRING(RecordPadding, "record_padding", 0), SSL_CONF_CMD_STRING(NumTickets, "num_tickets", SSL_CONF_FLAG_SERVER), }; /* Supported switches: must match order of switches in ssl_conf_cmds */ static const ssl_switch_tbl ssl_cmd_switches[] = { - {SSL_OP_NO_SSLv3, 0}, /* no_ssl3 */ - {SSL_OP_NO_TLSv1, 0}, /* no_tls1 */ - {SSL_OP_NO_TLSv1_1, 0}, /* no_tls1_1 */ - {SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */ - {SSL_OP_NO_TLSv1_3, 0}, /* no_tls1_3 */ - {SSL_OP_ALL, 0}, /* bugs */ - {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */ - {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */ - {SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */ - {SSL_OP_NO_TICKET, 0}, /* no_ticket */ - {SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */ + { SSL_OP_NO_SSLv3, 0 }, /* no_ssl3 */ + { SSL_OP_NO_TLSv1, 0 }, /* no_tls1 */ + { SSL_OP_NO_TLSv1_1, 0 }, /* no_tls1_1 */ + { SSL_OP_NO_TLSv1_2, 0 }, /* no_tls1_2 */ + { SSL_OP_NO_TLSv1_3, 0 }, /* no_tls1_3 */ + { SSL_OP_ALL, 0 }, /* bugs */ + { SSL_OP_NO_COMPRESSION, 0 }, /* no_comp */ + { SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV }, /* comp */ + { SSL_OP_SINGLE_ECDH_USE, 0 }, /* ecdh_single */ + { SSL_OP_NO_TICKET, 0 }, /* no_ticket */ + { SSL_OP_CIPHER_SERVER_PREFERENCE, 0 }, /* serverpref */ /* legacy_renegotiation */ - {SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0}, + { SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0 }, /* Allow client renegotiation */ - {SSL_OP_ALLOW_CLIENT_RENEGOTIATION, 0}, + { SSL_OP_ALLOW_CLIENT_RENEGOTIATION, 0 }, /* legacy_server_connect */ - {SSL_OP_LEGACY_SERVER_CONNECT, 0}, + { SSL_OP_LEGACY_SERVER_CONNECT, 0 }, /* no_renegotiation */ - {SSL_OP_NO_RENEGOTIATION, 0}, + { SSL_OP_NO_RENEGOTIATION, 0 }, /* no_resumption_on_reneg */ - {SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, 0}, + { SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, 0 }, /* no_legacy_server_connect */ - {SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV}, + { SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV }, /* allow_no_dhe_kex */ - {SSL_OP_ALLOW_NO_DHE_KEX, 0}, + { SSL_OP_ALLOW_NO_DHE_KEX, 0 }, /* chacha reprioritization */ - {SSL_OP_PRIORITIZE_CHACHA, 0}, - {SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */ + { SSL_OP_PRIORITIZE_CHACHA, 0 }, + { SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT }, /* strict */ /* no_middlebox */ - {SSL_OP_ENABLE_MIDDLEBOX_COMPAT, SSL_TFLAG_INV}, + { SSL_OP_ENABLE_MIDDLEBOX_COMPAT, SSL_TFLAG_INV }, /* anti_replay */ - {SSL_OP_NO_ANTI_REPLAY, SSL_TFLAG_INV}, + { SSL_OP_NO_ANTI_REPLAY, SSL_TFLAG_INV }, /* no_anti_replay */ - {SSL_OP_NO_ANTI_REPLAY, 0}, + { SSL_OP_NO_ANTI_REPLAY, 0 }, /* no Encrypt-then-Mac */ - {SSL_OP_NO_ENCRYPT_THEN_MAC, 0}, + { SSL_OP_NO_ENCRYPT_THEN_MAC, 0 }, }; static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd) @@ -811,11 +807,9 @@ static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd) if (cctx->prefix) { if (strlen(*pcmd) <= cctx->prefixlen) return 0; - if (cctx->flags & SSL_CONF_FLAG_CMDLINE && - strncmp(*pcmd, cctx->prefix, cctx->prefixlen)) + if (cctx->flags & SSL_CONF_FLAG_CMDLINE && strncmp(*pcmd, cctx->prefix, cctx->prefixlen)) return 0; - if (cctx->flags & SSL_CONF_FLAG_FILE && - OPENSSL_strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen)) + if (cctx->flags & SSL_CONF_FLAG_FILE && OPENSSL_strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen)) return 0; *pcmd += cctx->prefixlen; } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { @@ -827,7 +821,7 @@ static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd) } /* Determine if a command is allowed according to cctx flags */ -static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * t) +static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl *t) { unsigned int tfl = t->flags; unsigned int cfl = cctx->flags; @@ -842,7 +836,7 @@ static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * t) } static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx, - const char *cmd) + const char *cmd) { const ssl_conf_cmd_tbl *t; size_t i; @@ -865,7 +859,7 @@ static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx, return NULL; } -static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * cmd) +static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl *cmd) { /* Find index of command in table */ size_t idx = cmd - ssl_conf_cmds; @@ -909,15 +903,15 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value) if (rv != -2) rv = 0; - bad_value: + bad_value: if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) ERR_raise_data(ERR_LIB_SSL, SSL_R_BAD_VALUE, - "cmd=%s, value=%s", cmd, - value != NULL ? value : "<EMPTY>"); + "cmd=%s, value=%s", cmd, + value != NULL ? value : "<EMPTY>"); return rv; } - unknown_cmd: +unknown_cmd: if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) ERR_raise_data(ERR_LIB_SSL, SSL_R_UNKNOWN_CMD_NAME, "cmd=%s", cmd); diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 75be692e0007..bea7973d946e 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -15,552 +15,552 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA SSL_str_reasons[] = { - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY), - "application data after close notify"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE), - "app data in handshake"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), - "attempt to reuse session in different context"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE), - "at least (D)TLS 1.2 needed in Suite B mode"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CHANGE_CIPHER_SPEC), - "bad change cipher spec"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CIPHER), "bad cipher"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA), "bad data"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), - "bad data returned by callback"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DECOMPRESSION), "bad decompression"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DH_VALUE), "bad dh value"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DIGEST_LENGTH), "bad digest length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EARLY_DATA), "bad early data"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECC_CERT), "bad ecc cert"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECPOINT), "bad ecpoint"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EXTENSION), "bad extension"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_LENGTH), - "bad handshake length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_STATE), - "bad handshake state"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HELLO_REQUEST), "bad hello request"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HRR_VERSION), "bad hrr version"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_SHARE), "bad key share"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_UPDATE), "bad key update"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LEGACY_VERSION), "bad legacy version"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LENGTH), "bad length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET), "bad packet"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET_LENGTH), "bad packet length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PROTOCOL_VERSION_NUMBER), - "bad protocol version number"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK), "bad psk"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK_IDENTITY), "bad psk identity"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RECORD_TYPE), "bad record type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SIGNATURE), "bad signature"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_A_LENGTH), "bad srp a length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_PARAMETERS), "bad srp parameters"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), - "bad srtp protection profile list"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SSL_FILETYPE), "bad ssl filetype"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_VALUE), "bad value"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_WRITE_RETRY), "bad write retry"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BINDER_DOES_NOT_VERIFY), - "binder does not verify"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BIO_NOT_SET), "bio not set"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), - "block cipher pad is wrong"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BN_LIB), "bn lib"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CALLBACK_FAILED), "callback failed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_CHANGE_CIPHER), - "cannot change cipher"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_GET_GROUP_NAME), - "cannot get group name"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_DN_LENGTH_MISMATCH), - "ca dn length mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_KEY_TOO_SMALL), "ca key too small"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_MD_TOO_WEAK), "ca md too weak"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CCS_RECEIVED_EARLY), "ccs received early"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERTIFICATE_VERIFY_FAILED), - "certificate verify failed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_CB_ERROR), "cert cb error"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_LENGTH_MISMATCH), - "cert length mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED), - "ciphersuite digest has changed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_CODE_WRONG_LENGTH), - "cipher code wrong length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSED_LENGTH_TOO_LONG), - "compressed length too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_DISABLED), - "compression disabled"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_FAILURE), - "compression failure"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), - "compression id not within private range"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_LIBRARY_ERROR), - "compression library error"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONNECTION_TYPE_NOT_SET), - "connection type not set"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONTEXT_NOT_DANE_ENABLED), - "context not dane enabled"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_GEN_CALLBACK_FAILURE), - "cookie gen callback failure"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_MISMATCH), "cookie mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COPY_PARAMETERS_FAILED), - "copy parameters failed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED), - "custom ext handler already installed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_ALREADY_ENABLED), - "dane already enabled"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL), - "dane cannot override mtype full"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_NOT_ENABLED), "dane not enabled"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_CERTIFICATE), - "dane tlsa bad certificate"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE), - "dane tlsa bad certificate usage"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_DATA_LENGTH), - "dane tlsa bad data length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH), - "dane tlsa bad digest length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE), - "dane tlsa bad matching type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY), - "dane tlsa bad public key"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_SELECTOR), - "dane tlsa bad selector"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_NULL_DATA), - "dane tlsa null data"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), - "data between ccs and finished"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_LENGTH_TOO_LONG), - "data length too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED), "decryption failed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), - "decryption failed or bad record mac"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_KEY_TOO_SMALL), "dh key too small"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), - "dh public value length is wrong"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DIGEST_CHECK_FAILED), - "digest check failed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DTLS_MESSAGE_TOO_BIG), - "dtls message too big"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DUPLICATE_COMPRESSION_ID), - "duplicate compression id"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECC_CERT_NOT_FOR_SIGNING), - "ecc cert not for signing"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE), - "ecdh required for suiteb mode"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EE_KEY_TOO_SMALL), "ee key too small"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), - "empty srtp protection profile list"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ENCRYPTED_LENGTH_TOO_LONG), - "encrypted length too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), - "error in received cipher list"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN), - "error setting tlsa base domain"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE), - "exceeds max fragment size"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCESSIVE_MESSAGE_SIZE), - "excessive message size"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTENSION_NOT_RECEIVED), - "extension not received"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTRA_DATA_IN_MESSAGE), - "extra data in message"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXT_LENGTH_MISMATCH), - "ext length mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FAILED_TO_INIT_ASYNC), - "failed to init async"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FRAGMENTED_CLIENT_HELLO), - "fragmented client hello"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_A_FIN_BEFORE_A_CCS), - "got a fin before a ccs"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTPS_PROXY_REQUEST), - "https proxy request"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTP_REQUEST), "http request"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_POINT_COMPRESSION), - "illegal point compression"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_SUITEB_DIGEST), - "illegal Suite B digest"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INAPPROPRIATE_FALLBACK), - "inappropriate fallback"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_COMPRESSION), - "inconsistent compression"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EARLY_DATA_ALPN), - "inconsistent early data alpn"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EARLY_DATA_SNI), - "inconsistent early data sni"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INSUFFICIENT_SECURITY), - "insufficient security"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_ALERT), "invalid alert"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CCS_MESSAGE), - "invalid ccs message"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CERTIFICATE_OR_ALG), - "invalid certificate or alg"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMMAND), "invalid command"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMPRESSION_ALGORITHM), - "invalid compression algorithm"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONFIG), "invalid config"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONFIGURATION_NAME), - "invalid configuration name"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONTEXT), "invalid context"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CT_VALIDATION_TYPE), - "invalid ct validation type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_KEY_UPDATE_TYPE), - "invalid key update type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_MAX_EARLY_DATA), - "invalid max early data"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_NULL_CMD_NAME), - "invalid null cmd name"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SEQUENCE_NUMBER), - "invalid sequence number"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SERVERINFO_DATA), - "invalid serverinfo data"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SESSION_ID), "invalid session id"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SRP_USERNAME), - "invalid srp username"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_STATUS_RESPONSE), - "invalid status response"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TICKET_KEYS_LENGTH), - "invalid ticket keys length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED), - "legacy sigalg disallowed or unsupported"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_MISMATCH), "length mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_LONG), "length too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_SHORT), "length too short"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_BUG), "library bug"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_HAS_NO_CIPHERS), - "library has no ciphers"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_DSA_SIGNING_CERT), - "missing dsa signing cert"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_ECDSA_SIGNING_CERT), - "missing ecdsa signing cert"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_FATAL), "missing fatal"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PSK_KEX_MODES_EXTENSION), - "missing psk kex modes extension"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE), - "missing rsa certificate"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT), - "missing rsa encrypting cert"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_SIGNING_CERT), - "missing rsa signing cert"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGALGS_EXTENSION), - "missing sigalgs extension"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGNING_CERT), - "missing signing cert"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SRP_PARAM), - "can't find SRP server param"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION), - "missing supported groups extension"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_ECDH_KEY), - "missing tmp ecdh key"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA), - "mixed handshake and non handshake data"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY), - "not on record boundary"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE), - "not replacing certificate"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_SERVER), "not server"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_APPLICATION_PROTOCOL), - "no application protocol"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATES_RETURNED), - "no certificates returned"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_ASSIGNED), - "no certificate assigned"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_SET), "no certificate set"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CHANGE_FOLLOWING_HRR), - "no change following hrr"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_AVAILABLE), - "no ciphers available"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_SPECIFIED), - "no ciphers specified"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHER_MATCH), "no cipher match"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CLIENT_CERT_METHOD), - "no client cert method"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COMPRESSION_SPECIFIED), - "no compression specified"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COOKIE_CALLBACK_SET), - "no cookie callback set"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), - "Peer haven't sent GOST certificate, required for selected ciphersuite"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_METHOD_SPECIFIED), - "no method specified"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PEM_EXTENSIONS), "no pem extensions"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PRIVATE_KEY_ASSIGNED), - "no private key assigned"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PROTOCOLS_AVAILABLE), - "no protocols available"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_RENEGOTIATION), "no renegotiation"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_REQUIRED_DIGEST), "no required digest"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_CIPHER), "no shared cipher"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_GROUPS), "no shared groups"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS), - "no shared signature algorithms"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SRTP_PROFILES), "no srtp profiles"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_DIGEST_ALGORITHM), - "no suitable digest algorithm"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_GROUPS), "no suitable groups"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_KEY_SHARE), - "no suitable key share"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM), - "no suitable signature algorithm"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VALID_SCTS), "no valid scts"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VERIFY_COOKIE_CALLBACK), - "no verify cookie callback"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED), - "null ssl method passed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE), - "ocsp callback failure"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), - "old session cipher not returned"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), - "old session compression algorithm not returned"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OVERFLOW_ERROR), "overflow error"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PACKET_LENGTH_TOO_LONG), - "packet length too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PARSE_TLSEXT), "parse tlsext"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PATH_TOO_LONG), "path too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), - "peer did not return a certificate"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_BAD_PREFIX), - "pem name bad prefix"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_TOO_SHORT), "pem name too short"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PIPELINE_FAILURE), "pipeline failure"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR), - "post handshake auth encoding err"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PRIVATE_KEY_MISMATCH), - "private key mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PROTOCOL_IS_SHUTDOWN), - "protocol is shutdown"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_IDENTITY_NOT_FOUND), - "psk identity not found"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_CLIENT_CB), "psk no client cb"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_SERVER_CB), "psk no server cb"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_BIO_NOT_SET), "read bio not set"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_TIMEOUT_EXPIRED), - "read timeout expired"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_LENGTH_MISMATCH), - "record length mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_TOO_SMALL), "record too small"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATE_EXT_TOO_LONG), - "renegotiate ext too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_ENCODING_ERR), - "renegotiation encoding err"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_MISMATCH), - "renegotiation mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUEST_PENDING), "request pending"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUEST_SENT), "request sent"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_CIPHER_MISSING), - "required cipher missing"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING), - "required compression algorithm missing"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), - "scsv received when renegotiating"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCT_VERIFICATION_FAILED), - "sct verification failed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SERVERHELLO_TLSEXT), "serverhello tlsext"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), - "session id context uninitialized"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHUTDOWN_WHILE_IN_INIT), - "shutdown while in init"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_ALGORITHMS_ERROR), - "signature algorithms error"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), - "signature for non signing certificate"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRP_A_CALC), "error with the srp params"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), - "srtp could not allocate profiles"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), - "srtp protection profile list too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), - "srtp unknown protection profile"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH), - "ssl3 ext invalid max fragment length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME), - "ssl3 ext invalid servername"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), - "ssl3 ext invalid servername type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_SESSION_ID_TOO_LONG), - "ssl3 session id too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), - "sslv3 alert bad certificate"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), - "sslv3 alert bad record mac"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), - "sslv3 alert certificate expired"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), - "sslv3 alert certificate revoked"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), - "sslv3 alert certificate unknown"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), - "sslv3 alert decompression failure"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), - "sslv3 alert handshake failure"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), - "sslv3 alert illegal parameter"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_NO_CERTIFICATE), - "sslv3 alert no certificate"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), - "sslv3 alert unexpected message"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), - "sslv3 alert unsupported certificate"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_EMPTY), - "ssl command section empty"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND), - "ssl command section not found"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), - "ssl ctx has no default ssl version"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_HANDSHAKE_FAILURE), - "ssl handshake failure"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), - "ssl library has no ciphers"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_NEGATIVE_LENGTH), - "ssl negative length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SECTION_EMPTY), "ssl section empty"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SECTION_NOT_FOUND), - "ssl section not found"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), - "ssl session id callback failed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONFLICT), - "ssl session id conflict"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), - "ssl session id context too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), - "ssl session id has bad length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_TOO_LONG), - "ssl session id too long"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_VERSION_MISMATCH), - "ssl session version mismatch"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_STILL_IN_INIT), "still in init"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED), - "tlsv13 alert certificate required"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_MISSING_EXTENSION), - "tlsv13 alert missing extension"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_ACCESS_DENIED), - "tlsv1 alert access denied"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECODE_ERROR), - "tlsv1 alert decode error"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), - "tlsv1 alert decryption failed"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPT_ERROR), - "tlsv1 alert decrypt error"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), - "tlsv1 alert export restriction"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK), - "tlsv1 alert inappropriate fallback"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), - "tlsv1 alert insufficient security"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INTERNAL_ERROR), - "tlsv1 alert internal error"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL), - "tlsv1 alert no application protocol"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), - "tlsv1 alert no renegotiation"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), - "tlsv1 alert protocol version"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), - "tlsv1 alert record overflow"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_CA), - "tlsv1 alert unknown ca"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY), - "tlsv1 alert unknown psk identity"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_USER_CANCELLED), - "tlsv1 alert user cancelled"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), - "tlsv1 bad certificate hash value"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), - "tlsv1 bad certificate status response"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), - "tlsv1 certificate unobtainable"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNRECOGNIZED_NAME), - "tlsv1 unrecognized name"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNSUPPORTED_EXTENSION), - "tlsv1 unsupported extension"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), - "tls illegal exporter label"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), - "tls invalid ecpointformat list"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_KEY_UPDATES), - "too many key updates"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_WARN_ALERTS), - "too many warn alerts"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MUCH_EARLY_DATA), - "too much early data"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), - "unable to find ecdh parameters"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), - "unable to find public key parameters"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), - "unable to load ssl3 md5 routines"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), - "unable to load ssl3 sha1 routines"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_CCS_MESSAGE), - "unexpected ccs message"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA), - "unexpected end of early data"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING), - "unexpected eof while reading"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CERTIFICATE_TYPE), - "unknown certificate type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_RETURNED), - "unknown cipher returned"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_TYPE), - "unknown cipher type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_COMMAND), "unknown command"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_DIGEST), "unknown digest"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), - "unknown key exchange type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_SSL_VERSION), - "unknown ssl version"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_STATE), "unknown state"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), - "unsafe legacy renegotiation disabled"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSOLICITED_EXTENSION), - "unsolicited extension"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), - "unsupported compression algorithm"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), - "unsupported elliptic curve"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_PROTOCOL), - "unsupported protocol"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_SSL_VERSION), - "unsupported ssl version"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_STATUS_TYPE), - "unsupported status type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_USE_SRTP_NOT_NEGOTIATED), - "use srtp not negotiated"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_VERSION_TOO_HIGH), "version too high"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_VERSION_TOO_LOW), "version too low"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CERTIFICATE_TYPE), - "wrong certificate type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CIPHER_RETURNED), - "wrong cipher returned"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CURVE), "wrong curve"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_LENGTH), - "wrong signature length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_SIZE), - "wrong signature size"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_TYPE), - "wrong signature type"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SSL_VERSION), "wrong ssl version"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_VERSION_NUMBER), - "wrong version number"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_LIB), "x509 lib"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), - "x509 verification setup problems"}, - {0, NULL} + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY), + "application data after close notify" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE), + "app data in handshake" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), + "attempt to reuse session in different context" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE), + "at least (D)TLS 1.2 needed in Suite B mode" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CHANGE_CIPHER_SPEC), + "bad change cipher spec" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CIPHER), "bad cipher" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA), "bad data" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), + "bad data returned by callback" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DECOMPRESSION), "bad decompression" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DH_VALUE), "bad dh value" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DIGEST_LENGTH), "bad digest length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EARLY_DATA), "bad early data" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECC_CERT), "bad ecc cert" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECPOINT), "bad ecpoint" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EXTENSION), "bad extension" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_LENGTH), + "bad handshake length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_STATE), + "bad handshake state" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HELLO_REQUEST), "bad hello request" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HRR_VERSION), "bad hrr version" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_SHARE), "bad key share" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_UPDATE), "bad key update" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LEGACY_VERSION), "bad legacy version" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LENGTH), "bad length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET), "bad packet" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET_LENGTH), "bad packet length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PROTOCOL_VERSION_NUMBER), + "bad protocol version number" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK), "bad psk" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK_IDENTITY), "bad psk identity" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RECORD_TYPE), "bad record type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SIGNATURE), "bad signature" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_A_LENGTH), "bad srp a length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_PARAMETERS), "bad srp parameters" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), + "bad srtp protection profile list" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SSL_FILETYPE), "bad ssl filetype" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_VALUE), "bad value" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_WRITE_RETRY), "bad write retry" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BINDER_DOES_NOT_VERIFY), + "binder does not verify" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BIO_NOT_SET), "bio not set" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), + "block cipher pad is wrong" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BN_LIB), "bn lib" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CALLBACK_FAILED), "callback failed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_CHANGE_CIPHER), + "cannot change cipher" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_GET_GROUP_NAME), + "cannot get group name" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_DN_LENGTH_MISMATCH), + "ca dn length mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_KEY_TOO_SMALL), "ca key too small" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_MD_TOO_WEAK), "ca md too weak" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CCS_RECEIVED_EARLY), "ccs received early" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERTIFICATE_VERIFY_FAILED), + "certificate verify failed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_CB_ERROR), "cert cb error" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_LENGTH_MISMATCH), + "cert length mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED), + "ciphersuite digest has changed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_CODE_WRONG_LENGTH), + "cipher code wrong length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSED_LENGTH_TOO_LONG), + "compressed length too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_DISABLED), + "compression disabled" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_FAILURE), + "compression failure" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), + "compression id not within private range" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_LIBRARY_ERROR), + "compression library error" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONNECTION_TYPE_NOT_SET), + "connection type not set" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONTEXT_NOT_DANE_ENABLED), + "context not dane enabled" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_GEN_CALLBACK_FAILURE), + "cookie gen callback failure" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_MISMATCH), "cookie mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COPY_PARAMETERS_FAILED), + "copy parameters failed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED), + "custom ext handler already installed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_ALREADY_ENABLED), + "dane already enabled" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL), + "dane cannot override mtype full" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_NOT_ENABLED), "dane not enabled" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_CERTIFICATE), + "dane tlsa bad certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE), + "dane tlsa bad certificate usage" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_DATA_LENGTH), + "dane tlsa bad data length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH), + "dane tlsa bad digest length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE), + "dane tlsa bad matching type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY), + "dane tlsa bad public key" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_SELECTOR), + "dane tlsa bad selector" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_NULL_DATA), + "dane tlsa null data" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), + "data between ccs and finished" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_LENGTH_TOO_LONG), + "data length too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED), "decryption failed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), + "decryption failed or bad record mac" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_KEY_TOO_SMALL), "dh key too small" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), + "dh public value length is wrong" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DIGEST_CHECK_FAILED), + "digest check failed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DTLS_MESSAGE_TOO_BIG), + "dtls message too big" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DUPLICATE_COMPRESSION_ID), + "duplicate compression id" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECC_CERT_NOT_FOR_SIGNING), + "ecc cert not for signing" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE), + "ecdh required for suiteb mode" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EE_KEY_TOO_SMALL), "ee key too small" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), + "empty srtp protection profile list" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ENCRYPTED_LENGTH_TOO_LONG), + "encrypted length too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), + "error in received cipher list" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN), + "error setting tlsa base domain" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE), + "exceeds max fragment size" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCESSIVE_MESSAGE_SIZE), + "excessive message size" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTENSION_NOT_RECEIVED), + "extension not received" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTRA_DATA_IN_MESSAGE), + "extra data in message" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXT_LENGTH_MISMATCH), + "ext length mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FAILED_TO_INIT_ASYNC), + "failed to init async" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FRAGMENTED_CLIENT_HELLO), + "fragmented client hello" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_A_FIN_BEFORE_A_CCS), + "got a fin before a ccs" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTPS_PROXY_REQUEST), + "https proxy request" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTP_REQUEST), "http request" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_POINT_COMPRESSION), + "illegal point compression" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_SUITEB_DIGEST), + "illegal Suite B digest" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INAPPROPRIATE_FALLBACK), + "inappropriate fallback" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_COMPRESSION), + "inconsistent compression" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EARLY_DATA_ALPN), + "inconsistent early data alpn" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EARLY_DATA_SNI), + "inconsistent early data sni" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EXTMS), "inconsistent extms" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INSUFFICIENT_SECURITY), + "insufficient security" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_ALERT), "invalid alert" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CCS_MESSAGE), + "invalid ccs message" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CERTIFICATE_OR_ALG), + "invalid certificate or alg" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMMAND), "invalid command" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMPRESSION_ALGORITHM), + "invalid compression algorithm" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONFIG), "invalid config" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONFIGURATION_NAME), + "invalid configuration name" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONTEXT), "invalid context" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CT_VALIDATION_TYPE), + "invalid ct validation type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_KEY_UPDATE_TYPE), + "invalid key update type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_MAX_EARLY_DATA), + "invalid max early data" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_NULL_CMD_NAME), + "invalid null cmd name" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SEQUENCE_NUMBER), + "invalid sequence number" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SERVERINFO_DATA), + "invalid serverinfo data" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SESSION_ID), "invalid session id" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SRP_USERNAME), + "invalid srp username" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_STATUS_RESPONSE), + "invalid status response" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TICKET_KEYS_LENGTH), + "invalid ticket keys length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED), + "legacy sigalg disallowed or unsupported" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_MISMATCH), "length mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_LONG), "length too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_SHORT), "length too short" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_BUG), "library bug" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_HAS_NO_CIPHERS), + "library has no ciphers" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_DSA_SIGNING_CERT), + "missing dsa signing cert" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_ECDSA_SIGNING_CERT), + "missing ecdsa signing cert" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_FATAL), "missing fatal" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PSK_KEX_MODES_EXTENSION), + "missing psk kex modes extension" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE), + "missing rsa certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT), + "missing rsa encrypting cert" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_SIGNING_CERT), + "missing rsa signing cert" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGALGS_EXTENSION), + "missing sigalgs extension" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGNING_CERT), + "missing signing cert" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SRP_PARAM), + "can't find SRP server param" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION), + "missing supported groups extension" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_ECDH_KEY), + "missing tmp ecdh key" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA), + "mixed handshake and non handshake data" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY), + "not on record boundary" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE), + "not replacing certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_SERVER), "not server" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_APPLICATION_PROTOCOL), + "no application protocol" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATES_RETURNED), + "no certificates returned" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_ASSIGNED), + "no certificate assigned" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_SET), "no certificate set" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CHANGE_FOLLOWING_HRR), + "no change following hrr" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_AVAILABLE), + "no ciphers available" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_SPECIFIED), + "no ciphers specified" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHER_MATCH), "no cipher match" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CLIENT_CERT_METHOD), + "no client cert method" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COMPRESSION_SPECIFIED), + "no compression specified" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COOKIE_CALLBACK_SET), + "no cookie callback set" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), + "Peer haven't sent GOST certificate, required for selected ciphersuite" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_METHOD_SPECIFIED), + "no method specified" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PEM_EXTENSIONS), "no pem extensions" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PRIVATE_KEY_ASSIGNED), + "no private key assigned" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PROTOCOLS_AVAILABLE), + "no protocols available" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_RENEGOTIATION), "no renegotiation" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_REQUIRED_DIGEST), "no required digest" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_CIPHER), "no shared cipher" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_GROUPS), "no shared groups" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS), + "no shared signature algorithms" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SRTP_PROFILES), "no srtp profiles" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_DIGEST_ALGORITHM), + "no suitable digest algorithm" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_GROUPS), "no suitable groups" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_KEY_SHARE), + "no suitable key share" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM), + "no suitable signature algorithm" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VALID_SCTS), "no valid scts" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VERIFY_COOKIE_CALLBACK), + "no verify cookie callback" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED), + "null ssl method passed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE), + "ocsp callback failure" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), + "old session cipher not returned" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), + "old session compression algorithm not returned" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OVERFLOW_ERROR), "overflow error" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PACKET_LENGTH_TOO_LONG), + "packet length too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PARSE_TLSEXT), "parse tlsext" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PATH_TOO_LONG), "path too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), + "peer did not return a certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_BAD_PREFIX), + "pem name bad prefix" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_TOO_SHORT), "pem name too short" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PIPELINE_FAILURE), "pipeline failure" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR), + "post handshake auth encoding err" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PRIVATE_KEY_MISMATCH), + "private key mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PROTOCOL_IS_SHUTDOWN), + "protocol is shutdown" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_IDENTITY_NOT_FOUND), + "psk identity not found" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_CLIENT_CB), "psk no client cb" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_SERVER_CB), "psk no server cb" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_BIO_NOT_SET), "read bio not set" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_TIMEOUT_EXPIRED), + "read timeout expired" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_LENGTH_MISMATCH), + "record length mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_TOO_SMALL), "record too small" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATE_EXT_TOO_LONG), + "renegotiate ext too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_ENCODING_ERR), + "renegotiation encoding err" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_MISMATCH), + "renegotiation mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUEST_PENDING), "request pending" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUEST_SENT), "request sent" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_CIPHER_MISSING), + "required cipher missing" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING), + "required compression algorithm missing" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), + "scsv received when renegotiating" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCT_VERIFICATION_FAILED), + "sct verification failed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SERVERHELLO_TLSEXT), "serverhello tlsext" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), + "session id context uninitialized" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHUTDOWN_WHILE_IN_INIT), + "shutdown while in init" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_ALGORITHMS_ERROR), + "signature algorithms error" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), + "signature for non signing certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRP_A_CALC), "error with the srp params" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), + "srtp could not allocate profiles" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), + "srtp protection profile list too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), + "srtp unknown protection profile" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH), + "ssl3 ext invalid max fragment length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME), + "ssl3 ext invalid servername" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), + "ssl3 ext invalid servername type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_SESSION_ID_TOO_LONG), + "ssl3 session id too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), + "sslv3 alert bad certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), + "sslv3 alert bad record mac" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), + "sslv3 alert certificate expired" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), + "sslv3 alert certificate revoked" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), + "sslv3 alert certificate unknown" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), + "sslv3 alert decompression failure" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), + "sslv3 alert handshake failure" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), + "sslv3 alert illegal parameter" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_NO_CERTIFICATE), + "sslv3 alert no certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), + "sslv3 alert unexpected message" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), + "sslv3 alert unsupported certificate" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_EMPTY), + "ssl command section empty" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND), + "ssl command section not found" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), + "ssl ctx has no default ssl version" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_HANDSHAKE_FAILURE), + "ssl handshake failure" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), + "ssl library has no ciphers" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_NEGATIVE_LENGTH), + "ssl negative length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SECTION_EMPTY), "ssl section empty" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SECTION_NOT_FOUND), + "ssl section not found" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), + "ssl session id callback failed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONFLICT), + "ssl session id conflict" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), + "ssl session id context too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), + "ssl session id has bad length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_TOO_LONG), + "ssl session id too long" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_VERSION_MISMATCH), + "ssl session version mismatch" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_STILL_IN_INIT), "still in init" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED), + "tlsv13 alert certificate required" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_MISSING_EXTENSION), + "tlsv13 alert missing extension" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_ACCESS_DENIED), + "tlsv1 alert access denied" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECODE_ERROR), + "tlsv1 alert decode error" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), + "tlsv1 alert decryption failed" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPT_ERROR), + "tlsv1 alert decrypt error" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), + "tlsv1 alert export restriction" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK), + "tlsv1 alert inappropriate fallback" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), + "tlsv1 alert insufficient security" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INTERNAL_ERROR), + "tlsv1 alert internal error" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL), + "tlsv1 alert no application protocol" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), + "tlsv1 alert no renegotiation" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), + "tlsv1 alert protocol version" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), + "tlsv1 alert record overflow" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_CA), + "tlsv1 alert unknown ca" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY), + "tlsv1 alert unknown psk identity" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_USER_CANCELLED), + "tlsv1 alert user cancelled" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), + "tlsv1 bad certificate hash value" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), + "tlsv1 bad certificate status response" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), + "tlsv1 certificate unobtainable" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNRECOGNIZED_NAME), + "tlsv1 unrecognized name" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNSUPPORTED_EXTENSION), + "tlsv1 unsupported extension" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), + "tls illegal exporter label" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), + "tls invalid ecpointformat list" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_KEY_UPDATES), + "too many key updates" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_WARN_ALERTS), + "too many warn alerts" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MUCH_EARLY_DATA), + "too much early data" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), + "unable to find ecdh parameters" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), + "unable to find public key parameters" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), + "unable to load ssl3 md5 routines" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), + "unable to load ssl3 sha1 routines" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_CCS_MESSAGE), + "unexpected ccs message" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA), + "unexpected end of early data" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING), + "unexpected eof while reading" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CERTIFICATE_TYPE), + "unknown certificate type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_RETURNED), + "unknown cipher returned" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_TYPE), + "unknown cipher type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_COMMAND), "unknown command" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_DIGEST), "unknown digest" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), + "unknown key exchange type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PROTOCOL), "unknown protocol" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_SSL_VERSION), + "unknown ssl version" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_STATE), "unknown state" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), + "unsafe legacy renegotiation disabled" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSOLICITED_EXTENSION), + "unsolicited extension" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), + "unsupported compression algorithm" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), + "unsupported elliptic curve" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_PROTOCOL), + "unsupported protocol" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_SSL_VERSION), + "unsupported ssl version" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_STATUS_TYPE), + "unsupported status type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_USE_SRTP_NOT_NEGOTIATED), + "use srtp not negotiated" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_VERSION_TOO_HIGH), "version too high" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_VERSION_TOO_LOW), "version too low" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CERTIFICATE_TYPE), + "wrong certificate type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CIPHER_RETURNED), + "wrong cipher returned" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CURVE), "wrong curve" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_LENGTH), + "wrong signature length" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_SIZE), + "wrong signature size" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_TYPE), + "wrong signature type" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SSL_VERSION), "wrong ssl version" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_VERSION_NUMBER), + "wrong version number" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_LIB), "x509 lib" }, + { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), + "x509 verification setup problems" }, + { 0, NULL } }; #endif diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index db0234d7a423..03ff3fd8de32 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -27,7 +27,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) { #ifndef OPENSSL_NO_COMP OSSL_TRACE(INIT, "ossl_init_ssl_base: " - "SSL_COMP_get_compression_methods()\n"); + "SSL_COMP_get_compression_methods()\n"); /* * This will initialise the built-in compression algorithms. The value * returned is a STACK_OF(SSL_COMP), but that can be discarded safely @@ -35,7 +35,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) SSL_COMP_get_compression_methods(); #endif ssl_sort_cipher_list(); - OSSL_TRACE(INIT,"ossl_init_ssl_base: SSL_add_ssl_module()\n"); + OSSL_TRACE(INIT, "ossl_init_ssl_base: SSL_add_ssl_module()\n"); /* * We ignore an error return here. Not much we can do - but not that bad * either. We can still safely continue. @@ -61,7 +61,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) } DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings, - ossl_init_load_ssl_strings) + ossl_init_load_ssl_strings) { /* Do nothing in this case */ return 1; @@ -77,7 +77,7 @@ static void ssl_library_stop(void) if (ssl_base_inited) { #ifndef OPENSSL_NO_COMP OSSL_TRACE(INIT, "ssl_library_stop: " - "ssl_comp_free_compression_methods_int()\n"); + "ssl_comp_free_compression_methods_int()\n"); ssl_comp_free_compression_methods_int(); #endif } @@ -88,7 +88,7 @@ static void ssl_library_stop(void) * called prior to any threads making calls to any OpenSSL functions, * i.e. passing a non-null settings value is assumed to be single-threaded. */ -int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) +int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) { static int stoperrset = 0; @@ -106,7 +106,7 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) } opts |= OPENSSL_INIT_ADD_ALL_CIPHERS - | OPENSSL_INIT_ADD_ALL_DIGESTS; + | OPENSSL_INIT_ADD_ALL_DIGESTS; #ifndef OPENSSL_NO_AUTOLOAD_CONFIG if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) == 0) opts |= OPENSSL_INIT_LOAD_CONFIG; @@ -120,7 +120,7 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings, - ossl_init_load_ssl_strings)) + ossl_init_load_ssl_strings)) return 0; if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index e628140dfae9..0cfe869acc34 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -26,19 +26,19 @@ #include "internal/ktls.h" static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t, - SSL_MAC_BUF *mac, size_t macsize) + SSL_MAC_BUF *mac, size_t macsize) { return ssl_undefined_function(ssl); } static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s, - int t) + int t) { return ssl_undefined_function(ssl); } static int ssl_undefined_function_3(SSL *ssl, unsigned char *r, - unsigned char *s, size_t t, size_t *u) + unsigned char *s, size_t t, size_t *u) { return ssl_undefined_function(ssl); } @@ -49,7 +49,7 @@ static int ssl_undefined_function_4(SSL *ssl, int r) } static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s, - unsigned char *t) + unsigned char *t) { return ssl_undefined_function(ssl); } @@ -60,8 +60,8 @@ static int ssl_undefined_function_6(int r) } static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s, - const char *t, size_t u, - const unsigned char *v, size_t w, int x) + const char *t, size_t u, + const unsigned char *v, size_t w, int x) { return ssl_undefined_function(ssl); } @@ -73,10 +73,10 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { ssl_undefined_function_3, ssl_undefined_function_4, ssl_undefined_function_5, - NULL, /* client_finished_label */ - 0, /* client_finished_label_len */ - NULL, /* server_finished_label */ - 0, /* server_finished_label_len */ + NULL, /* client_finished_label */ + 0, /* client_finished_label_len */ + NULL, /* server_finished_label */ + 0, /* server_finished_label_len */ ssl_undefined_function_6, ssl_undefined_function_7, }; @@ -85,11 +85,13 @@ struct ssl_async_args { SSL *s; void *buf; size_t num; - enum { READFUNC, WRITEFUNC, OTHERFUNC } type; + enum { READFUNC, + WRITEFUNC, + OTHERFUNC } type; union { - int (*func_read) (SSL *, void *, size_t, size_t *); - int (*func_write) (SSL *, const void *, size_t, size_t *); - int (*func_other) (SSL *); + int (*func_read)(SSL *, void *, size_t, size_t *); + int (*func_write)(SSL *, const void *, size_t, size_t *); + int (*func_other)(SSL *); } f; }; @@ -98,15 +100,9 @@ static const struct { uint8_t ord; int nid; } dane_mds[] = { - { - DANETLS_MATCHING_FULL, 0, NID_undef - }, - { - DANETLS_MATCHING_2256, 1, NID_sha256 - }, - { - DANETLS_MATCHING_2512, 2, NID_sha512 - }, + { DANETLS_MATCHING_FULL, 0, NID_undef }, + { DANETLS_MATCHING_2256, 1, NID_sha256 }, + { DANETLS_MATCHING_2512, 2, NID_sha512 }, }; static int dane_ctx_enable(struct dane_ctx_st *dctx) @@ -114,7 +110,7 @@ static int dane_ctx_enable(struct dane_ctx_st *dctx) const EVP_MD **mdevp; uint8_t *mdord; uint8_t mdmax = DANETLS_MATCHING_LAST; - int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */ + int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */ size_t i; if (dctx->mdevp != NULL) @@ -134,8 +130,7 @@ static int dane_ctx_enable(struct dane_ctx_st *dctx) for (i = 0; i < OSSL_NELEM(dane_mds); ++i) { const EVP_MD *md; - if (dane_mds[i].nid == NID_undef || - (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL) + if (dane_mds[i].nid == NID_undef || (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL) continue; mdevp[dane_mds[i].mtype] = md; mdord[dane_mds[i].mtype] = dane_mds[i].ord; @@ -208,14 +203,15 @@ static int ssl_dane_dup(SSL *to, SSL *from) danetls_record *t = sk_danetls_record_value(from->dane.trecs, i); if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype, - t->data, t->dlen) <= 0) + t->data, t->dlen) + <= 0) return 0; } return 1; } static int dane_mtype_set(struct dane_ctx_st *dctx, - const EVP_MD *md, uint8_t mtype, uint8_t ord) + const EVP_MD *md, uint8_t mtype, uint8_t ord) { int i; @@ -267,9 +263,9 @@ static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype) } static int dane_tlsa_add(SSL_DANE *dane, - uint8_t usage, - uint8_t selector, - uint8_t mtype, const unsigned char *data, size_t dlen) + uint8_t usage, + uint8_t selector, + uint8_t mtype, const unsigned char *data, size_t dlen) { danetls_record *t; const EVP_MD *md = NULL; @@ -339,8 +335,7 @@ static int dane_tlsa_add(SSL_DANE *dane, switch (selector) { case DANETLS_SELECTOR_CERT: - if (!d2i_X509(&cert, &p, ilen) || p < data || - dlen != (size_t)(p - data)) { + if (!d2i_X509(&cert, &p, ilen) || p < data || dlen != (size_t)(p - data)) { X509_free(cert); tlsa_free(t); ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE); @@ -357,7 +352,7 @@ static int dane_tlsa_add(SSL_DANE *dane, /* * The Full(0) certificate decodes to a seemingly valid X.509 * object with a plausible key, so the TLSA record is well - * formed. However, we don't actually need the certifiate for + * formed. However, we don't actually need the certificate for * usages PKIX-EE(1) or DANE-EE(3), because at least the EE * certificate is always presented by the peer. We discard the * certificate, and just use the TLSA data as an opaque blob @@ -377,9 +372,7 @@ static int dane_tlsa_add(SSL_DANE *dane, * the chain with untrusted Full(0) certificates from DNS, in case * they are missing from the chain. */ - if ((dane->certs == NULL && - (dane->certs = sk_X509_new_null()) == NULL) || - !sk_X509_push(dane->certs, cert)) { + if ((dane->certs == NULL && (dane->certs = sk_X509_new_null()) == NULL) || !sk_X509_push(dane->certs, cert)) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); X509_free(cert); tlsa_free(t); @@ -388,8 +381,7 @@ static int dane_tlsa_add(SSL_DANE *dane, break; case DANETLS_SELECTOR_SPKI: - if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data || - dlen != (size_t)(p - data)) { + if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data || dlen != (size_t)(p - data)) { EVP_PKEY_free(pkey); tlsa_free(t); ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY); @@ -497,7 +489,7 @@ static int ssl_check_allowed_versions(int min_version, int max_version) || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION) && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version)) #endif - ) + ) return 0; } else { /* Regular TLS version checks. */ @@ -554,7 +546,7 @@ static int ssl_check_allowed_versions(int min_version, int max_version) #ifdef OPENSSL_NO_TLS1_3 || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version) #endif - ) + ) return 0; } return 1; @@ -566,13 +558,12 @@ static int ssl_check_allowed_versions(int min_version, int max_version) * This is used by platform version identification tools. * Do not inline this procedure or make it static. */ -# define OPENSSL_VPROC_STRING_(x) x##_SSL -# define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x) -# define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC) -void OPENSSL_VPROC_FUNC(void) {} +#define OPENSSL_VPROC_STRING_(x) x##_SSL +#define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x) +#define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC) +void OPENSSL_VPROC_FUNC(void) { } #endif - static void clear_ciphers(SSL *s) { /* clear the current cipher */ @@ -672,10 +663,10 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) return 0; } sk = ssl_create_cipher_list(ctx, - ctx->tls13_ciphersuites, - &(ctx->cipher_list), - &(ctx->cipher_list_by_id), - OSSL_default_cipher_list(), ctx->cert); + ctx->tls13_ciphersuites, + &(ctx->cipher_list), + &(ctx->cipher_list_by_id), + OSSL_default_cipher_list(), ctx->cert); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return 0; @@ -784,21 +775,18 @@ SSL *SSL_new(SSL_CTX *ctx) SSL_CTX_up_ref(ctx); s->session_ctx = ctx; if (ctx->ext.ecpointformats) { - s->ext.ecpointformats = - OPENSSL_memdup(ctx->ext.ecpointformats, - ctx->ext.ecpointformats_len); + s->ext.ecpointformats = OPENSSL_memdup(ctx->ext.ecpointformats, + ctx->ext.ecpointformats_len); if (!s->ext.ecpointformats) { s->ext.ecpointformats_len = 0; goto err; } - s->ext.ecpointformats_len = - ctx->ext.ecpointformats_len; + s->ext.ecpointformats_len = ctx->ext.ecpointformats_len; } if (ctx->ext.supportedgroups) { - s->ext.supportedgroups = - OPENSSL_memdup(ctx->ext.supportedgroups, - ctx->ext.supportedgroups_len - * sizeof(*ctx->ext.supportedgroups)); + s->ext.supportedgroups = OPENSSL_memdup(ctx->ext.supportedgroups, + ctx->ext.supportedgroups_len + * sizeof(*ctx->ext.supportedgroups)); if (!s->ext.supportedgroups) { s->ext.supportedgroups_len = 0; goto err; @@ -858,12 +846,12 @@ SSL *SSL_new(SSL_CTX *ctx) #ifndef OPENSSL_NO_CT if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback, - ctx->ct_validation_callback_arg)) + ctx->ct_validation_callback_arg)) goto err; #endif return s; - err: +err: SSL_free(s); ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return NULL; @@ -887,7 +875,7 @@ int SSL_up_ref(SSL *s) } int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, - unsigned int sid_ctx_len) + unsigned int sid_ctx_len) { if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); @@ -900,7 +888,7 @@ int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, } int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, - unsigned int sid_ctx_len) + unsigned int sid_ctx_len) { if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); @@ -931,7 +919,7 @@ int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) } int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, - unsigned int id_len) + unsigned int id_len) { /* * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how @@ -990,8 +978,7 @@ int SSL_add1_host(SSL *s, const char *hostname) { /* If a hostname is provided and parses as an IP address, * treat it as such. */ - if (hostname) - { + if (hostname) { ASN1_OCTET_STRING *ip; char *old_ip; @@ -1001,8 +988,7 @@ int SSL_add1_host(SSL *s, const char *hostname) ASN1_OCTET_STRING_free(ip); old_ip = X509_VERIFY_PARAM_get1_ip_asc(s->param); - if (old_ip) - { + if (old_ip) { OPENSSL_free(old_ip); /* There can be only one IP address */ return 0; @@ -1121,7 +1107,7 @@ int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki) } int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, - uint8_t *mtype, const unsigned char **data, size_t *dlen) + uint8_t *mtype, const unsigned char **data, size_t *dlen) { SSL_DANE *dane = &s->dane; @@ -1148,13 +1134,13 @@ SSL_DANE *SSL_get0_dane(SSL *s) } int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, - uint8_t mtype, const unsigned char *data, size_t dlen) + uint8_t mtype, const unsigned char *data, size_t dlen) { return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen); } int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype, - uint8_t ord) + uint8_t ord) { return dane_mtype_set(&ctx->dane, md, mtype, ord); } @@ -1406,17 +1392,8 @@ int SSL_set_fd(SSL *s, int fd) } BIO_set_fd(bio, fd, BIO_NOCLOSE); SSL_set_bio(s, bio, bio); -#ifndef OPENSSL_NO_KTLS - /* - * The new socket is created successfully regardless of ktls_enable. - * ktls_enable doesn't change any functionality of the socket, except - * changing the setsockopt to enable the processing of ktls_start. - * Thus, it is not a problem to call it for non-TLS sockets. - */ - ktls_enable(fd); -#endif /* OPENSSL_NO_KTLS */ ret = 1; - err: +err: return ret; } @@ -1434,15 +1411,6 @@ int SSL_set_wfd(SSL *s, int fd) } BIO_set_fd(bio, fd, BIO_NOCLOSE); SSL_set0_wbio(s, bio); -#ifndef OPENSSL_NO_KTLS - /* - * The new socket is created successfully regardless of ktls_enable. - * ktls_enable doesn't change any functionality of the socket, except - * changing the setsockopt to enable the processing of ktls_start. - * Thus, it is not a problem to call it for non-TLS sockets. - */ - ktls_enable(fd); -#endif /* OPENSSL_NO_KTLS */ } else { BIO_up_ref(rbio); SSL_set0_wbio(s, rbio); @@ -1507,7 +1475,8 @@ int SSL_get_verify_depth(const SSL *s) return X509_VERIFY_PARAM_get_depth(s->param); } -int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) { +int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) +{ return s->verify_callback; } @@ -1521,12 +1490,13 @@ int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) return X509_VERIFY_PARAM_get_depth(ctx->param); } -int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) { +int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) +{ return ctx->default_verify_callback; } void SSL_set_verify(SSL *s, int mode, - int (*callback) (int ok, X509_STORE_CTX *ctx)) + int (*callback)(int ok, X509_STORE_CTX *ctx)) { s->verify_mode = mode; if (callback != NULL) @@ -1673,8 +1643,7 @@ int SSL_CTX_check_private_key(const SSL_CTX *ctx) ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED); return 0; } - return X509_check_private_key - (ctx->cert->key->x509, ctx->cert->key->privatekey); + return X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey); } /* Fix this function so that it takes an optional type parameter */ @@ -1693,7 +1662,7 @@ int SSL_check_private_key(const SSL *ssl) return 0; } return X509_check_private_key(ssl->cert->key->x509, - ssl->cert->key->privatekey); + ssl->cert->key->privatekey); } int SSL_waiting_for_async(SSL *s) @@ -1714,14 +1683,14 @@ int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds) } int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, - OSSL_ASYNC_FD *delfd, size_t *numdelfds) + OSSL_ASYNC_FD *delfd, size_t *numdelfds) { ASYNC_WAIT_CTX *ctx = s->waitctx; if (ctx == NULL) return 0; return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd, - numdelfds); + numdelfds); } int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback) @@ -1791,7 +1760,7 @@ static int ssl_async_wait_ctx_cb(void *arg) } static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, - int (*func) (void *)) + int (*func)(void *)) { int ret; if (s->waitctx == NULL) { @@ -1799,14 +1768,13 @@ static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, if (s->waitctx == NULL) return -1; if (s->async_cb != NULL - && !ASYNC_WAIT_CTX_set_callback - (s->waitctx, ssl_async_wait_ctx_cb, s)) + && !ASYNC_WAIT_CTX_set_callback(s->waitctx, ssl_async_wait_ctx_cb, s)) return -1; } s->rwstate = SSL_NOTHING; switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args, - sizeof(struct ssl_async_args))) { + sizeof(struct ssl_async_args))) { case ASYNC_ERR: s->rwstate = SSL_NOTHING; ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_INIT_ASYNC); @@ -1863,7 +1831,7 @@ int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes) } if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY - || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) { + || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) { ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -1958,8 +1926,7 @@ int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes) * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData * message */ - if (ret > 0 || (ret <= 0 && s->early_data_state - != SSL_EARLY_DATA_FINISHED_READING)) { + if (ret > 0 || (ret <= 0 && s->early_data_state != SSL_EARLY_DATA_FINISHED_READING)) { s->early_data_state = SSL_EARLY_DATA_READ_RETRY; return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS : SSL_READ_EARLY_DATA_ERROR; @@ -2031,7 +1998,6 @@ int SSL_peek(SSL *s, void *buf, int num) return ret; } - int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes) { int ret = ssl_peek_internal(s, buf, num, readbytes); @@ -2055,8 +2021,8 @@ int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written) } if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY - || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY - || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) { + || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY + || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) { ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -2125,15 +2091,13 @@ ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags) #ifdef OPENSSL_NO_KTLS ERR_raise_data(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR, - "can't call ktls_sendfile(), ktls disabled"); + "can't call ktls_sendfile(), ktls disabled"); return -1; #else ret = ktls_sendfile(SSL_get_wfd(s), fd, offset, size, flags); if (ret < 0) { #if defined(EAGAIN) && defined(EINTR) && defined(EBUSY) - if ((get_last_sys_error() == EAGAIN) || - (get_last_sys_error() == EINTR) || - (get_last_sys_error() == EBUSY)) + if ((get_last_sys_error() == EAGAIN) || (get_last_sys_error() == EINTR) || (get_last_sys_error() == EBUSY)) BIO_set_retry_write(s->wbio); else #endif @@ -2185,9 +2149,9 @@ int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written) switch (s->early_data_state) { case SSL_EARLY_DATA_NONE: if (s->server - || !SSL_in_before(s) - || ((s->session == NULL || s->session->ext.max_early_data == 0) - && (s->psk_use_session_cb == NULL))) { + || !SSL_in_before(s) + || ((s->session == NULL || s->session->ext.max_early_data == 0) + && (s->psk_use_session_cb == NULL))) { ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -2288,7 +2252,7 @@ int SSL_key_update(SSL *s, int updatetype) } if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED - && updatetype != SSL_KEY_UPDATE_REQUESTED) { + && updatetype != SSL_KEY_UPDATE_REQUESTED) { ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_KEY_UPDATE_TYPE); return 0; } @@ -2365,8 +2329,8 @@ int SSL_new_session_ticket(SSL *s) { /* If we are in init because we're sending tickets, okay to send more. */ if ((SSL_in_init(s) && s->ext.extra_tickets_expected == 0) - || SSL_IS_FIRST_HANDSHAKE(s) || !s->server - || !SSL_IS_TLS13(s)) + || SSL_IS_FIRST_HANDSHAKE(s) || !s->server + || !SSL_IS_TLS13(s)) return 0; s->ext.extra_tickets_expected++; if (!RECORD_LAYER_write_pending(&s->rlayer) && !SSL_in_init(s)) @@ -2453,14 +2417,14 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) return 0; case SSL_CTRL_SET_MIN_PROTO_VERSION: return ssl_check_allowed_versions(larg, s->max_proto_version) - && ssl_set_version_bound(s->ctx->method->version, (int)larg, - &s->min_proto_version); + && ssl_set_version_bound(s->ctx->method->version, (int)larg, + &s->min_proto_version); case SSL_CTRL_GET_MIN_PROTO_VERSION: return s->min_proto_version; case SSL_CTRL_SET_MAX_PROTO_VERSION: return ssl_check_allowed_versions(s->min_proto_version, larg) - && ssl_set_version_bound(s->ctx->method->version, (int)larg, - &s->max_proto_version); + && ssl_set_version_bound(s->ctx->method->version, (int)larg, + &s->max_proto_version); case SSL_CTRL_GET_MAX_PROTO_VERSION: return s->max_proto_version; default: @@ -2468,14 +2432,13 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) } } -long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) +long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { switch (cmd) { case SSL_CTRL_SET_MSG_CALLBACK: - s->msg_callback = (void (*) - (int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, - void *arg))(fp); + s->msg_callback = (void (*)(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, + void *arg))(fp); return 1; default: @@ -2602,14 +2565,14 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return (ctx->cert->cert_flags &= ~larg); case SSL_CTRL_SET_MIN_PROTO_VERSION: return ssl_check_allowed_versions(larg, ctx->max_proto_version) - && ssl_set_version_bound(ctx->method->version, (int)larg, - &ctx->min_proto_version); + && ssl_set_version_bound(ctx->method->version, (int)larg, + &ctx->min_proto_version); case SSL_CTRL_GET_MIN_PROTO_VERSION: return ctx->min_proto_version; case SSL_CTRL_SET_MAX_PROTO_VERSION: return ssl_check_allowed_versions(ctx->min_proto_version, larg) - && ssl_set_version_bound(ctx->method->version, (int)larg, - &ctx->max_proto_version); + && ssl_set_version_bound(ctx->method->version, (int)larg, + &ctx->max_proto_version); case SSL_CTRL_GET_MAX_PROTO_VERSION: return ctx->max_proto_version; default: @@ -2617,14 +2580,13 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) } } -long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) +long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { switch (cmd) { case SSL_CTRL_SET_MSG_CALLBACK: - ctx->msg_callback = (void (*) - (int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, - void *arg))(fp); + ctx->msg_callback = (void (*)(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, + void *arg))(fp); return 1; default: @@ -2642,7 +2604,7 @@ int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) } int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, - const SSL_CIPHER *const *bp) + const SSL_CIPHER *const *bp) { if ((*ap)->id > (*bp)->id) return 1; @@ -2764,8 +2726,8 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) STACK_OF(SSL_CIPHER) *sk; sk = ssl_create_cipher_list(ctx, ctx->tls13_ciphersuites, - &ctx->cipher_list, &ctx->cipher_list_by_id, str, - ctx->cert); + &ctx->cipher_list, &ctx->cipher_list_by_id, str, + ctx->cert); /* * ssl_create_cipher_list may return an empty stack if it was unable to * find a cipher matching the given rule string (for example if the rule @@ -2788,8 +2750,8 @@ int SSL_set_cipher_list(SSL *s, const char *str) STACK_OF(SSL_CIPHER) *sk; sk = ssl_create_cipher_list(s->ctx, s->tls13_ciphersuites, - &s->cipher_list, &s->cipher_list_by_id, str, - s->cert); + &s->cipher_list, &s->cipher_list_by_id, str, + s->cert); /* see comment in SSL_CTX_set_cipher_list */ if (sk == NULL) return 0; @@ -2808,8 +2770,8 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) int i; if (!s->server - || s->peer_ciphers == NULL - || size < 2) + || s->peer_ciphers == NULL + || size < 2) return NULL; p = buf; @@ -2828,18 +2790,20 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) if (sk_SSL_CIPHER_find(srvrsk, c) < 0) continue; - n = OPENSSL_strnlen(c->name, size); - if (n >= size) { - if (p != buf) - --p; - *p = '\0'; - return buf; - } + n = (int)OPENSSL_strnlen(c->name, size); + if (n >= size) + break; + memcpy(p, c->name, n); p += n; *(p++) = ':'; size -= n + 1; } + + /* No overlap */ + if (p == buf) + return NULL; + p[-1] = '\0'; return buf; } @@ -2851,7 +2815,7 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) * - if we are before or during/after the handshake, * - if a resumption or normal handshake is being attempted/has occurred * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3 - * + * * Note that only the host_name type is defined (RFC 3546). */ const char *SSL_get_servername(const SSL *s, const int type) @@ -2881,7 +2845,7 @@ const char *SSL_get_servername(const SSL *s, const int type) * - The function will return the servername requested by the client in * this handshake or NULL if none was requested. */ - if (s->hit && !SSL_IS_TLS13(s)) + if (s->hit && !SSL_IS_TLS13(s)) return s->session->ext.hostname; } else { /** @@ -2908,8 +2872,8 @@ const char *SSL_get_servername(const SSL *s, const int type) */ if (SSL_in_before(s)) { if (s->ext.hostname == NULL - && s->session != NULL - && s->session->ssl_version != TLS1_3_VERSION) + && s->session != NULL + && s->session->ssl_version != TLS1_3_VERSION) return s->session->ext.hostname; } else { if (!SSL_IS_TLS13(s) && s->hit && s->session->ext.hostname != NULL) @@ -2948,15 +2912,15 @@ int SSL_get_servername_type(const SSL *s) * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. */ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, - const unsigned char *server, - unsigned int server_len, - const unsigned char *client, unsigned int client_len) + const unsigned char *server, + unsigned int server_len, + const unsigned char *client, unsigned int client_len) { PACKET cpkt, csubpkt, spkt, ssubpkt; if (!PACKET_buf_init(&cpkt, client, client_len) - || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt) - || PACKET_remaining(&csubpkt) == 0) { + || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt) + || PACKET_remaining(&csubpkt) == 0) { *out = NULL; *outlen = 0; return OPENSSL_NPN_NO_OVERLAP; @@ -2979,7 +2943,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, if (PACKET_buf_init(&cpkt, client, client_len)) { while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) { if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt), - PACKET_remaining(&ssubpkt))) { + PACKET_remaining(&ssubpkt))) { /* We found a match */ *out = (unsigned char *)PACKET_data(&ssubpkt); *outlen = (unsigned char)PACKET_remaining(&ssubpkt); @@ -3012,7 +2976,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, * provided by the callback. */ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, - unsigned *len) + unsigned *len) { *data = s->ext.npn; if (*data == NULL) { @@ -3033,8 +2997,8 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, * ServerHello. */ void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx, - SSL_CTX_npn_advertised_cb_func cb, - void *arg) + SSL_CTX_npn_advertised_cb_func cb, + void *arg) { ctx->ext.npn_advertised_cb = cb; ctx->ext.npn_advertised_cb_arg = arg; @@ -3051,8 +3015,8 @@ void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx, * a value other than SSL_TLSEXT_ERR_OK. */ void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx, - SSL_CTX_npn_select_cb_func cb, - void *arg) + SSL_CTX_npn_select_cb_func cb, + void *arg) { ctx->ext.npn_select_cb = cb; ctx->ext.npn_select_cb_arg = arg; @@ -3078,7 +3042,7 @@ static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len) * length-prefixed strings). Returns 0 on success. */ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, - unsigned int protos_len) + unsigned int protos_len) { unsigned char *alpn; @@ -3110,7 +3074,7 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, * length-prefixed strings). Returns 0 on success. */ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, - unsigned int protos_len) + unsigned int protos_len) { unsigned char *alpn; @@ -3142,8 +3106,8 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, * from the client's list of offered protocols. */ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, - SSL_CTX_alpn_select_cb_func cb, - void *arg) + SSL_CTX_alpn_select_cb_func cb, + void *arg) { ctx->ext.alpn_select_cb = cb; ctx->ext.alpn_select_cb_arg = arg; @@ -3156,7 +3120,7 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, * respond with a negotiated protocol then |*len| will be zero. */ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, - unsigned int *len) + unsigned int *len) { *data = ssl->s3.alpn_selected; if (*data == NULL) @@ -3166,29 +3130,29 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, } int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *context, size_t contextlen, - int use_context) + const char *label, size_t llen, + const unsigned char *context, size_t contextlen, + int use_context) { if (s->session == NULL || (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)) return -1; return s->method->ssl3_enc->export_keying_material(s, out, olen, label, - llen, context, - contextlen, use_context); + llen, context, + contextlen, use_context); } int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *context, - size_t contextlen) + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen) { if (s->version != TLS1_3_VERSION) return 0; return tls13_export_keying_material_early(s, out, olen, label, llen, - context, contextlen); + context, contextlen); } static unsigned long ssl_session_hash(const SSL_SESSION *a) @@ -3203,11 +3167,7 @@ static unsigned long ssl_session_hash(const SSL_SESSION *a) session_id = tmp_storage; } - l = (unsigned long) - ((unsigned long)session_id[0]) | - ((unsigned long)session_id[1] << 8L) | - ((unsigned long)session_id[2] << 16L) | - ((unsigned long)session_id[3] << 24L); + l = (unsigned long)((unsigned long)session_id[0]) | ((unsigned long)session_id[1] << 8L) | ((unsigned long)session_id[2] << 16L) | ((unsigned long)session_id[3] << 24L); return l; } @@ -3235,7 +3195,7 @@ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) */ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, - const SSL_METHOD *meth) + const SSL_METHOD *meth) { SSL_CTX *ret = NULL; @@ -3311,7 +3271,6 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, if (!ssl_setup_sig_algs(ret)) goto err2; - if (!ssl_load_groups(ret)) goto err2; @@ -3319,9 +3278,9 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, goto err; if (!ssl_create_cipher_list(ret, - ret->tls13_ciphersuites, - &ret->cipher_list, &ret->cipher_list_by_id, - OSSL_default_cipher_list(), ret->cert) + ret->tls13_ciphersuites, + &ret->cipher_list, &ret->cipher_list_by_id, + OSSL_default_cipher_list(), ret->cert) || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; @@ -3359,15 +3318,19 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, /* Setup RFC5077 ticket keys */ if ((RAND_bytes_ex(libctx, ret->ext.tick_key_name, - sizeof(ret->ext.tick_key_name), 0) <= 0) + sizeof(ret->ext.tick_key_name), 0) + <= 0) || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_hmac_key, - sizeof(ret->ext.secure->tick_hmac_key), 0) <= 0) + sizeof(ret->ext.secure->tick_hmac_key), 0) + <= 0) || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_aes_key, - sizeof(ret->ext.secure->tick_aes_key), 0) <= 0)) + sizeof(ret->ext.secure->tick_aes_key), 0) + <= 0)) ret->options |= SSL_OP_NO_TICKET; if (RAND_priv_bytes_ex(libctx, ret->ext.cookie_hmac_key, - sizeof(ret->ext.cookie_hmac_key), 0) <= 0) + sizeof(ret->ext.cookie_hmac_key), 0) + <= 0) goto err; #ifndef OPENSSL_NO_SRP @@ -3375,9 +3338,9 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, goto err; #endif #ifndef OPENSSL_NO_ENGINE -# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO -# define eng_strx(x) #x -# define eng_str(x) eng_strx(x) +#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO +#define eng_strx(x) #x +#define eng_str(x) eng_strx(x) /* Use specific client engine automatically... ignore errors */ { ENGINE *eng; @@ -3390,7 +3353,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) ERR_clear_error(); } -# endif +#endif #endif /* * Disable compression by default to prevent CRIME. Applications can @@ -3438,9 +3401,9 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, ssl_ctx_system_config(ret); return ret; - err: +err: ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); - err2: +err2: SSL_CTX_free(ret); return NULL; } @@ -3588,15 +3551,15 @@ void *SSL_get_default_passwd_cb_userdata(SSL *s) } void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, - int (*cb) (X509_STORE_CTX *, void *), - void *arg) + int (*cb)(X509_STORE_CTX *, void *), + void *arg) { ctx->app_verify_callback = cb; ctx->app_verify_arg = arg; } void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, - int (*cb) (int, X509_STORE_CTX *)) + int (*cb)(int, X509_STORE_CTX *)) { ctx->verify_mode = mode; ctx->default_verify_callback = cb; @@ -3607,12 +3570,12 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) X509_VERIFY_PARAM_set_depth(ctx->param, depth); } -void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg) +void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), void *arg) { ssl_cert_set_cert_cb(c->cert, cb, arg); } -void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) +void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg) { ssl_cert_set_cert_cb(s->cert, cb, arg); } @@ -3629,8 +3592,8 @@ void ssl_set_masks(SSL *s) return; dh_tmp = (c->dh_tmp != NULL - || c->dh_tmp_cb != NULL - || c->dh_tmp_auto); + || c->dh_tmp_cb != NULL + || c->dh_tmp_auto); rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; @@ -3640,7 +3603,7 @@ void ssl_set_masks(SSL *s) mask_a = 0; OSSL_TRACE4(TLS_CIPHER, "dh_tmp=%d rsa_enc=%d rsa_sign=%d dsa_sign=%d\n", - dh_tmp, rsa_enc, rsa_sign, dsa_sign); + dh_tmp, rsa_enc, rsa_sign, dsa_sign); #ifndef OPENSSL_NO_GOST if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) { @@ -3668,9 +3631,7 @@ void ssl_set_masks(SSL *s) * if TLS 1.2 and peer supports it. */ - if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN) - && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN - && TLS1_get_version(s) == TLS1_2_VERSION)) + if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN) && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN && TLS1_get_version(s) == TLS1_2_VERSION)) mask_a |= SSL_aRSA; if (dsa_sign) { @@ -3694,15 +3655,15 @@ void ssl_set_masks(SSL *s) } /* Allow Ed25519 for TLS 1.2 if peer supports it */ if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519) - && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN - && TLS1_get_version(s) == TLS1_2_VERSION) - mask_a |= SSL_aECDSA; + && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN + && TLS1_get_version(s) == TLS1_2_VERSION) + mask_a |= SSL_aECDSA; /* Allow Ed448 for TLS 1.2 if peer supports it */ if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448) - && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN - && TLS1_get_version(s) == TLS1_2_VERSION) - mask_a |= SSL_aECDSA; + && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN + && TLS1_get_version(s) == TLS1_2_VERSION) + mask_a |= SSL_aECDSA; mask_k |= SSL_kECDHE; @@ -3730,11 +3691,11 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) return 0; } } - return 1; /* all checks are ok */ + return 1; /* all checks are ok */ } int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, - size_t *serverinfo_length) + size_t *serverinfo_length) { CERT_PKEY *cpk = s->s3.tmp.cert; *serverinfo_length = 0; @@ -3769,7 +3730,7 @@ void ssl_update_cache(SSL *s, int mode) * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set). */ if (s->server && s->session->sid_ctx_length == 0 - && (s->verify_mode & SSL_VERIFY_PEER) != 0) + && (s->verify_mode & SSL_VERIFY_PEER) != 0) return; i = s->session_ctx->session_cache_mode; @@ -3787,12 +3748,12 @@ void ssl_update_cache(SSL *s, int mode) * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket */ if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0 - && (!SSL_IS_TLS13(s) - || !s->server - || (s->max_early_data > 0 - && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0) - || s->session_ctx->remove_session_cb != NULL - || (s->options & SSL_OP_NO_TICKET) != 0)) + && (!SSL_IS_TLS13(s) + || !s->server + || (s->max_early_data > 0 + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0) + || s->session_ctx->remove_session_cb != NULL + || (s->options & SSL_OP_NO_TICKET) != 0)) SSL_CTX_add_session(s->session_ctx, s->session); /* @@ -3836,7 +3797,7 @@ int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) if (s->method != meth) { const SSL_METHOD *sm = s->method; - int (*hf) (SSL *) = s->handshake_func; + int (*hf)(SSL *) = s->handshake_func; if (sm->version == meth->version) s->method = meth; @@ -3931,8 +3892,7 @@ int SSL_get_error(const SSL *s, int i) if (SSL_want_client_hello_cb(s)) return SSL_ERROR_WANT_CLIENT_HELLO_CB; - if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && - (s->s3.warn_alert == SSL_AD_CLOSE_NOTIFY)) + if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && (s->s3.warn_alert == SSL_AD_CLOSE_NOTIFY)) return SSL_ERROR_ZERO_RETURN; return SSL_ERROR_SYSCALL; @@ -4020,8 +3980,7 @@ const SSL_METHOD *ssl_bad_method(int ver) const char *ssl_protocol_to_string(int version) { - switch(version) - { + switch (version) { case TLS1_3_VERSION: return "TLSv1.3"; @@ -4128,7 +4087,7 @@ SSL *SSL_dup(SSL *s) } if (!SSL_set_session_id_context(ret, s->sid_ctx, - (int)s->sid_ctx_length)) + (int)s->sid_ctx_length)) goto err; } @@ -4180,12 +4139,12 @@ SSL *SSL_dup(SSL *s) /* Dup the client_CA list */ if (!dup_ca_names(&ret->ca_names, s->ca_names) - || !dup_ca_names(&ret->client_ca_names, s->client_ca_names)) + || !dup_ca_names(&ret->client_ca_names, s->client_ca_names)) goto err; return ret; - err: +err: SSL_free(ret); return NULL; } @@ -4382,15 +4341,13 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) * not match (i.e., it was set per-ssl with SSL_set_session_id_context), * leave it unchanged. */ - if ((ssl->ctx != NULL) && - (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) && - (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) { + if ((ssl->ctx != NULL) && (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) && (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) { ssl->sid_ctx_length = ctx->sid_ctx_length; memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); } SSL_CTX_up_ref(ctx); - SSL_CTX_free(ssl->ctx); /* decrement reference count */ + SSL_CTX_free(ssl->ctx); /* decrement reference count */ ssl->ctx = ctx; return ssl->ctx; @@ -4399,7 +4356,7 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) { return X509_STORE_set_default_paths_ex(ctx->cert_store, ctx->libctx, - ctx->propq); + ctx->propq); } int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx) @@ -4432,7 +4389,7 @@ int SSL_CTX_set_default_verify_file(SSL_CTX *ctx) ERR_set_mark(); X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT, ctx->libctx, - ctx->propq); + ctx->propq); ERR_pop_to_mark(); @@ -4460,7 +4417,7 @@ int SSL_CTX_set_default_verify_store(SSL_CTX *ctx) int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile) { return X509_STORE_load_file_ex(ctx->cert_store, CAfile, ctx->libctx, - ctx->propq); + ctx->propq); } int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath) @@ -4471,11 +4428,11 @@ int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath) int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore) { return X509_STORE_load_store_ex(ctx->cert_store, CAstore, ctx->libctx, - ctx->propq); + ctx->propq); } int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath) + const char *CApath) { if (CAfile == NULL && CApath == NULL) return 0; @@ -4487,7 +4444,7 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, } void SSL_set_info_callback(SSL *ssl, - void (*cb) (const SSL *ssl, int type, int val)) + void (*cb)(const SSL *ssl, int type, int val)) { ssl->info_callback = cb; } @@ -4496,9 +4453,10 @@ void SSL_set_info_callback(SSL *ssl, * One compiler (Diab DCC) doesn't like argument names in returned function * pointer. */ -void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ , - int /* type */ , - int /* val */ ) { +void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /* ssl */, + int /* type */, + int /* val */) +{ return ssl->info_callback; } @@ -4533,7 +4491,7 @@ size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) } size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, - unsigned char *out, size_t outlen) + unsigned char *out, size_t outlen) { if (outlen == 0) return session->master_key_length; @@ -4544,7 +4502,7 @@ size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, } int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, - size_t len) + size_t len) { if (len > sizeof(sess->master_key)) return 0; @@ -4554,7 +4512,6 @@ int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, return 1; } - int SSL_set_ex_data(SSL *s, int idx, void *arg) { return CRYPTO_set_ex_data(&s->ex_data, idx, arg); @@ -4675,7 +4632,7 @@ void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb) } void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, - SSL_psk_find_session_cb_func cb) + SSL_psk_find_session_cb_func cb) { ctx->psk_find_session_cb = cb; } @@ -4686,47 +4643,47 @@ void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb) } void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, - SSL_psk_use_session_cb_func cb) + SSL_psk_use_session_cb_func cb) { ctx->psk_use_session_cb = cb; } void SSL_CTX_set_msg_callback(SSL_CTX *ctx, - void (*cb) (int write_p, int version, - int content_type, const void *buf, - size_t len, SSL *ssl, void *arg)) + void (*cb)(int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)) { SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); } void SSL_set_msg_callback(SSL *ssl, - void (*cb) (int write_p, int version, - int content_type, const void *buf, - size_t len, SSL *ssl, void *arg)) + void (*cb)(int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)) { SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); } void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - int - is_forward_secure)) + int (*cb)(SSL *ssl, + int + is_forward_secure)) { SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB, - (void (*)(void))cb); + (void (*)(void))cb); } void SSL_set_not_resumable_session_callback(SSL *ssl, - int (*cb) (SSL *ssl, - int is_forward_secure)) + int (*cb)(SSL *ssl, + int is_forward_secure)) { SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB, - (void (*)(void))cb); + (void (*)(void))cb); } void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, - size_t (*cb) (SSL *ssl, int type, - size_t len, void *arg)) + size_t (*cb)(SSL *ssl, int type, + size_t len, void *arg)) { ctx->record_padding_cb = cb; } @@ -4754,8 +4711,8 @@ int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size) } int SSL_set_record_padding_callback(SSL *ssl, - size_t (*cb) (SSL *ssl, int type, - size_t len, void *arg)) + size_t (*cb)(SSL *ssl, int type, + size_t len, void *arg)) { BIO *b; @@ -4841,7 +4798,7 @@ void ssl_clear_hash_ctx(EVP_MD_CTX **hash) /* Retrieve handshake hashes */ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, - size_t *hashlen) + size_t *hashlen) { EVP_MD_CTX *ctx = NULL; EVP_MD_CTX *hdgst = s->s3.handshake_dgst; @@ -4868,7 +4825,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, *hashlen = hashleni; ret = 1; - err: +err: EVP_MD_CTX_free(ctx); return ret; } @@ -4903,17 +4860,18 @@ int SSL_get_security_level(const SSL *s) } void SSL_set_security_callback(SSL *s, - int (*cb) (const SSL *s, const SSL_CTX *ctx, - int op, int bits, int nid, - void *other, void *ex)) + int (*cb)(const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)) { s->cert->sec_cb = cb; } -int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, - const SSL_CTX *ctx, int op, - int bits, int nid, void *other, - void *ex) { +int (*SSL_get_security_callback(const SSL *s))(const SSL *s, + const SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex) +{ return s->cert->sec_cb; } @@ -4938,19 +4896,20 @@ int SSL_CTX_get_security_level(const SSL_CTX *ctx) } void SSL_CTX_set_security_callback(SSL_CTX *ctx, - int (*cb) (const SSL *s, const SSL_CTX *ctx, - int op, int bits, int nid, - void *other, void *ex)) + int (*cb)(const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)) { ctx->cert->sec_cb = cb; } -int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, - const SSL_CTX *ctx, - int op, int bits, - int nid, - void *other, - void *ex) { +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(const SSL *s, + const SSL_CTX *ctx, + int op, int bits, + int nid, + void *other, + void *ex) +{ return ctx->cert->sec_cb; } @@ -5013,7 +4972,7 @@ IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); * of error, likewise the |src| stack may be left in an intermediate state. */ static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, - sct_source_t origin) + sct_source_t origin) { int scts_moved = 0; SCT *sct = NULL; @@ -5036,7 +4995,7 @@ static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, } return scts_moved; - err: +err: SCT_free(sct); return -1; } @@ -5071,7 +5030,7 @@ static int ct_extract_tls_extension_scts(SSL *s) */ static int ct_extract_ocsp_response_scts(SSL *s) { -# ifndef OPENSSL_NO_OCSP +#ifndef OPENSSL_NO_OCSP int scts_extracted = 0; const unsigned char *p; OCSP_BASICRESP *br = NULL; @@ -5097,22 +5056,20 @@ static int ct_extract_ocsp_response_scts(SSL *s) if (single == NULL) continue; - scts = - OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL); - scts_extracted = - ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE); + scts = OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL); + scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE); if (scts_extracted < 0) goto err; } - err: +err: SCT_LIST_free(scts); OCSP_BASICRESP_free(br); OCSP_RESPONSE_free(rsp); return scts_extracted; -# else +#else /* Behave as if no OCSP response exists */ return 0; -# endif +#endif } /* @@ -5126,11 +5083,9 @@ static int ct_extract_x509v3_extension_scts(SSL *s) X509 *cert = s->session != NULL ? s->session->peer : NULL; if (cert != NULL) { - STACK_OF(SCT) *scts = - X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL); + STACK_OF(SCT) *scts = X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL); - scts_extracted = - ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION); + scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION); SCT_LIST_free(scts); } @@ -5146,26 +5101,24 @@ static int ct_extract_x509v3_extension_scts(SSL *s) const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s) { if (!s->scts_parsed) { - if (ct_extract_tls_extension_scts(s) < 0 || - ct_extract_ocsp_response_scts(s) < 0 || - ct_extract_x509v3_extension_scts(s) < 0) + if (ct_extract_tls_extension_scts(s) < 0 || ct_extract_ocsp_response_scts(s) < 0 || ct_extract_x509v3_extension_scts(s) < 0) goto err; s->scts_parsed = 1; } return s->scts; - err: +err: return NULL; } -static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx, - const STACK_OF(SCT) *scts, void *unused_arg) +static int ct_permissive(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *unused_arg) { return 1; } -static int ct_strict(const CT_POLICY_EVAL_CTX * ctx, - const STACK_OF(SCT) *scts, void *unused_arg) +static int ct_strict(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *unused_arg) { int count = scts != NULL ? sk_SCT_num(scts) : 0; int i; @@ -5182,15 +5135,13 @@ static int ct_strict(const CT_POLICY_EVAL_CTX * ctx, } int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, - void *arg) + void *arg) { /* * Since code exists that uses the custom extension handler for CT, look * for this and throw an error if they have already registered to use CT. */ - if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx, - TLSEXT_TYPE_signed_certificate_timestamp)) - { + if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx, TLSEXT_TYPE_signed_certificate_timestamp)) { ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); return 0; } @@ -5210,15 +5161,13 @@ int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, } int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, - ssl_ct_validation_cb callback, void *arg) + ssl_ct_validation_cb callback, void *arg) { /* * Since code exists that uses the custom extension handler for CT, look for * this and throw an error if they have already registered to use CT. */ - if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx, - TLSEXT_TYPE_signed_certificate_timestamp)) - { + if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx, TLSEXT_TYPE_signed_certificate_timestamp)) { ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); return 0; } @@ -5258,9 +5207,7 @@ int ssl_validate_ct(SSL *s) * applications that perform certificate verification and therefore will * process SCTs when enabled. */ - if (s->ct_validation_callback == NULL || cert == NULL || - s->verify_result != X509_V_OK || - s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1) + if (s->ct_validation_callback == NULL || cert == NULL || s->verify_result != X509_V_OK || s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1) return 1; /* @@ -5286,7 +5233,7 @@ int ssl_validate_ct(SSL *s) CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer); CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store); CT_POLICY_EVAL_CTX_set_time( - ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000); + ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000); scts = SSL_get0_peer_scts(s); @@ -5311,11 +5258,11 @@ int ssl_validate_ct(SSL *s) ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg); if (ret < 0) - ret = 0; /* This function returns 0 on failure */ + ret = 0; /* This function returns 0 on failure */ if (!ret) SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_CALLBACK_FAILED); - end: +end: CT_POLICY_EVAL_CTX_free(ctx); /* * With SSL_VERIFY_NONE the session may be cached and re-used despite a @@ -5373,7 +5320,7 @@ int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path) return CTLOG_STORE_load_file(ctx->ctlog_store, path); } -void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs) +void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs) { CTLOG_STORE_free(ctx->ctlog_store); ctx->ctlog_store = logs; @@ -5384,10 +5331,10 @@ const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx) return ctx->ctlog_store; } -#endif /* OPENSSL_NO_CT */ +#endif /* OPENSSL_NO_CT */ void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, - void *arg) + void *arg) { c->client_hello_cb = cb; c->client_hello_cb_arg = arg; @@ -5476,13 +5423,13 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) *out = present; *outlen = num; return 1; - err: +err: OPENSSL_free(present); return 0; } int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out, - size_t *outlen) + size_t *outlen) { size_t i; RAW_EXTENSION *r; @@ -5532,11 +5479,11 @@ SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx) } static int nss_keylog_int(const char *prefix, - SSL *ssl, - const uint8_t *parameter_1, - size_t parameter_1_len, - const uint8_t *parameter_2, - size_t parameter_2_len) + SSL *ssl, + const uint8_t *parameter_1, + size_t parameter_1_len, + const uint8_t *parameter_2, + size_t parameter_2_len) { char *out = NULL; char *cursor = NULL; @@ -5581,14 +5528,13 @@ static int nss_keylog_int(const char *prefix, ssl->ctx->keylog_callback(ssl, (const char *)out); OPENSSL_clear_free(out, out_len); return 1; - } int ssl_log_rsa_client_key_exchange(SSL *ssl, - const uint8_t *encrypted_premaster, - size_t encrypted_premaster_len, - const uint8_t *premaster, - size_t premaster_len) + const uint8_t *encrypted_premaster, + size_t encrypted_premaster_len, + const uint8_t *premaster, + size_t premaster_len) { if (encrypted_premaster_len < 8) { SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -5597,27 +5543,27 @@ int ssl_log_rsa_client_key_exchange(SSL *ssl, /* We only want the first 8 bytes of the encrypted premaster as a tag. */ return nss_keylog_int("RSA", - ssl, - encrypted_premaster, - 8, - premaster, - premaster_len); + ssl, + encrypted_premaster, + 8, + premaster, + premaster_len); } int ssl_log_secret(SSL *ssl, - const char *label, - const uint8_t *secret, - size_t secret_len) + const char *label, + const uint8_t *secret, + size_t secret_len) { return nss_keylog_int(label, - ssl, - ssl->s3.client_random, - SSL3_RANDOM_SIZE, - secret, - secret_len); + ssl, + ssl->s3.client_random, + SSL3_RANDOM_SIZE, + secret, + secret_len); } -#define SSLV2_CIPHER_LEN 3 +#define SSLV2_CIPHER_LEN 3 int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) { @@ -5659,14 +5605,14 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) return 0; } for (s->s3.tmp.ciphers_rawlen = 0; - PACKET_remaining(&sslv2ciphers) > 0; - raw += TLS_CIPHER_LEN) { + PACKET_remaining(&sslv2ciphers) > 0; + raw += TLS_CIPHER_LEN) { if (!PACKET_get_1(&sslv2ciphers, &leadbyte) - || (leadbyte == 0 - && !PACKET_copy_bytes(&sslv2ciphers, raw, - TLS_CIPHER_LEN)) - || (leadbyte != 0 - && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) { + || (leadbyte == 0 + && !PACKET_copy_bytes(&sslv2ciphers, raw, + TLS_CIPHER_LEN)) + || (leadbyte != 0 + && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_PACKET); OPENSSL_free(s->s3.tmp.ciphers_raw); s->s3.tmp.ciphers_raw = NULL; @@ -5677,7 +5623,7 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) s->s3.tmp.ciphers_rawlen += TLS_CIPHER_LEN; } } else if (!PACKET_memdup(cipher_suites, &s->s3.tmp.ciphers_raw, - &s->s3.tmp.ciphers_rawlen)) { + &s->s3.tmp.ciphers_rawlen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -5685,8 +5631,8 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) } int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, - int isv2format, STACK_OF(SSL_CIPHER) **sk, - STACK_OF(SSL_CIPHER) **scsvs) + int isv2format, STACK_OF(SSL_CIPHER) **sk, + STACK_OF(SSL_CIPHER) **scsvs) { PACKET pkt; @@ -5696,9 +5642,9 @@ int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, } int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, - STACK_OF(SSL_CIPHER) **skp, - STACK_OF(SSL_CIPHER) **scsvs_out, - int sslv2format, int fatal) + STACK_OF(SSL_CIPHER) **skp, + STACK_OF(SSL_CIPHER) **scsvs_out, + int sslv2format, int fatal) { const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk = NULL; @@ -5720,7 +5666,7 @@ int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, if (PACKET_remaining(cipher_suites) % n != 0) { if (fatal) SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); + SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); else ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return 0; @@ -5748,8 +5694,7 @@ int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, /* For SSLv2-compat, ignore leading 0-byte. */ c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1); if (c != NULL) { - if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) || - (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) { + if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) || (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) { if (fatal) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); else @@ -5775,7 +5720,7 @@ int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, else sk_SSL_CIPHER_free(scsvs); return 1; - err: +err: sk_SSL_CIPHER_free(sk); sk_SSL_CIPHER_free(scsvs); return 0; @@ -5935,9 +5880,9 @@ int SSL_verify_client_post_handshake(SSL *ssl) } int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, - SSL_CTX_generate_session_ticket_fn gen_cb, - SSL_CTX_decrypt_session_ticket_fn dec_cb, - void *arg) + SSL_CTX_generate_session_ticket_fn gen_cb, + SSL_CTX_decrypt_session_ticket_fn dec_cb, + void *arg) { ctx->generate_ticket_cb = gen_cb; ctx->decrypt_ticket_cb = dec_cb; @@ -5946,24 +5891,24 @@ int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, } void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, - SSL_allow_early_data_cb_fn cb, - void *arg) + SSL_allow_early_data_cb_fn cb, + void *arg) { ctx->allow_early_data_cb = cb; ctx->allow_early_data_cb_data = arg; } void SSL_set_allow_early_data_cb(SSL *s, - SSL_allow_early_data_cb_fn cb, - void *arg) + SSL_allow_early_data_cb_fn cb, + void *arg) { s->allow_early_data_cb = cb; s->allow_early_data_cb_data = arg; } const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx, - int nid, - const char *properties) + int nid, + const char *properties) { const EVP_CIPHER *ciph; @@ -5981,7 +5926,6 @@ const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx, return ciph; } - int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher) { /* Don't up-ref an implicit EVP_CIPHER */ @@ -6010,8 +5954,8 @@ void ssl_evp_cipher_free(const EVP_CIPHER *cipher) } const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx, - int nid, - const char *properties) + int nid, + const char *properties) { const EVP_MD *md; @@ -6056,7 +6000,7 @@ void ssl_evp_md_free(const EVP_MD *md) int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey) { if (!ssl_security(s, SSL_SECOP_TMP_DH, - EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { + EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL); return 0; } @@ -6068,7 +6012,7 @@ int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey) int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey) { if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, - EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { + EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL); return 0; } diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 5fb1feb80163..2b6f4c1ad42a 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -10,140 +10,155 @@ */ #ifndef OSSL_SSL_LOCAL_H -# define OSSL_SSL_LOCAL_H +#define OSSL_SSL_LOCAL_H -# include "e_os.h" /* struct timeval for DTLS */ -# include <stdlib.h> -# include <time.h> -# include <string.h> -# include <errno.h> +#include "e_os.h" /* struct timeval for DTLS */ +#include <stdlib.h> +#include <time.h> +#include <string.h> +#include <errno.h> -# include <openssl/buffer.h> -# include <openssl/comp.h> -# include <openssl/bio.h> -# include <openssl/dsa.h> -# include <openssl/err.h> -# include <openssl/ssl.h> -# include <openssl/async.h> -# include <openssl/symhacks.h> -# include <openssl/ct.h> -# include "record/record.h" -# include "statem/statem.h" -# include "internal/packet.h" -# include "internal/dane.h" -# include "internal/refcount.h" -# include "internal/tsan_assist.h" -# include "internal/bio.h" -# include "internal/ktls.h" +#include <openssl/buffer.h> +#include <openssl/comp.h> +#include <openssl/bio.h> +#include <openssl/dsa.h> +#include <openssl/err.h> +#include <openssl/ssl.h> +#include <openssl/async.h> +#include <openssl/symhacks.h> +#include <openssl/ct.h> +#include "record/record.h" +#include "statem/statem.h" +#include "internal/packet.h" +#include "internal/dane.h" +#include "internal/refcount.h" +#include "internal/tsan_assist.h" +#include "internal/bio.h" +#include "internal/ktls.h" -# ifdef OPENSSL_BUILD_SHLIBSSL -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -# endif +#ifdef OPENSSL_BUILD_SHLIBSSL +#undef OPENSSL_EXTERN +#define OPENSSL_EXTERN OPENSSL_EXPORT +#endif -# define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<<24)) +#define c2l(c, l) (l = ((unsigned long)(*((c)++))), \ + l |= (((unsigned long)(*((c)++))) << 8), \ + l |= (((unsigned long)(*((c)++))) << 16), \ + l |= (((unsigned long)(*((c)++))) << 24)) /* NOTE - c is not incremented as per c2l */ -# define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24; \ - case 7: l2|=((unsigned long)(*(--(c))))<<16; \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - case 4: l1 =((unsigned long)(*(--(c))))<<24; \ - case 3: l1|=((unsigned long)(*(--(c))))<<16; \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff)) +#define c2ln(c, l1, l2, n) \ + { \ + c += n; \ + l1 = l2 = 0; \ + switch (n) { \ + case 8: \ + l2 = ((unsigned long)(*(--(c)))) << 24; \ + case 7: \ + l2 |= ((unsigned long)(*(--(c)))) << 16; \ + case 6: \ + l2 |= ((unsigned long)(*(--(c)))) << 8; \ + case 5: \ + l2 |= ((unsigned long)(*(--(c)))); \ + case 4: \ + l1 = ((unsigned long)(*(--(c)))) << 24; \ + case 3: \ + l1 |= ((unsigned long)(*(--(c)))) << 16; \ + case 2: \ + l1 |= ((unsigned long)(*(--(c)))) << 8; \ + case 1: \ + l1 |= ((unsigned long)(*(--(c)))); \ + } \ + } -# define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \ - l|=((unsigned long)(*((c)++)))<<16, \ - l|=((unsigned long)(*((c)++)))<< 8, \ - l|=((unsigned long)(*((c)++)))) +#define l2c(l, c) (*((c)++) = (unsigned char)(((l)) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24) & 0xff)) -# define n2l8(c,l) (l =((uint64_t)(*((c)++)))<<56, \ - l|=((uint64_t)(*((c)++)))<<48, \ - l|=((uint64_t)(*((c)++)))<<40, \ - l|=((uint64_t)(*((c)++)))<<32, \ - l|=((uint64_t)(*((c)++)))<<24, \ - l|=((uint64_t)(*((c)++)))<<16, \ - l|=((uint64_t)(*((c)++)))<< 8, \ - l|=((uint64_t)(*((c)++)))) +#define n2l(c, l) (l = ((unsigned long)(*((c)++))) << 24, \ + l |= ((unsigned long)(*((c)++))) << 16, \ + l |= ((unsigned long)(*((c)++))) << 8, \ + l |= ((unsigned long)(*((c)++)))) +#define n2l8(c, l) (l = ((uint64_t)(*((c)++))) << 56, \ + l |= ((uint64_t)(*((c)++))) << 48, \ + l |= ((uint64_t)(*((c)++))) << 40, \ + l |= ((uint64_t)(*((c)++))) << 32, \ + l |= ((uint64_t)(*((c)++))) << 24, \ + l |= ((uint64_t)(*((c)++))) << 16, \ + l |= ((uint64_t)(*((c)++))) << 8, \ + l |= ((uint64_t)(*((c)++)))) -# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) +#define l2n(l, c) (*((c)++) = (unsigned char)(((l) >> 24) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) -# define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) +#define l2n6(l, c) (*((c)++) = (unsigned char)(((l) >> 40) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 32) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) -# define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ - *((c)++)=(unsigned char)(((l)>>48)&0xff), \ - *((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) +#define l2n8(l, c) (*((c)++) = (unsigned char)(((l) >> 56) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 48) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 40) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 32) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 24) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 16) & 0xff), \ + *((c)++) = (unsigned char)(((l) >> 8) & 0xff), \ + *((c)++) = (unsigned char)(((l)) & 0xff)) /* NOTE - c is not incremented as per l2c */ -# define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } +#define l2cn(l1, l2, c, n) \ + { \ + c += n; \ + switch (n) { \ + case 8: \ + *(--(c)) = (unsigned char)(((l2) >> 24) & 0xff); \ + case 7: \ + *(--(c)) = (unsigned char)(((l2) >> 16) & 0xff); \ + case 6: \ + *(--(c)) = (unsigned char)(((l2) >> 8) & 0xff); \ + case 5: \ + *(--(c)) = (unsigned char)(((l2)) & 0xff); \ + case 4: \ + *(--(c)) = (unsigned char)(((l1) >> 24) & 0xff); \ + case 3: \ + *(--(c)) = (unsigned char)(((l1) >> 16) & 0xff); \ + case 2: \ + *(--(c)) = (unsigned char)(((l1) >> 8) & 0xff); \ + case 1: \ + *(--(c)) = (unsigned char)(((l1)) & 0xff); \ + } \ + } -# define n2s(c,s) ((s=(((unsigned int)((c)[0]))<< 8)| \ - (((unsigned int)((c)[1])) )),(c)+=2) -# define s2n(s,c) (((c)[0]=(unsigned char)(((s)>> 8)&0xff), \ - (c)[1]=(unsigned char)(((s) )&0xff)),(c)+=2) +#define n2s(c, s) ((s = (((unsigned int)((c)[0])) << 8) | (((unsigned int)((c)[1])))), (c) += 2) +#define s2n(s, c) (((c)[0] = (unsigned char)(((s) >> 8) & 0xff), \ + (c)[1] = (unsigned char)(((s)) & 0xff)), \ + (c) += 2) -# define n2l3(c,l) ((l =(((unsigned long)((c)[0]))<<16)| \ - (((unsigned long)((c)[1]))<< 8)| \ - (((unsigned long)((c)[2])) )),(c)+=3) +#define n2l3(c, l) ((l = (((unsigned long)((c)[0])) << 16) | (((unsigned long)((c)[1])) << 8) | (((unsigned long)((c)[2])))), (c) += 3) -# define l2n3(l,c) (((c)[0]=(unsigned char)(((l)>>16)&0xff), \ - (c)[1]=(unsigned char)(((l)>> 8)&0xff), \ - (c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3) +#define l2n3(l, c) (((c)[0] = (unsigned char)(((l) >> 16) & 0xff), \ + (c)[1] = (unsigned char)(((l) >> 8) & 0xff), \ + (c)[2] = (unsigned char)(((l)) & 0xff)), \ + (c) += 3) -# define TLS_MAX_VERSION_INTERNAL TLS1_3_VERSION -# define DTLS_MAX_VERSION_INTERNAL DTLS1_2_VERSION +#define TLS_MAX_VERSION_INTERNAL TLS1_3_VERSION +#define DTLS_MAX_VERSION_INTERNAL DTLS1_2_VERSION /* * DTLS version numbers are strange because they're inverted. Except for * DTLS1_BAD_VER, which should be considered "lower" than the rest. */ -# define dtls_ver_ordinal(v1) (((v1) == DTLS1_BAD_VER) ? 0xff00 : (v1)) -# define DTLS_VERSION_GT(v1, v2) (dtls_ver_ordinal(v1) < dtls_ver_ordinal(v2)) -# define DTLS_VERSION_GE(v1, v2) (dtls_ver_ordinal(v1) <= dtls_ver_ordinal(v2)) -# define DTLS_VERSION_LT(v1, v2) (dtls_ver_ordinal(v1) > dtls_ver_ordinal(v2)) -# define DTLS_VERSION_LE(v1, v2) (dtls_ver_ordinal(v1) >= dtls_ver_ordinal(v2)) - +#define dtls_ver_ordinal(v1) (((v1) == DTLS1_BAD_VER) ? 0xff00 : (v1)) +#define DTLS_VERSION_GT(v1, v2) (dtls_ver_ordinal(v1) < dtls_ver_ordinal(v2)) +#define DTLS_VERSION_GE(v1, v2) (dtls_ver_ordinal(v1) <= dtls_ver_ordinal(v2)) +#define DTLS_VERSION_LT(v1, v2) (dtls_ver_ordinal(v1) > dtls_ver_ordinal(v2)) +#define DTLS_VERSION_LE(v1, v2) (dtls_ver_ordinal(v1) >= dtls_ver_ordinal(v2)) /* * Define the Bitmasks for SSL_CIPHER.algorithms. @@ -161,277 +176,275 @@ /* Bits for algorithm_mkey (key exchange algorithm) */ /* RSA key exchange */ -# define SSL_kRSA 0x00000001U +#define SSL_kRSA 0x00000001U /* tmp DH key no DH cert */ -# define SSL_kDHE 0x00000002U +#define SSL_kDHE 0x00000002U /* synonym */ -# define SSL_kEDH SSL_kDHE +#define SSL_kEDH SSL_kDHE /* ephemeral ECDH */ -# define SSL_kECDHE 0x00000004U +#define SSL_kECDHE 0x00000004U /* synonym */ -# define SSL_kEECDH SSL_kECDHE +#define SSL_kEECDH SSL_kECDHE /* PSK */ -# define SSL_kPSK 0x00000008U +#define SSL_kPSK 0x00000008U /* GOST key exchange */ -# define SSL_kGOST 0x00000010U +#define SSL_kGOST 0x00000010U /* SRP */ -# define SSL_kSRP 0x00000020U +#define SSL_kSRP 0x00000020U -# define SSL_kRSAPSK 0x00000040U -# define SSL_kECDHEPSK 0x00000080U -# define SSL_kDHEPSK 0x00000100U +#define SSL_kRSAPSK 0x00000040U +#define SSL_kECDHEPSK 0x00000080U +#define SSL_kDHEPSK 0x00000100U /* GOST KDF key exchange, draft-smyshlyaev-tls12-gost-suites */ -# define SSL_kGOST18 0x00000200U +#define SSL_kGOST18 0x00000200U /* all PSK */ -# define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK) +#define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK) /* Any appropriate key exchange algorithm (for TLS 1.3 ciphersuites) */ -# define SSL_kANY 0x00000000U +#define SSL_kANY 0x00000000U /* Bits for algorithm_auth (server authentication) */ /* RSA auth */ -# define SSL_aRSA 0x00000001U +#define SSL_aRSA 0x00000001U /* DSS auth */ -# define SSL_aDSS 0x00000002U +#define SSL_aDSS 0x00000002U /* no auth (i.e. use ADH or AECDH) */ -# define SSL_aNULL 0x00000004U +#define SSL_aNULL 0x00000004U /* ECDSA auth*/ -# define SSL_aECDSA 0x00000008U +#define SSL_aECDSA 0x00000008U /* PSK auth */ -# define SSL_aPSK 0x00000010U +#define SSL_aPSK 0x00000010U /* GOST R 34.10-2001 signature auth */ -# define SSL_aGOST01 0x00000020U +#define SSL_aGOST01 0x00000020U /* SRP auth */ -# define SSL_aSRP 0x00000040U +#define SSL_aSRP 0x00000040U /* GOST R 34.10-2012 signature auth */ -# define SSL_aGOST12 0x00000080U +#define SSL_aGOST12 0x00000080U /* Any appropriate signature auth (for TLS 1.3 ciphersuites) */ -# define SSL_aANY 0x00000000U +#define SSL_aANY 0x00000000U /* All bits requiring a certificate */ #define SSL_aCERT \ (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12) /* Bits for algorithm_enc (symmetric encryption) */ -# define SSL_DES 0x00000001U -# define SSL_3DES 0x00000002U -# define SSL_RC4 0x00000004U -# define SSL_RC2 0x00000008U -# define SSL_IDEA 0x00000010U -# define SSL_eNULL 0x00000020U -# define SSL_AES128 0x00000040U -# define SSL_AES256 0x00000080U -# define SSL_CAMELLIA128 0x00000100U -# define SSL_CAMELLIA256 0x00000200U -# define SSL_eGOST2814789CNT 0x00000400U -# define SSL_SEED 0x00000800U -# define SSL_AES128GCM 0x00001000U -# define SSL_AES256GCM 0x00002000U -# define SSL_AES128CCM 0x00004000U -# define SSL_AES256CCM 0x00008000U -# define SSL_AES128CCM8 0x00010000U -# define SSL_AES256CCM8 0x00020000U -# define SSL_eGOST2814789CNT12 0x00040000U -# define SSL_CHACHA20POLY1305 0x00080000U -# define SSL_ARIA128GCM 0x00100000U -# define SSL_ARIA256GCM 0x00200000U -# define SSL_MAGMA 0x00400000U -# define SSL_KUZNYECHIK 0x00800000U +#define SSL_DES 0x00000001U +#define SSL_3DES 0x00000002U +#define SSL_RC4 0x00000004U +#define SSL_RC2 0x00000008U +#define SSL_IDEA 0x00000010U +#define SSL_eNULL 0x00000020U +#define SSL_AES128 0x00000040U +#define SSL_AES256 0x00000080U +#define SSL_CAMELLIA128 0x00000100U +#define SSL_CAMELLIA256 0x00000200U +#define SSL_eGOST2814789CNT 0x00000400U +#define SSL_SEED 0x00000800U +#define SSL_AES128GCM 0x00001000U +#define SSL_AES256GCM 0x00002000U +#define SSL_AES128CCM 0x00004000U +#define SSL_AES256CCM 0x00008000U +#define SSL_AES128CCM8 0x00010000U +#define SSL_AES256CCM8 0x00020000U +#define SSL_eGOST2814789CNT12 0x00040000U +#define SSL_CHACHA20POLY1305 0x00080000U +#define SSL_ARIA128GCM 0x00100000U +#define SSL_ARIA256GCM 0x00200000U +#define SSL_MAGMA 0x00400000U +#define SSL_KUZNYECHIK 0x00800000U -# define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM) -# define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8) -# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM) -# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) -# define SSL_CHACHA20 (SSL_CHACHA20POLY1305) -# define SSL_ARIAGCM (SSL_ARIA128GCM | SSL_ARIA256GCM) -# define SSL_ARIA (SSL_ARIAGCM) -# define SSL_CBC (SSL_DES | SSL_3DES | SSL_RC2 | SSL_IDEA \ - | SSL_AES128 | SSL_AES256 | SSL_CAMELLIA128 \ - | SSL_CAMELLIA256 | SSL_SEED) +#define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM) +#define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8) +#define SSL_AES (SSL_AES128 | SSL_AES256 | SSL_AESGCM | SSL_AESCCM) +#define SSL_CAMELLIA (SSL_CAMELLIA128 | SSL_CAMELLIA256) +#define SSL_CHACHA20 (SSL_CHACHA20POLY1305) +#define SSL_ARIAGCM (SSL_ARIA128GCM | SSL_ARIA256GCM) +#define SSL_ARIA (SSL_ARIAGCM) +#define SSL_CBC (SSL_DES | SSL_3DES | SSL_RC2 | SSL_IDEA \ + | SSL_AES128 | SSL_AES256 | SSL_CAMELLIA128 \ + | SSL_CAMELLIA256 | SSL_SEED) /* Bits for algorithm_mac (symmetric authentication) */ -# define SSL_MD5 0x00000001U -# define SSL_SHA1 0x00000002U -# define SSL_GOST94 0x00000004U -# define SSL_GOST89MAC 0x00000008U -# define SSL_SHA256 0x00000010U -# define SSL_SHA384 0x00000020U +#define SSL_MD5 0x00000001U +#define SSL_SHA1 0x00000002U +#define SSL_GOST94 0x00000004U +#define SSL_GOST89MAC 0x00000008U +#define SSL_SHA256 0x00000010U +#define SSL_SHA384 0x00000020U /* Not a real MAC, just an indication it is part of cipher */ -# define SSL_AEAD 0x00000040U -# define SSL_GOST12_256 0x00000080U -# define SSL_GOST89MAC12 0x00000100U -# define SSL_GOST12_512 0x00000200U -# define SSL_MAGMAOMAC 0x00000400U -# define SSL_KUZNYECHIKOMAC 0x00000800U +#define SSL_AEAD 0x00000040U +#define SSL_GOST12_256 0x00000080U +#define SSL_GOST89MAC12 0x00000100U +#define SSL_GOST12_512 0x00000200U +#define SSL_MAGMAOMAC 0x00000400U +#define SSL_KUZNYECHIKOMAC 0x00000800U /* * When adding new digest in the ssl_ciph.c and increment SSL_MD_NUM_IDX make * sure to update this constant too */ -# define SSL_MD_MD5_IDX 0 -# define SSL_MD_SHA1_IDX 1 -# define SSL_MD_GOST94_IDX 2 -# define SSL_MD_GOST89MAC_IDX 3 -# define SSL_MD_SHA256_IDX 4 -# define SSL_MD_SHA384_IDX 5 -# define SSL_MD_GOST12_256_IDX 6 -# define SSL_MD_GOST89MAC12_IDX 7 -# define SSL_MD_GOST12_512_IDX 8 -# define SSL_MD_MD5_SHA1_IDX 9 -# define SSL_MD_SHA224_IDX 10 -# define SSL_MD_SHA512_IDX 11 -# define SSL_MD_MAGMAOMAC_IDX 12 -# define SSL_MD_KUZNYECHIKOMAC_IDX 13 -# define SSL_MAX_DIGEST 14 +#define SSL_MD_MD5_IDX 0 +#define SSL_MD_SHA1_IDX 1 +#define SSL_MD_GOST94_IDX 2 +#define SSL_MD_GOST89MAC_IDX 3 +#define SSL_MD_SHA256_IDX 4 +#define SSL_MD_SHA384_IDX 5 +#define SSL_MD_GOST12_256_IDX 6 +#define SSL_MD_GOST89MAC12_IDX 7 +#define SSL_MD_GOST12_512_IDX 8 +#define SSL_MD_MD5_SHA1_IDX 9 +#define SSL_MD_SHA224_IDX 10 +#define SSL_MD_SHA512_IDX 11 +#define SSL_MD_MAGMAOMAC_IDX 12 +#define SSL_MD_KUZNYECHIKOMAC_IDX 13 +#define SSL_MAX_DIGEST 14 -#define SSL_MD_NUM_IDX SSL_MAX_DIGEST +#define SSL_MD_NUM_IDX SSL_MAX_DIGEST /* Bits for algorithm2 (handshake digests and other extra flags) */ /* Bits 0-7 are handshake MAC */ -# define SSL_HANDSHAKE_MAC_MASK 0xFF -# define SSL_HANDSHAKE_MAC_MD5_SHA1 SSL_MD_MD5_SHA1_IDX -# define SSL_HANDSHAKE_MAC_SHA256 SSL_MD_SHA256_IDX -# define SSL_HANDSHAKE_MAC_SHA384 SSL_MD_SHA384_IDX -# define SSL_HANDSHAKE_MAC_GOST94 SSL_MD_GOST94_IDX -# define SSL_HANDSHAKE_MAC_GOST12_256 SSL_MD_GOST12_256_IDX -# define SSL_HANDSHAKE_MAC_GOST12_512 SSL_MD_GOST12_512_IDX -# define SSL_HANDSHAKE_MAC_DEFAULT SSL_HANDSHAKE_MAC_MD5_SHA1 +#define SSL_HANDSHAKE_MAC_MASK 0xFF +#define SSL_HANDSHAKE_MAC_MD5_SHA1 SSL_MD_MD5_SHA1_IDX +#define SSL_HANDSHAKE_MAC_SHA256 SSL_MD_SHA256_IDX +#define SSL_HANDSHAKE_MAC_SHA384 SSL_MD_SHA384_IDX +#define SSL_HANDSHAKE_MAC_GOST94 SSL_MD_GOST94_IDX +#define SSL_HANDSHAKE_MAC_GOST12_256 SSL_MD_GOST12_256_IDX +#define SSL_HANDSHAKE_MAC_GOST12_512 SSL_MD_GOST12_512_IDX +#define SSL_HANDSHAKE_MAC_DEFAULT SSL_HANDSHAKE_MAC_MD5_SHA1 /* Bits 8-15 bits are PRF */ -# define TLS1_PRF_DGST_SHIFT 8 -# define TLS1_PRF_SHA1_MD5 (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF_SHA256 (SSL_MD_SHA256_IDX << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF_SHA384 (SSL_MD_SHA384_IDX << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF_GOST94 (SSL_MD_GOST94_IDX << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF_GOST12_256 (SSL_MD_GOST12_256_IDX << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF_GOST12_512 (SSL_MD_GOST12_512_IDX << TLS1_PRF_DGST_SHIFT) -# define TLS1_PRF (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_DGST_SHIFT 8 +#define TLS1_PRF_SHA1_MD5 (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_SHA256 (SSL_MD_SHA256_IDX << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_SHA384 (SSL_MD_SHA384_IDX << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_GOST94 (SSL_MD_GOST94_IDX << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_GOST12_256 (SSL_MD_GOST12_256_IDX << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_GOST12_512 (SSL_MD_GOST12_512_IDX << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT) /* * Stream MAC for GOST ciphersuites from cryptopro draft (currently this also * goes into algorithm2) */ -# define TLS1_STREAM_MAC 0x10000 +#define TLS1_STREAM_MAC 0x10000 /* * TLSTREE cipher/mac key derivation from draft-smyshlyaev-tls12-gost-suites * (currently this also goes into algorithm2) */ -# define TLS1_TLSTREE 0x20000 +#define TLS1_TLSTREE 0x20000 -# define SSL_STRONG_MASK 0x0000001FU -# define SSL_DEFAULT_MASK 0X00000020U +#define SSL_STRONG_MASK 0x0000001FU +#define SSL_DEFAULT_MASK 0X00000020U -# define SSL_STRONG_NONE 0x00000001U -# define SSL_LOW 0x00000002U -# define SSL_MEDIUM 0x00000004U -# define SSL_HIGH 0x00000008U -# define SSL_FIPS 0x00000010U -# define SSL_NOT_DEFAULT 0x00000020U +#define SSL_STRONG_NONE 0x00000001U +#define SSL_LOW 0x00000002U +#define SSL_MEDIUM 0x00000004U +#define SSL_HIGH 0x00000008U +#define SSL_FIPS 0x00000010U +#define SSL_NOT_DEFAULT 0x00000020U /* we have used 0000003f - 26 bits left to go */ /* Flag used on OpenSSL ciphersuite ids to indicate they are for SSLv3+ */ -# define SSL3_CK_CIPHERSUITE_FLAG 0x03000000 +#define SSL3_CK_CIPHERSUITE_FLAG 0x03000000 /* Check if an SSL structure is using DTLS */ -# define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) +#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) /* Check if we are using TLSv1.3 */ -# define SSL_IS_TLS13(s) (!SSL_IS_DTLS(s) \ - && (s)->method->version >= TLS1_3_VERSION \ - && (s)->method->version != TLS_ANY_VERSION) +#define SSL_IS_TLS13(s) (!SSL_IS_DTLS(s) \ + && (s)->method->version >= TLS1_3_VERSION \ + && (s)->method->version != TLS_ANY_VERSION) -# define SSL_TREAT_AS_TLS13(s) \ +#define SSL_TREAT_AS_TLS13(s) \ (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \ - || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \ - || (s)->early_data_state == SSL_EARLY_DATA_WRITING \ - || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \ - || (s)->hello_retry_request == SSL_HRR_PENDING) + || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \ + || (s)->early_data_state == SSL_EARLY_DATA_WRITING \ + || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \ + || (s)->hello_retry_request == SSL_HRR_PENDING) -# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3.tmp.finish_md_len == 0 \ - || (s)->s3.tmp.peer_finish_md_len == 0) +#define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3.tmp.finish_md_len == 0 \ + || (s)->s3.tmp.peer_finish_md_len == 0) /* See if we need explicit IV */ -# define SSL_USE_EXPLICIT_IV(s) \ - (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) +#define SSL_USE_EXPLICIT_IV(s) \ + (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) /* * See if we use signature algorithms extension and signature algorithm * before signatures. */ -# define SSL_USE_SIGALGS(s) \ - (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) +#define SSL_USE_SIGALGS(s) \ + (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) /* * Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may * apply to others in future. */ -# define SSL_USE_TLS1_2_CIPHERS(s) \ - (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) +#define SSL_USE_TLS1_2_CIPHERS(s) \ + (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) /* * Determine if a client can use TLS 1.2 ciphersuites: can't rely on method * flags because it may not be set to correct version yet. */ -# define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \ - ((!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || \ - (SSL_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION))) +#define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \ + ((!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || (SSL_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION))) /* * Determine if a client should send signature algorithms extension: * as with TLS1.2 cipher we can't rely on method flags. */ -# define SSL_CLIENT_USE_SIGALGS(s) \ +#define SSL_CLIENT_USE_SIGALGS(s) \ SSL_CLIENT_USE_TLS1_2_CIPHERS(s) -# define IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value) \ - (((value) >= TLSEXT_max_fragment_length_512) && \ - ((value) <= TLSEXT_max_fragment_length_4096)) -# define USE_MAX_FRAGMENT_LENGTH_EXT(session) \ +#define IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value) \ + (((value) >= TLSEXT_max_fragment_length_512) && ((value) <= TLSEXT_max_fragment_length_4096)) +#define USE_MAX_FRAGMENT_LENGTH_EXT(session) \ IS_MAX_FRAGMENT_LENGTH_EXT_VALID(session->ext.max_fragment_len_mode) -# define GET_MAX_FRAGMENT_LENGTH(session) \ +#define GET_MAX_FRAGMENT_LENGTH(session) \ (512U << (session->ext.max_fragment_len_mode - 1)) -# define SSL_READ_ETM(s) (s->s3.flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ) -# define SSL_WRITE_ETM(s) (s->s3.flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE) +#define SSL_READ_ETM(s) (s->s3.flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ) +#define SSL_WRITE_ETM(s) (s->s3.flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE) /* Mostly for SSLv3 */ -# define SSL_PKEY_RSA 0 -# define SSL_PKEY_RSA_PSS_SIGN 1 -# define SSL_PKEY_DSA_SIGN 2 -# define SSL_PKEY_ECC 3 -# define SSL_PKEY_GOST01 4 -# define SSL_PKEY_GOST12_256 5 -# define SSL_PKEY_GOST12_512 6 -# define SSL_PKEY_ED25519 7 -# define SSL_PKEY_ED448 8 -# define SSL_PKEY_NUM 9 +#define SSL_PKEY_RSA 0 +#define SSL_PKEY_RSA_PSS_SIGN 1 +#define SSL_PKEY_DSA_SIGN 2 +#define SSL_PKEY_ECC 3 +#define SSL_PKEY_GOST01 4 +#define SSL_PKEY_GOST12_256 5 +#define SSL_PKEY_GOST12_512 6 +#define SSL_PKEY_ED25519 7 +#define SSL_PKEY_ED448 8 +#define SSL_PKEY_NUM 9 -# define SSL_ENC_DES_IDX 0 -# define SSL_ENC_3DES_IDX 1 -# define SSL_ENC_RC4_IDX 2 -# define SSL_ENC_RC2_IDX 3 -# define SSL_ENC_IDEA_IDX 4 -# define SSL_ENC_NULL_IDX 5 -# define SSL_ENC_AES128_IDX 6 -# define SSL_ENC_AES256_IDX 7 -# define SSL_ENC_CAMELLIA128_IDX 8 -# define SSL_ENC_CAMELLIA256_IDX 9 -# define SSL_ENC_GOST89_IDX 10 -# define SSL_ENC_SEED_IDX 11 -# define SSL_ENC_AES128GCM_IDX 12 -# define SSL_ENC_AES256GCM_IDX 13 -# define SSL_ENC_AES128CCM_IDX 14 -# define SSL_ENC_AES256CCM_IDX 15 -# define SSL_ENC_AES128CCM8_IDX 16 -# define SSL_ENC_AES256CCM8_IDX 17 -# define SSL_ENC_GOST8912_IDX 18 -# define SSL_ENC_CHACHA_IDX 19 -# define SSL_ENC_ARIA128GCM_IDX 20 -# define SSL_ENC_ARIA256GCM_IDX 21 -# define SSL_ENC_MAGMA_IDX 22 -# define SSL_ENC_KUZNYECHIK_IDX 23 -# define SSL_ENC_NUM_IDX 24 +#define SSL_ENC_DES_IDX 0 +#define SSL_ENC_3DES_IDX 1 +#define SSL_ENC_RC4_IDX 2 +#define SSL_ENC_RC2_IDX 3 +#define SSL_ENC_IDEA_IDX 4 +#define SSL_ENC_NULL_IDX 5 +#define SSL_ENC_AES128_IDX 6 +#define SSL_ENC_AES256_IDX 7 +#define SSL_ENC_CAMELLIA128_IDX 8 +#define SSL_ENC_CAMELLIA256_IDX 9 +#define SSL_ENC_GOST89_IDX 10 +#define SSL_ENC_SEED_IDX 11 +#define SSL_ENC_AES128GCM_IDX 12 +#define SSL_ENC_AES256GCM_IDX 13 +#define SSL_ENC_AES128CCM_IDX 14 +#define SSL_ENC_AES256CCM_IDX 15 +#define SSL_ENC_AES128CCM8_IDX 16 +#define SSL_ENC_AES256CCM8_IDX 17 +#define SSL_ENC_GOST8912_IDX 18 +#define SSL_ENC_CHACHA_IDX 19 +#define SSL_ENC_ARIA128GCM_IDX 20 +#define SSL_ENC_ARIA256GCM_IDX 21 +#define SSL_ENC_MAGMA_IDX 22 +#define SSL_ENC_KUZNYECHIK_IDX 23 +#define SSL_ENC_NUM_IDX 24 /*- * SSL_kRSA <- RSA_ENC @@ -450,36 +463,36 @@ /* Post-Handshake Authentication state */ typedef enum { SSL_PHA_NONE = 0, - SSL_PHA_EXT_SENT, /* client-side only: extension sent */ - SSL_PHA_EXT_RECEIVED, /* server-side only: extension received */ + SSL_PHA_EXT_SENT, /* client-side only: extension sent */ + SSL_PHA_EXT_RECEIVED, /* server-side only: extension received */ SSL_PHA_REQUEST_PENDING, /* server-side only: request pending */ - SSL_PHA_REQUESTED /* request received by client, or sent by server */ + SSL_PHA_REQUESTED /* request received by client, or sent by server */ } SSL_PHA_STATE; /* CipherSuite length. SSLv3 and all TLS versions. */ -# define TLS_CIPHER_LEN 2 +#define TLS_CIPHER_LEN 2 /* used to hold info on the particular ciphers used */ struct ssl_cipher_st { uint32_t valid; - const char *name; /* text name */ - const char *stdname; /* RFC name */ - uint32_t id; /* id, 4 bytes, first is version */ + const char *name; /* text name */ + const char *stdname; /* RFC name */ + uint32_t id; /* id, 4 bytes, first is version */ /* * changed in 1.0.0: these four used to be portions of a single value * 'algorithms' */ - uint32_t algorithm_mkey; /* key exchange algorithm */ - uint32_t algorithm_auth; /* server authentication */ - uint32_t algorithm_enc; /* symmetric encryption */ - uint32_t algorithm_mac; /* symmetric authentication */ - int min_tls; /* minimum SSL/TLS protocol version */ - int max_tls; /* maximum SSL/TLS protocol version */ - int min_dtls; /* minimum DTLS protocol version */ - int max_dtls; /* maximum DTLS protocol version */ - uint32_t algo_strength; /* strength and export flags */ - uint32_t algorithm2; /* Extra flags */ - int32_t strength_bits; /* Number of bits really used */ - uint32_t alg_bits; /* Number of bits for algorithm */ + uint32_t algorithm_mkey; /* key exchange algorithm */ + uint32_t algorithm_auth; /* server authentication */ + uint32_t algorithm_enc; /* symmetric encryption */ + uint32_t algorithm_mac; /* symmetric authentication */ + int min_tls; /* minimum SSL/TLS protocol version */ + int max_tls; /* maximum SSL/TLS protocol version */ + int min_dtls; /* minimum DTLS protocol version */ + int max_dtls; /* maximum DTLS protocol version */ + uint32_t algo_strength; /* strength and export flags */ + uint32_t algorithm2; /* Extra flags */ + int32_t strength_bits; /* Number of bits really used */ + uint32_t alg_bits; /* Number of bits for algorithm */ }; /* Used to hold SSL/TLS functions */ @@ -487,43 +500,43 @@ struct ssl_method_st { int version; unsigned flags; unsigned long mask; - int (*ssl_new) (SSL *s); - int (*ssl_clear) (SSL *s); - void (*ssl_free) (SSL *s); - int (*ssl_accept) (SSL *s); - int (*ssl_connect) (SSL *s); - int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *readbytes); - int (*ssl_peek) (SSL *s, void *buf, size_t len, size_t *readbytes); - int (*ssl_write) (SSL *s, const void *buf, size_t len, size_t *written); - int (*ssl_shutdown) (SSL *s); - int (*ssl_renegotiate) (SSL *s); - int (*ssl_renegotiate_check) (SSL *s, int); - int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type, - unsigned char *buf, size_t len, int peek, - size_t *readbytes); - int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, size_t len, - size_t *written); - int (*ssl_dispatch_alert) (SSL *s); - long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); - long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); - const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); - int (*put_cipher_by_char) (const SSL_CIPHER *cipher, WPACKET *pkt, - size_t *len); - size_t (*ssl_pending) (const SSL *s); - int (*num_ciphers) (void); - const SSL_CIPHER *(*get_cipher) (unsigned ncipher); - long (*get_timeout) (void); + int (*ssl_new)(SSL *s); + int (*ssl_clear)(SSL *s); + void (*ssl_free)(SSL *s); + int (*ssl_accept)(SSL *s); + int (*ssl_connect)(SSL *s); + int (*ssl_read)(SSL *s, void *buf, size_t len, size_t *readbytes); + int (*ssl_peek)(SSL *s, void *buf, size_t len, size_t *readbytes); + int (*ssl_write)(SSL *s, const void *buf, size_t len, size_t *written); + int (*ssl_shutdown)(SSL *s); + int (*ssl_renegotiate)(SSL *s); + int (*ssl_renegotiate_check)(SSL *s, int); + int (*ssl_read_bytes)(SSL *s, int type, int *recvd_type, + unsigned char *buf, size_t len, int peek, + size_t *readbytes); + int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, size_t len, + size_t *written); + int (*ssl_dispatch_alert)(SSL *s); + long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg); + long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg); + const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); + int (*put_cipher_by_char)(const SSL_CIPHER *cipher, WPACKET *pkt, + size_t *len); + size_t (*ssl_pending)(const SSL *s); + int (*num_ciphers)(void); + const SSL_CIPHER *(*get_cipher)(unsigned ncipher); + long (*get_timeout)(void); const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ - int (*ssl_version) (void); - long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void)); - long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); + int (*ssl_version)(void); + long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); + long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); }; /* * Matches the length of PSK_MAX_PSK_LEN. We keep it the same value for * consistency, even in the event of OPENSSL_NO_PSK being defined. */ -# define TLS13_MAX_RESUMPTION_PSK_LENGTH 512 +#define TLS13_MAX_RESUMPTION_PSK_LENGTH 512 /*- * Lets make this into an ASN.1 type structure as follows @@ -552,8 +565,8 @@ struct ssl_method_st { * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). */ struct ssl_session_st { - int ssl_version; /* what ssl version session info is being kept - * in here? */ + int ssl_version; /* what ssl version session info is being kept + * in here? */ size_t master_key_length; /* TLSv1.3 early_secret used for external PSKs */ @@ -573,10 +586,10 @@ struct ssl_session_st { */ size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -# ifndef OPENSSL_NO_PSK +#ifndef OPENSSL_NO_PSK char *psk_identity_hint; char *psk_identity; -# endif +#endif /* * Used to indicate that session resumption is not allowed. Applications * can also set this bit for a new session via not_resumable_session_cb @@ -591,7 +604,7 @@ struct ssl_session_st { * when app_verify_callback accepts a session where the peer's * certificate is not ok, we must remember the error for session reuse: */ - long verify_result; /* only for servers */ + long verify_result; /* only for servers */ CRYPTO_REF_COUNT references; time_t timeout; time_t time; @@ -599,10 +612,10 @@ struct ssl_session_st { int timeout_ovf; unsigned int compress_meth; /* Need to lookup the method */ const SSL_CIPHER *cipher; - unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to - * load the 'cipher' structure */ - unsigned int kex_group; /* TLS group from key exchange */ - CRYPTO_EX_DATA ex_data; /* application specific data */ + unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to + * load the 'cipher' structure */ + unsigned int kex_group; /* TLS group from key exchange */ + CRYPTO_EX_DATA ex_data; /* application specific data */ /* * These are used to make removal of session-ids more efficient and to * implement a maximum cache size. @@ -613,7 +626,7 @@ struct ssl_session_st { char *hostname; /* RFC4507 info */ unsigned char *tick; /* Session ticket */ - size_t ticklen; /* Session ticket length */ + size_t ticklen; /* Session ticket length */ /* Session lifetime hint in seconds */ unsigned long tick_lifetime_hint; uint32_t tick_age_add; @@ -630,9 +643,9 @@ struct ssl_session_st { */ uint8_t max_fragment_len_mode; } ext; -# ifndef OPENSSL_NO_SRP +#ifndef OPENSSL_NO_SRP char *srp_username; -# endif +#endif unsigned char *ticket_appdata; size_t ticket_appdata_len; uint32_t flags; @@ -641,19 +654,19 @@ struct ssl_session_st { }; /* Extended master secret support */ -# define SSL_SESS_FLAG_EXTMS 0x1 +#define SSL_SESS_FLAG_EXTMS 0x1 -# ifndef OPENSSL_NO_SRP +#ifndef OPENSSL_NO_SRP typedef struct srp_ctx_st { /* param for all the callbacks */ void *SRP_cb_arg; /* set client Hello login callback */ - int (*TLS_ext_srp_username_callback) (SSL *, int *, void *); + int (*TLS_ext_srp_username_callback)(SSL *, int *, void *); /* set SRP N/g param callback for verification */ - int (*SRP_verify_param_callback) (SSL *, void *); + int (*SRP_verify_param_callback)(SSL *, void *); /* set SRP client passwd callback */ - char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *); + char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *); char *login; BIGNUM *N, *g, *s, *B, *A; BIGNUM *a, *b, *v; @@ -662,7 +675,7 @@ typedef struct srp_ctx_st { unsigned long srp_Mask; } SRP_CTX; -# endif +#endif typedef enum { SSL_EARLY_DATA_NONE = 0, @@ -690,7 +703,7 @@ typedef enum { * The longest tag length we know of is EVP_GCM_TLS_TAG_LEN. We don't count the * content of the alert record either which is 2 bytes. */ -# define EARLY_DATA_CIPHERTEXT_OVERHEAD ((6 * (EVP_GCM_TLS_TAG_LEN + 1)) + 2) +#define EARLY_DATA_CIPHERTEXT_OVERHEAD ((6 * (EVP_GCM_TLS_TAG_LEN + 1)) + 2) /* * The allowance we have between the client's calculated ticket age and our own. @@ -698,9 +711,9 @@ typedef enum { * client's age calculation is different by more than this than our own then we * do not allow that ticket for early_data. */ -# define TICKET_AGE_ALLOWANCE (10 * 1000) +#define TICKET_AGE_ALLOWANCE (10 * 1000) -#define MAX_COMPRESSIONS_SIZE 255 +#define MAX_COMPRESSIONS_SIZE 255 struct ssl_comp_st { int id; @@ -776,8 +789,8 @@ DEFINE_LHASH_OF(SSL_SESSION); /* Needed in ssl_cert.c */ DEFINE_LHASH_OF(X509_NAME); -# define TLSEXT_KEYNAME_LENGTH 16 -# define TLSEXT_TICK_KEY_LENGTH 32 +#define TLSEXT_KEYNAME_LENGTH 16 +#define TLSEXT_TICK_KEY_LENGTH 32 typedef struct ssl_ctx_ext_secure_st { unsigned char tick_hmac_key[TLSEXT_TICK_KEY_LENGTH]; @@ -793,50 +806,50 @@ typedef struct ssl_ctx_ext_secure_st { */ typedef struct ssl_hmac_st { EVP_MAC_CTX *ctx; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 HMAC_CTX *old_ctx; -# endif +#endif } SSL_HMAC; SSL_HMAC *ssl_hmac_new(const SSL_CTX *ctx); void ssl_hmac_free(SSL_HMAC *ctx); -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 HMAC_CTX *ssl_hmac_get0_HMAC_CTX(SSL_HMAC *ctx); -# endif +#endif EVP_MAC_CTX *ssl_hmac_get0_EVP_MAC_CTX(SSL_HMAC *ctx); int ssl_hmac_init(SSL_HMAC *ctx, void *key, size_t len, char *md); int ssl_hmac_update(SSL_HMAC *ctx, const unsigned char *data, size_t len); int ssl_hmac_final(SSL_HMAC *ctx, unsigned char *md, size_t *len, - size_t max_size); + size_t max_size); size_t ssl_hmac_size(const SSL_HMAC *ctx); int ssl_get_EC_curve_nid(const EVP_PKEY *pkey); __owur int tls13_set_encoded_pub_key(EVP_PKEY *pkey, - const unsigned char *enckey, - size_t enckeylen); + const unsigned char *enckey, + size_t enckeylen); typedef struct tls_group_info_st { - char *tlsname; /* Curve Name as in TLS specs */ - char *realname; /* Curve Name according to provider */ - char *algorithm; /* Algorithm name to fetch */ - unsigned int secbits; /* Bits of security (from SP800-57) */ - uint16_t group_id; /* Group ID */ - int mintls; /* Minimum TLS version, -1 unsupported */ - int maxtls; /* Maximum TLS version (or 0 for undefined) */ - int mindtls; /* Minimum DTLS version, -1 unsupported */ - int maxdtls; /* Maximum DTLS version (or 0 for undefined) */ - char is_kem; /* Mode for this Group: 0 is KEX, 1 is KEM */ + char *tlsname; /* Curve Name as in TLS specs */ + char *realname; /* Curve Name according to provider */ + char *algorithm; /* Algorithm name to fetch */ + unsigned int secbits; /* Bits of security (from SP800-57) */ + uint16_t group_id; /* Group ID */ + int mintls; /* Minimum TLS version, -1 unsupported */ + int maxtls; /* Maximum TLS version (or 0 for undefined) */ + int mindtls; /* Minimum DTLS version, -1 unsupported */ + int maxdtls; /* Maximum DTLS version (or 0 for undefined) */ + char is_kem; /* Mode for this Group: 0 is KEX, 1 is KEM */ } TLS_GROUP_INFO; /* flags values */ -# define TLS_GROUP_TYPE 0x0000000FU /* Mask for group type */ -# define TLS_GROUP_CURVE_PRIME 0x00000001U -# define TLS_GROUP_CURVE_CHAR2 0x00000002U -# define TLS_GROUP_CURVE_CUSTOM 0x00000004U -# define TLS_GROUP_FFDHE 0x00000008U -# define TLS_GROUP_ONLY_FOR_TLS1_3 0x00000010U +#define TLS_GROUP_TYPE 0x0000000FU /* Mask for group type */ +#define TLS_GROUP_CURVE_PRIME 0x00000001U +#define TLS_GROUP_CURVE_CHAR2 0x00000002U +#define TLS_GROUP_CURVE_CUSTOM 0x00000004U +#define TLS_GROUP_FFDHE 0x00000008U +#define TLS_GROUP_ONLY_FOR_TLS1_3 0x00000010U -# define TLS_GROUP_FFDHE_FOR_TLS1_3 (TLS_GROUP_FFDHE|TLS_GROUP_ONLY_FOR_TLS1_3) +#define TLS_GROUP_FFDHE_FOR_TLS1_3 (TLS_GROUP_FFDHE | TLS_GROUP_ONLY_FOR_TLS1_3) struct ssl_ctx_st { OSSL_LIB_CTX *libctx; @@ -877,29 +890,29 @@ struct ssl_ctx_st { * removed from the cache. After the call, OpenSSL will * SSL_SESSION_free() it. */ - int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess); - void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess); - SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl, - const unsigned char *data, int len, - int *copy); + int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess); + void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess); + SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, + const unsigned char *data, int len, + int *copy); struct { - TSAN_QUALIFIER int sess_connect; /* SSL new conn - started */ + TSAN_QUALIFIER int sess_connect; /* SSL new conn - started */ TSAN_QUALIFIER int sess_connect_renegotiate; /* SSL reneg - requested */ - TSAN_QUALIFIER int sess_connect_good; /* SSL new conne/reneg - finished */ - TSAN_QUALIFIER int sess_accept; /* SSL new accept - started */ + TSAN_QUALIFIER int sess_connect_good; /* SSL new conne/reneg - finished */ + TSAN_QUALIFIER int sess_accept; /* SSL new accept - started */ TSAN_QUALIFIER int sess_accept_renegotiate; /* SSL reneg - requested */ - TSAN_QUALIFIER int sess_accept_good; /* SSL accept/reneg - finished */ - TSAN_QUALIFIER int sess_miss; /* session lookup misses */ - TSAN_QUALIFIER int sess_timeout; /* reuse attempt on timeouted session */ - TSAN_QUALIFIER int sess_cache_full; /* session removed due to full cache */ - TSAN_QUALIFIER int sess_hit; /* session reuse actually done */ - TSAN_QUALIFIER int sess_cb_hit; /* session-id that was not in - * the cache was passed back via - * the callback. This indicates - * that the application is - * supplying session-id's from - * other processes - spooky - * :-) */ + TSAN_QUALIFIER int sess_accept_good; /* SSL accept/reneg - finished */ + TSAN_QUALIFIER int sess_miss; /* session lookup misses */ + TSAN_QUALIFIER int sess_timeout; /* reuse attempt on timeouted session */ + TSAN_QUALIFIER int sess_cache_full; /* session removed due to full cache */ + TSAN_QUALIFIER int sess_hit; /* session reuse actually done */ + TSAN_QUALIFIER int sess_cb_hit; /* session-id that was not in + * the cache was passed back via + * the callback. This indicates + * that the application is + * supplying session-id's from + * other processes - spooky + * :-) */ } stats; #ifdef TSAN_REQUIRES_LOCKING CRYPTO_RWLOCK *tsan_lock; @@ -908,7 +921,7 @@ struct ssl_ctx_st { CRYPTO_REF_COUNT references; /* if defined, these override the X509_verify_cert() calls */ - int (*app_verify_callback) (X509_STORE_CTX *, void *); + int (*app_verify_callback)(X509_STORE_CTX *, void *); void *app_verify_arg; /* * before OpenSSL 0.9.7, 'app_verify_arg' was ignored @@ -922,28 +935,28 @@ struct ssl_ctx_st { void *default_passwd_callback_userdata; /* get client cert callback */ - int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey); + int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); /* cookie generate callback */ - int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie, - unsigned int *cookie_len); + int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, + unsigned int *cookie_len); /* verify cookie callback */ - int (*app_verify_cookie_cb) (SSL *ssl, const unsigned char *cookie, - unsigned int cookie_len); + int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie, + unsigned int cookie_len); /* TLS1.3 app-controlled cookie generate callback */ - int (*gen_stateless_cookie_cb) (SSL *ssl, unsigned char *cookie, - size_t *cookie_len); + int (*gen_stateless_cookie_cb)(SSL *ssl, unsigned char *cookie, + size_t *cookie_len); /* TLS1.3 verify app-controlled cookie callback */ - int (*verify_stateless_cookie_cb) (SSL *ssl, const unsigned char *cookie, - size_t cookie_len); + int (*verify_stateless_cookie_cb)(SSL *ssl, const unsigned char *cookie, + size_t cookie_len); CRYPTO_EX_DATA ex_data; - const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ - const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */ + const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ + const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */ STACK_OF(X509) *extra_certs; STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ @@ -951,7 +964,7 @@ struct ssl_ctx_st { /* Default values used when no per-SSL value is defined follow */ /* used if SSL's info_callback is NULL */ - void (*info_callback) (const SSL *ssl, int type, int val); + void (*info_callback)(const SSL *ssl, int type, int val); /* * What we put in certificate_authorities extension for TLS 1.3 @@ -977,15 +990,15 @@ struct ssl_ctx_st { int read_ahead; /* callback that allows applications to peek at protocol messages */ - void (*msg_callback) (int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, void *arg); + void (*msg_callback)(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); void *msg_callback_arg; uint32_t verify_mode; size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; /* called 'verify_callback' in the SSL */ - int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); + int (*default_verify_callback)(int ok, X509_STORE_CTX *ctx); /* Default generate session ID callback. */ GEN_SESSION_CB generate_session_id; @@ -994,15 +1007,15 @@ struct ssl_ctx_st { int quiet_shutdown; -# ifndef OPENSSL_NO_CT - CTLOG_STORE *ctlog_store; /* CT Log Store */ +#ifndef OPENSSL_NO_CT + CTLOG_STORE *ctlog_store; /* CT Log Store */ /* * Validates that the SCTs (Signed Certificate Timestamps) are sufficient. * If they are not, the connection should be aborted. */ ssl_ct_validation_cb ct_validation_callback; void *ct_validation_callback_arg; -# endif +#endif /* * If we're using more than one pipeline how should we divide the data @@ -1021,12 +1034,12 @@ struct ssl_ctx_st { /* The default read buffer length to use (0 means not set) */ size_t default_read_buf_len; -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE /* * Engine to pass requests for client certs to */ ENGINE *client_cert_engine; -# endif +#endif /* ClientHello callback. Mostly for extensions, but not entirely. */ SSL_client_hello_cb_fn client_hello_cb; @@ -1035,25 +1048,25 @@ struct ssl_ctx_st { /* TLS extensions. */ struct { /* TLS extensions servername callback */ - int (*servername_cb) (SSL *, int *, void *); + int (*servername_cb)(SSL *, int *, void *); void *servername_arg; /* RFC 4507 session ticket keys */ unsigned char tick_key_name[TLSEXT_KEYNAME_LENGTH]; SSL_CTX_EXT_SECURE *secure; -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* Callback to support customisation of ticket key setting */ - int (*ticket_key_cb) (SSL *ssl, - unsigned char *name, unsigned char *iv, - EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); + int (*ticket_key_cb)(SSL *ssl, + unsigned char *name, unsigned char *iv, + EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); #endif - int (*ticket_key_evp_cb) (SSL *ssl, - unsigned char *name, unsigned char *iv, - EVP_CIPHER_CTX *ectx, EVP_MAC_CTX *hctx, - int enc); + int (*ticket_key_evp_cb)(SSL *ssl, + unsigned char *name, unsigned char *iv, + EVP_CIPHER_CTX *ectx, EVP_MAC_CTX *hctx, + int enc); /* certificate status request info */ /* Callback for status request */ - int (*status_cb) (SSL *ssl, void *arg); + int (*status_cb)(SSL *ssl, void *arg); void *status_arg; /* ext status type used for CSR extension (OCSP Stapling) */ int status_type; @@ -1084,11 +1097,11 @@ struct ssl_ctx_st { * wire-format. * inlen: the length of |in|. */ - int (*alpn_select_cb) (SSL *s, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, void *arg); + int (*alpn_select_cb)(SSL *s, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, void *arg); void *alpn_select_cb_arg; /* @@ -1098,7 +1111,7 @@ struct ssl_ctx_st { unsigned char *alpn; size_t alpn_len; -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG /* Next protocol negotiation information */ /* @@ -1113,34 +1126,34 @@ struct ssl_ctx_st { */ SSL_CTX_npn_select_cb_func npn_select_cb; void *npn_select_cb_arg; -# endif +#endif unsigned char cookie_hmac_key[SHA256_DIGEST_LENGTH]; } ext; -# ifndef OPENSSL_NO_PSK +#ifndef OPENSSL_NO_PSK SSL_psk_client_cb_func psk_client_callback; SSL_psk_server_cb_func psk_server_callback; -# endif +#endif SSL_psk_find_session_cb_func psk_find_session_cb; SSL_psk_use_session_cb_func psk_use_session_cb; -# ifndef OPENSSL_NO_SRP - SRP_CTX srp_ctx; /* ctx for SRP authentication */ -# endif +#ifndef OPENSSL_NO_SRP + SRP_CTX srp_ctx; /* ctx for SRP authentication */ +#endif /* Shared DANE context */ struct dane_ctx_st dane; -# ifndef OPENSSL_NO_SRTP +#ifndef OPENSSL_NO_SRTP /* SRTP profiles we are willing to do from RFC 5764 */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; -# endif +#endif /* * Callback for disabling session caching and ticket support on a session * basis, depending on the chosen cipher. */ - int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); + int (*not_resumable_session_cb)(SSL *ssl, int is_forward_secure); CRYPTO_RWLOCK *lock; @@ -1233,7 +1246,7 @@ struct ssl_st { * request needs re-doing when in SSL_accept or SSL_connect */ int rwstate; - int (*handshake_func) (SSL *); + int (*handshake_func)(SSL *); /* * Imagine that here's a boolean member "init" that is switched as soon * as SSL_set_{accept/connect}_state is called for the first time, so @@ -1257,11 +1270,11 @@ struct ssl_st { /* where we are */ OSSL_STATEM statem; SSL_EARLY_DATA_STATE early_data_state; - BUF_MEM *init_buf; /* buffer used during init */ - void *init_msg; /* pointer to handshake message body, set by - * ssl3_get_message() */ - size_t init_num; /* amount read/written */ - size_t init_off; /* amount read/written */ + BUF_MEM *init_buf; /* buffer used during init */ + void *init_msg; /* pointer to handshake message body, set by + * ssl3_get_message() */ + size_t init_num; /* amount read/written */ + size_t init_off; /* amount read/written */ struct { long flags; @@ -1313,7 +1326,7 @@ struct ssl_st { int message_type; /* used to hold the new cipher we are going to use */ const SSL_CIPHER *new_cipher; - EVP_PKEY *pkey; /* holds short lived key exchange key */ + EVP_PKEY *pkey; /* holds short lived key exchange key */ /* used for certificate requests */ int cert_req; /* Certificate types in certificate request message. */ @@ -1327,11 +1340,11 @@ struct ssl_st { const EVP_MD *new_hash; int new_mac_pkey_type; size_t new_mac_secret_size; -# ifndef OPENSSL_NO_COMP +#ifndef OPENSSL_NO_COMP const SSL_COMP *new_compression; -# else +#else char *new_compression; -# endif +#endif int cert_request; /* Raw values of the cipher list from a client */ unsigned char *ciphers_raw; @@ -1339,11 +1352,11 @@ struct ssl_st { /* Temporary storage for premaster secret */ unsigned char *pms; size_t pmslen; -# ifndef OPENSSL_NO_PSK +#ifndef OPENSSL_NO_PSK /* Temporary storage for PSK key */ unsigned char *psk; size_t psklen; -# endif +#endif /* Signature algorithm we actually use */ const struct sigalg_lookup_st *sigalg; /* Pointer to certificate we use */ @@ -1390,12 +1403,12 @@ struct ssl_st { size_t previous_server_finished_len; int send_connection_binding; -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG /* * Set if we saw the Next Protocol Negotiation extension from our peer. */ int npn_seen; -# endif +#endif /* * ALPN information (we are in the process of transitioning from NPN to @@ -1435,12 +1448,12 @@ struct ssl_st { } s3; - struct dtls1_state_st *d1; /* DTLSv1 variables */ + struct dtls1_state_st *d1; /* DTLSv1 variables */ /* callback that allows applications to peek at protocol messages */ - void (*msg_callback) (int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, void *arg); + void (*msg_callback)(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); void *msg_callback_arg; - int hit; /* reusing a previous session */ + int hit; /* reusing a previous session */ X509_VERIFY_PARAM *param; /* Per connection DANE state */ SSL_DANE dane; @@ -1472,12 +1485,12 @@ struct ssl_st { unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */ - EVP_MD_CTX *read_hash; /* used for mac generation */ - COMP_CTX *compress; /* compression */ - COMP_CTX *expand; /* uncompress */ + EVP_MD_CTX *read_hash; /* used for mac generation */ + COMP_CTX *compress; /* compression */ + COMP_CTX *expand; /* uncompress */ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */ - EVP_MD_CTX *write_hash; /* used for mac generation */ + EVP_MD_CTX *write_hash; /* used for mac generation */ /* session info */ /* client cert? */ /* This is used to hold the server certificate used */ @@ -1491,8 +1504,9 @@ struct ssl_st { size_t cert_verify_hash_len; /* Flag to indicate whether we should send a HelloRetryRequest or not */ - enum {SSL_HRR_NONE = 0, SSL_HRR_PENDING, SSL_HRR_COMPLETE} - hello_retry_request; + enum { SSL_HRR_NONE = 0, + SSL_HRR_PENDING, + SSL_HRR_COMPLETE } hello_retry_request; /* * the session_id_context is used to ensure sessions are only reused in @@ -1521,17 +1535,17 @@ struct ssl_st { */ uint32_t verify_mode; /* fail if callback returns 0 */ - int (*verify_callback) (int ok, X509_STORE_CTX *ctx); + int (*verify_callback)(int ok, X509_STORE_CTX *ctx); /* optional informational callback */ - void (*info_callback) (const SSL *ssl, int type, int val); + void (*info_callback)(const SSL *ssl, int type, int val); /* error bytes to be written */ int error; /* actual code */ int error_code; -# ifndef OPENSSL_NO_PSK +#ifndef OPENSSL_NO_PSK SSL_psk_client_cb_func psk_client_callback; SSL_psk_server_cb_func psk_server_callback; -# endif +#endif SSL_psk_find_session_cb_func psk_find_session_cb; SSL_psk_use_session_cb_func psk_use_session_cb; @@ -1581,7 +1595,7 @@ struct ssl_st { uint8_t extflags[TLSEXT_IDX_num_builtins]; /* TLS extension debug callback */ void (*debug_cb)(SSL *s, int client_server, int type, - const unsigned char *data, int len, void *arg); + const unsigned char *data, int len, void *arg); void *debug_arg; char *hostname; /* certificate status request info */ @@ -1619,7 +1633,7 @@ struct ssl_st { uint16_t *supportedgroups; size_t peer_supportedgroups_len; - /* peer's list */ + /* peer's list */ uint16_t *peer_supportedgroups; /* TLS Session Ticket extension override */ @@ -1695,7 +1709,7 @@ struct ssl_st { * 2 : don't call servername callback, no ack in server hello */ int servername_done; -# ifndef OPENSSL_NO_CT +#ifndef OPENSSL_NO_CT /* * Validates that the SCTs (Signed Certificate Timestamps) are sufficient. * If they are not, the connection should be aborted. @@ -1710,14 +1724,14 @@ struct ssl_st { STACK_OF(SCT) *scts; /* Have we attempted to find/parse SCTs yet? */ int scts_parsed; -# endif - SSL_CTX *session_ctx; /* initial ctx, used to store sessions */ -# ifndef OPENSSL_NO_SRTP +#endif + SSL_CTX *session_ctx; /* initial ctx, used to store sessions */ +#ifndef OPENSSL_NO_SRTP /* What we'll do */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What's been chosen */ SRTP_PROTECTION_PROFILE *srtp_profile; -# endif +#endif /*- * 1 if we are renegotiating. * 2 if we are a server and are inside a handshake @@ -1729,20 +1743,20 @@ struct ssl_st { /* Post-handshake authentication state */ SSL_PHA_STATE post_handshake_auth; int pha_enabled; - uint8_t* pha_context; + uint8_t *pha_context; size_t pha_context_len; int certreqs_sent; EVP_MD_CTX *pha_dgst; /* this is just the digest through ClientFinished */ -# ifndef OPENSSL_NO_SRP +#ifndef OPENSSL_NO_SRP /* ctx for SRP authentication */ SRP_CTX srp_ctx; -# endif +#endif /* * Callback for disabling session caching and ticket support on a session * basis, depending on the chosen cipher. */ - int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); + int (*not_resumable_session_cb)(SSL *ssl, int is_forward_secure); RECORD_LAYER rlayer; /* Default password callback. */ pem_password_cb *default_passwd_callback; @@ -1804,7 +1818,7 @@ struct ssl_st { /* * Structure containing table entry of values associated with the signature * algorithms (signature scheme) extension -*/ + */ typedef struct sigalg_lookup_st { /* TLS 1.3 signature scheme name */ const char *name; @@ -1837,23 +1851,23 @@ typedef struct { /* DTLS structures */ -# ifndef OPENSSL_NO_SCTP -# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" -# endif +#ifndef OPENSSL_NO_SCTP +#define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" +#endif /* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ -# define DTLS1_MAX_MTU_OVERHEAD 48 +#define DTLS1_MAX_MTU_OVERHEAD 48 /* * Flag used in message reuse to indicate the buffer contains the record * header as well as the handshake message header. */ -# define DTLS1_SKIP_RECORD_HEADER 2 +#define DTLS1_SKIP_RECORD_HEADER 2 struct dtls1_retransmit_state { EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ - EVP_MD_CTX *write_hash; /* used for mac generation */ - COMP_CTX *compress; /* compression */ + EVP_MD_CTX *write_hash; /* used for mac generation */ + COMP_CTX *compress; /* compression */ SSL_SESSION *session; unsigned short epoch; }; @@ -1878,7 +1892,7 @@ typedef struct pqueue_st pqueue; typedef struct pitem_st pitem; struct pitem_st { - unsigned char priority[8]; /* 64-bit value in big-endian encoding */ + unsigned char priority[8]; /* 64-bit value in big-endian encoding */ void *data; pitem *next; }; @@ -1909,8 +1923,8 @@ typedef struct dtls1_state_st { pqueue *buffered_messages; /* Buffered (sent) handshake records */ pqueue *sent_messages; - size_t link_mtu; /* max on-the-wire DTLS packet size */ - size_t mtu; /* max DTLS packet size */ + size_t link_mtu; /* max on-the-wire DTLS packet size */ + size_t mtu; /* max DTLS packet size */ struct hm_header_st w_msg_hdr; struct hm_header_st r_msg_hdr; /* Number of alerts received so far */ @@ -1923,9 +1937,9 @@ typedef struct dtls1_state_st { unsigned int timeout_duration_us; unsigned int retransmitting; -# ifndef OPENSSL_NO_SCTP +#ifndef OPENSSL_NO_SCTP int shutdown_received; -# endif +#endif DTLS_timer_cb timer_cb; @@ -1934,9 +1948,9 @@ typedef struct dtls1_state_st { /* * From ECC-TLS draft, used in encoding the curve type in ECParameters */ -# define EXPLICIT_PRIME_CURVE_TYPE 1 -# define EXPLICIT_CHAR2_CURVE_TYPE 2 -# define NAMED_CURVE_TYPE 3 +#define EXPLICIT_PRIME_CURVE_TYPE 1 +#define EXPLICIT_CHAR2_CURVE_TYPE 2 +#define NAMED_CURVE_TYPE 3 struct cert_pkey_st { X509 *x509; @@ -1954,10 +1968,10 @@ struct cert_pkey_st { size_t serverinfo_length; }; /* Retrieve Suite B flags */ -# define tls1_suiteb(s) (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS) +#define tls1_suiteb(s) (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS) /* Uses to check strict mode: suite B modes are always strict */ -# define SSL_CERT_FLAGS_CHECK_TLS_STRICT \ - (SSL_CERT_FLAG_SUITEB_128_LOS|SSL_CERT_FLAG_TLS_STRICT) +#define SSL_CERT_FLAGS_CHECK_TLS_STRICT \ + (SSL_CERT_FLAG_SUITEB_128_LOS | SSL_CERT_FLAG_TLS_STRICT) typedef enum { ENDPOINT_CLIENT = 0, @@ -1965,7 +1979,6 @@ typedef enum { ENDPOINT_BOTH } ENDPOINT; - typedef struct { unsigned short ext_type; ENDPOINT role; @@ -1989,12 +2002,12 @@ typedef struct { * Indicates an extension has been received. Used to check for unsolicited or * duplicate extensions. */ -# define SSL_EXT_FLAG_RECEIVED 0x1 +#define SSL_EXT_FLAG_RECEIVED 0x1 /* * Indicates an extension has been sent: used to enable sending of * corresponding ServerHello extension. */ -# define SSL_EXT_FLAG_SENT 0x2 +#define SSL_EXT_FLAG_SENT 0x2 typedef struct { custom_ext_method *meths; @@ -2011,7 +2024,7 @@ typedef struct cert_st { CERT_PKEY *key; EVP_PKEY *dh_tmp; - DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize); + DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize); int dh_tmp_auto; /* Flags related to certificates */ uint32_t cert_flags; @@ -2044,7 +2057,7 @@ typedef struct cert_st { * allows advanced applications to select certificates on the fly: for * example based on supported signature algorithms or curves. */ - int (*cert_cb) (SSL *ssl, void *arg); + int (*cert_cb)(SSL *ssl, void *arg); void *cert_cb_arg; /* * Optional X509_STORE for chain building or certificate validation If @@ -2055,83 +2068,83 @@ typedef struct cert_st { /* Custom extensions */ custom_ext_methods custext; /* Security callback */ - int (*sec_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, - void *other, void *ex); + int (*sec_cb)(const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, + void *other, void *ex); /* Security level */ int sec_level; void *sec_ex; -# ifndef OPENSSL_NO_PSK +#ifndef OPENSSL_NO_PSK /* If not NULL psk identity hint to use for servers */ char *psk_identity_hint; -# endif - CRYPTO_REF_COUNT references; /* >1 only if SSL_copy_session_id is used */ +#endif + CRYPTO_REF_COUNT references; /* >1 only if SSL_copy_session_id is used */ CRYPTO_RWLOCK *lock; } CERT; -# define FP_ICC (int (*)(const void *,const void *)) +#define FP_ICC (int (*)(const void *, const void *)) /* * This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit * of a mess of functions, but hell, think of it as an opaque structure :-) */ typedef struct ssl3_enc_method { - int (*enc) (SSL *, SSL3_RECORD *, size_t, int, SSL_MAC_BUF *, size_t); - int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int); - int (*setup_key_block) (SSL *); - int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *, - size_t, size_t *); - int (*change_cipher_state) (SSL *, int); - size_t (*final_finish_mac) (SSL *, const char *, size_t, unsigned char *); + int (*enc)(SSL *, SSL3_RECORD *, size_t, int, SSL_MAC_BUF *, size_t); + int (*mac)(SSL *, SSL3_RECORD *, unsigned char *, int); + int (*setup_key_block)(SSL *); + int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, + size_t, size_t *); + int (*change_cipher_state)(SSL *, int); + size_t (*final_finish_mac)(SSL *, const char *, size_t, unsigned char *); const char *client_finished_label; size_t client_finished_label_len; const char *server_finished_label; size_t server_finished_label_len; - int (*alert_value) (int); - int (*export_keying_material) (SSL *, unsigned char *, size_t, - const char *, size_t, - const unsigned char *, size_t, - int use_context); + int (*alert_value)(int); + int (*export_keying_material)(SSL *, unsigned char *, size_t, + const char *, size_t, + const unsigned char *, size_t, + int use_context); /* Various flags indicating protocol version requirements */ uint32_t enc_flags; /* Set the handshake header */ - int (*set_handshake_header) (SSL *s, WPACKET *pkt, int type); + int (*set_handshake_header)(SSL *s, WPACKET *pkt, int type); /* Close construction of the handshake message */ - int (*close_construct_packet) (SSL *s, WPACKET *pkt, int htype); + int (*close_construct_packet)(SSL *s, WPACKET *pkt, int htype); /* Write out handshake message */ - int (*do_write) (SSL *s); + int (*do_write)(SSL *s); } SSL3_ENC_METHOD; -# define ssl_set_handshake_header(s, pkt, htype) \ - s->method->ssl3_enc->set_handshake_header((s), (pkt), (htype)) -# define ssl_close_construct_packet(s, pkt, htype) \ - s->method->ssl3_enc->close_construct_packet((s), (pkt), (htype)) -# define ssl_do_write(s) s->method->ssl3_enc->do_write(s) +#define ssl_set_handshake_header(s, pkt, htype) \ + s->method->ssl3_enc->set_handshake_header((s), (pkt), (htype)) +#define ssl_close_construct_packet(s, pkt, htype) \ + s->method->ssl3_enc->close_construct_packet((s), (pkt), (htype)) +#define ssl_do_write(s) s->method->ssl3_enc->do_write(s) /* Values for enc_flags */ /* Uses explicit IV for CBC mode */ -# define SSL_ENC_FLAG_EXPLICIT_IV 0x1 +#define SSL_ENC_FLAG_EXPLICIT_IV 0x1 /* Uses signature algorithms extension */ -# define SSL_ENC_FLAG_SIGALGS 0x2 +#define SSL_ENC_FLAG_SIGALGS 0x2 /* Uses SHA256 default PRF */ -# define SSL_ENC_FLAG_SHA256_PRF 0x4 +#define SSL_ENC_FLAG_SHA256_PRF 0x4 /* Is DTLS */ -# define SSL_ENC_FLAG_DTLS 0x8 +#define SSL_ENC_FLAG_DTLS 0x8 /* * Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may * apply to others in future. */ -# define SSL_ENC_FLAG_TLS1_2_CIPHERS 0x10 +#define SSL_ENC_FLAG_TLS1_2_CIPHERS 0x10 -# ifndef OPENSSL_NO_COMP +#ifndef OPENSSL_NO_COMP /* Used for holding the relevant compression methods loaded into SSL_CTX */ typedef struct ssl3_comp_st { - int comp_id; /* The identifier byte for this compression - * type */ - char *name; /* Text name used for the compression type */ - COMP_METHOD *method; /* The method :-) */ + int comp_id; /* The identifier byte for this compression + * type */ + char *name; /* Text name used for the compression type */ + COMP_METHOD *method; /* The method :-) */ } SSL3_COMP; -# endif +#endif typedef enum downgrade_en { DOWNGRADE_NONE, @@ -2143,55 +2156,54 @@ typedef enum downgrade_en { * Dummy status type for the status_type extension. Indicates no status type * set */ -#define TLSEXT_STATUSTYPE_nothing -1 +#define TLSEXT_STATUSTYPE_nothing -1 /* Sigalgs values */ -#define TLSEXT_SIGALG_ecdsa_secp256r1_sha256 0x0403 -#define TLSEXT_SIGALG_ecdsa_secp384r1_sha384 0x0503 -#define TLSEXT_SIGALG_ecdsa_secp521r1_sha512 0x0603 -#define TLSEXT_SIGALG_ecdsa_sha224 0x0303 -#define TLSEXT_SIGALG_ecdsa_sha1 0x0203 -#define TLSEXT_SIGALG_rsa_pss_rsae_sha256 0x0804 -#define TLSEXT_SIGALG_rsa_pss_rsae_sha384 0x0805 -#define TLSEXT_SIGALG_rsa_pss_rsae_sha512 0x0806 -#define TLSEXT_SIGALG_rsa_pss_pss_sha256 0x0809 -#define TLSEXT_SIGALG_rsa_pss_pss_sha384 0x080a -#define TLSEXT_SIGALG_rsa_pss_pss_sha512 0x080b -#define TLSEXT_SIGALG_rsa_pkcs1_sha256 0x0401 -#define TLSEXT_SIGALG_rsa_pkcs1_sha384 0x0501 -#define TLSEXT_SIGALG_rsa_pkcs1_sha512 0x0601 -#define TLSEXT_SIGALG_rsa_pkcs1_sha224 0x0301 -#define TLSEXT_SIGALG_rsa_pkcs1_sha1 0x0201 -#define TLSEXT_SIGALG_dsa_sha256 0x0402 -#define TLSEXT_SIGALG_dsa_sha384 0x0502 -#define TLSEXT_SIGALG_dsa_sha512 0x0602 -#define TLSEXT_SIGALG_dsa_sha224 0x0302 -#define TLSEXT_SIGALG_dsa_sha1 0x0202 -#define TLSEXT_SIGALG_gostr34102012_256_intrinsic 0x0840 -#define TLSEXT_SIGALG_gostr34102012_512_intrinsic 0x0841 -#define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 0xeeee -#define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 0xefef -#define TLSEXT_SIGALG_gostr34102001_gostr3411 0xeded +#define TLSEXT_SIGALG_ecdsa_secp256r1_sha256 0x0403 +#define TLSEXT_SIGALG_ecdsa_secp384r1_sha384 0x0503 +#define TLSEXT_SIGALG_ecdsa_secp521r1_sha512 0x0603 +#define TLSEXT_SIGALG_ecdsa_sha224 0x0303 +#define TLSEXT_SIGALG_ecdsa_sha1 0x0203 +#define TLSEXT_SIGALG_rsa_pss_rsae_sha256 0x0804 +#define TLSEXT_SIGALG_rsa_pss_rsae_sha384 0x0805 +#define TLSEXT_SIGALG_rsa_pss_rsae_sha512 0x0806 +#define TLSEXT_SIGALG_rsa_pss_pss_sha256 0x0809 +#define TLSEXT_SIGALG_rsa_pss_pss_sha384 0x080a +#define TLSEXT_SIGALG_rsa_pss_pss_sha512 0x080b +#define TLSEXT_SIGALG_rsa_pkcs1_sha256 0x0401 +#define TLSEXT_SIGALG_rsa_pkcs1_sha384 0x0501 +#define TLSEXT_SIGALG_rsa_pkcs1_sha512 0x0601 +#define TLSEXT_SIGALG_rsa_pkcs1_sha224 0x0301 +#define TLSEXT_SIGALG_rsa_pkcs1_sha1 0x0201 +#define TLSEXT_SIGALG_dsa_sha256 0x0402 +#define TLSEXT_SIGALG_dsa_sha384 0x0502 +#define TLSEXT_SIGALG_dsa_sha512 0x0602 +#define TLSEXT_SIGALG_dsa_sha224 0x0302 +#define TLSEXT_SIGALG_dsa_sha1 0x0202 +#define TLSEXT_SIGALG_gostr34102012_256_intrinsic 0x0840 +#define TLSEXT_SIGALG_gostr34102012_512_intrinsic 0x0841 +#define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 0xeeee +#define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 0xefef +#define TLSEXT_SIGALG_gostr34102001_gostr3411 0xeded -#define TLSEXT_SIGALG_ed25519 0x0807 -#define TLSEXT_SIGALG_ed448 0x0808 +#define TLSEXT_SIGALG_ed25519 0x0807 +#define TLSEXT_SIGALG_ed448 0x0808 /* Known PSK key exchange modes */ -#define TLSEXT_KEX_MODE_KE 0x00 -#define TLSEXT_KEX_MODE_KE_DHE 0x01 +#define TLSEXT_KEX_MODE_KE 0x00 +#define TLSEXT_KEX_MODE_KE_DHE 0x01 /* * Internal representations of key exchange modes */ -#define TLSEXT_KEX_MODE_FLAG_NONE 0 -#define TLSEXT_KEX_MODE_FLAG_KE 1 -#define TLSEXT_KEX_MODE_FLAG_KE_DHE 2 +#define TLSEXT_KEX_MODE_FLAG_NONE 0 +#define TLSEXT_KEX_MODE_FLAG_KE 1 +#define TLSEXT_KEX_MODE_FLAG_KE_DHE 2 -#define SSL_USE_PSS(s) (s->s3.tmp.peer_sigalg != NULL && \ - s->s3.tmp.peer_sigalg->sig == EVP_PKEY_RSA_PSS) +#define SSL_USE_PSS(s) (s->s3.tmp.peer_sigalg != NULL && s->s3.tmp.peer_sigalg->sig == EVP_PKEY_RSA_PSS) /* A dummy signature value not valid for TLSv1.2 signature algs */ -#define TLSEXT_signature_rsa_pss 0x0101 +#define TLSEXT_signature_rsa_pss 0x0101 /* TLSv1.3 downgrade protection sentinel values */ extern const unsigned char tls11downgrade[8]; @@ -2234,125 +2246,125 @@ extern const SSL3_ENC_METHOD DTLSv1_2_enc_data; /* * Flags for SSL methods */ -# define SSL_METHOD_NO_FIPS (1U<<0) -# define SSL_METHOD_NO_SUITEB (1U<<1) +#define SSL_METHOD_NO_FIPS (1U << 0) +#define SSL_METHOD_NO_SUITEB (1U << 1) -# define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \ - s_connect, enc_data) \ -const SSL_METHOD *func_name(void) \ - { \ - static const SSL_METHOD func_name##_data= { \ - version, \ - flags, \ - mask, \ - tls1_new, \ - tls1_clear, \ - tls1_free, \ - s_accept, \ - s_connect, \ - ssl3_read, \ - ssl3_peek, \ - ssl3_write, \ - ssl3_shutdown, \ - ssl3_renegotiate, \ - ssl3_renegotiate_check, \ - ssl3_read_bytes, \ - ssl3_write_bytes, \ - ssl3_dispatch_alert, \ - ssl3_ctrl, \ - ssl3_ctx_ctrl, \ - ssl3_get_cipher_by_char, \ - ssl3_put_cipher_by_char, \ - ssl3_pending, \ - ssl3_num_ciphers, \ - ssl3_get_cipher, \ - tls1_default_timeout, \ - &enc_data, \ - ssl_undefined_void_function, \ - ssl3_callback_ctrl, \ - ssl3_ctx_callback_ctrl, \ - }; \ - return &func_name##_data; \ - } +#define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \ + s_connect, enc_data) \ + const SSL_METHOD *func_name(void) \ + { \ + static const SSL_METHOD func_name##_data = { \ + version, \ + flags, \ + mask, \ + tls1_new, \ + tls1_clear, \ + tls1_free, \ + s_accept, \ + s_connect, \ + ssl3_read, \ + ssl3_peek, \ + ssl3_write, \ + ssl3_shutdown, \ + ssl3_renegotiate, \ + ssl3_renegotiate_check, \ + ssl3_read_bytes, \ + ssl3_write_bytes, \ + ssl3_dispatch_alert, \ + ssl3_ctrl, \ + ssl3_ctx_ctrl, \ + ssl3_get_cipher_by_char, \ + ssl3_put_cipher_by_char, \ + ssl3_pending, \ + ssl3_num_ciphers, \ + ssl3_get_cipher, \ + tls1_default_timeout, \ + &enc_data, \ + ssl_undefined_void_function, \ + ssl3_callback_ctrl, \ + ssl3_ctx_callback_ctrl, \ + }; \ + return &func_name##_data; \ + } -# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect) \ -const SSL_METHOD *func_name(void) \ - { \ - static const SSL_METHOD func_name##_data= { \ - SSL3_VERSION, \ - SSL_METHOD_NO_FIPS | SSL_METHOD_NO_SUITEB, \ - SSL_OP_NO_SSLv3, \ - ssl3_new, \ - ssl3_clear, \ - ssl3_free, \ - s_accept, \ - s_connect, \ - ssl3_read, \ - ssl3_peek, \ - ssl3_write, \ - ssl3_shutdown, \ - ssl3_renegotiate, \ - ssl3_renegotiate_check, \ - ssl3_read_bytes, \ - ssl3_write_bytes, \ - ssl3_dispatch_alert, \ - ssl3_ctrl, \ - ssl3_ctx_ctrl, \ - ssl3_get_cipher_by_char, \ - ssl3_put_cipher_by_char, \ - ssl3_pending, \ - ssl3_num_ciphers, \ - ssl3_get_cipher, \ - ssl3_default_timeout, \ - &SSLv3_enc_data, \ - ssl_undefined_void_function, \ - ssl3_callback_ctrl, \ - ssl3_ctx_callback_ctrl, \ - }; \ - return &func_name##_data; \ - } +#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect) \ + const SSL_METHOD *func_name(void) \ + { \ + static const SSL_METHOD func_name##_data = { \ + SSL3_VERSION, \ + SSL_METHOD_NO_FIPS | SSL_METHOD_NO_SUITEB, \ + SSL_OP_NO_SSLv3, \ + ssl3_new, \ + ssl3_clear, \ + ssl3_free, \ + s_accept, \ + s_connect, \ + ssl3_read, \ + ssl3_peek, \ + ssl3_write, \ + ssl3_shutdown, \ + ssl3_renegotiate, \ + ssl3_renegotiate_check, \ + ssl3_read_bytes, \ + ssl3_write_bytes, \ + ssl3_dispatch_alert, \ + ssl3_ctrl, \ + ssl3_ctx_ctrl, \ + ssl3_get_cipher_by_char, \ + ssl3_put_cipher_by_char, \ + ssl3_pending, \ + ssl3_num_ciphers, \ + ssl3_get_cipher, \ + ssl3_default_timeout, \ + &SSLv3_enc_data, \ + ssl_undefined_void_function, \ + ssl3_callback_ctrl, \ + ssl3_ctx_callback_ctrl, \ + }; \ + return &func_name##_data; \ + } -# define IMPLEMENT_dtls1_meth_func(version, flags, mask, func_name, s_accept, \ - s_connect, enc_data) \ -const SSL_METHOD *func_name(void) \ - { \ - static const SSL_METHOD func_name##_data= { \ - version, \ - flags, \ - mask, \ - dtls1_new, \ - dtls1_clear, \ - dtls1_free, \ - s_accept, \ - s_connect, \ - ssl3_read, \ - ssl3_peek, \ - ssl3_write, \ - dtls1_shutdown, \ - ssl3_renegotiate, \ - ssl3_renegotiate_check, \ - dtls1_read_bytes, \ - dtls1_write_app_data_bytes, \ - dtls1_dispatch_alert, \ - dtls1_ctrl, \ - ssl3_ctx_ctrl, \ - ssl3_get_cipher_by_char, \ - ssl3_put_cipher_by_char, \ - ssl3_pending, \ - ssl3_num_ciphers, \ - ssl3_get_cipher, \ - dtls1_default_timeout, \ - &enc_data, \ - ssl_undefined_void_function, \ - ssl3_callback_ctrl, \ - ssl3_ctx_callback_ctrl, \ - }; \ - return &func_name##_data; \ - } +#define IMPLEMENT_dtls1_meth_func(version, flags, mask, func_name, s_accept, \ + s_connect, enc_data) \ + const SSL_METHOD *func_name(void) \ + { \ + static const SSL_METHOD func_name##_data = { \ + version, \ + flags, \ + mask, \ + dtls1_new, \ + dtls1_clear, \ + dtls1_free, \ + s_accept, \ + s_connect, \ + ssl3_read, \ + ssl3_peek, \ + ssl3_write, \ + dtls1_shutdown, \ + ssl3_renegotiate, \ + ssl3_renegotiate_check, \ + dtls1_read_bytes, \ + dtls1_write_app_data_bytes, \ + dtls1_dispatch_alert, \ + dtls1_ctrl, \ + ssl3_ctx_ctrl, \ + ssl3_get_cipher_by_char, \ + ssl3_put_cipher_by_char, \ + ssl3_pending, \ + ssl3_num_ciphers, \ + ssl3_get_cipher, \ + dtls1_default_timeout, \ + &enc_data, \ + ssl_undefined_void_function, \ + ssl3_callback_ctrl, \ + ssl3_ctx_callback_ctrl, \ + }; \ + return &func_name##_data; \ + } struct openssl_ssl_test_functions { - int (*p_ssl_init_wbio_buffer) (SSL *s); - int (*p_ssl3_setup_buffers) (SSL *s); + int (*p_ssl_init_wbio_buffer)(SSL *s); + int (*p_ssl3_setup_buffers)(SSL *s); }; const char *ssl_protocol_to_string(int version); @@ -2367,13 +2379,13 @@ static ossl_inline int ssl_has_cert(const SSL *s, int idx) } static ossl_inline void tls1_get_peer_groups(SSL *s, const uint16_t **pgroups, - size_t *pgroupslen) + size_t *pgroupslen) { *pgroups = s->ext.peer_supportedgroups; *pgroupslen = s->ext.peer_supportedgroups_len; } -# ifndef OPENSSL_UNIT_TEST +#ifndef OPENSSL_UNIT_TEST __owur int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes); __owur int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written); @@ -2386,68 +2398,68 @@ void ssl_cert_free(CERT *c); __owur int ssl_generate_session_id(SSL *s, SSL_SESSION *ss); __owur int ssl_get_new_session(SSL *s, int session); __owur SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, - size_t sess_id_len); + size_t sess_id_len); __owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello); __owur SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket); __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, - const SSL_CIPHER *const *bp); + const SSL_CIPHER *const *bp); __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, - STACK_OF(SSL_CIPHER) *tls13_ciphersuites, - STACK_OF(SSL_CIPHER) **cipher_list, - STACK_OF(SSL_CIPHER) **cipher_list_by_id, - const char *rule_str, - CERT *c); + STACK_OF(SSL_CIPHER) *tls13_ciphersuites, + STACK_OF(SSL_CIPHER) **cipher_list, + STACK_OF(SSL_CIPHER) **cipher_list_by_id, + const char *rule_str, + CERT *c); __owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format); __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, - STACK_OF(SSL_CIPHER) **skp, - STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, - int fatal); + STACK_OF(SSL_CIPHER) **skp, + STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, + int fatal); void ssl_update_cache(SSL *s, int mode); __owur int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc, - const EVP_CIPHER **enc); + const EVP_CIPHER **enc); __owur int ssl_cipher_get_evp(SSL_CTX *ctxc, const SSL_SESSION *s, - const EVP_CIPHER **enc, const EVP_MD **md, - int *mac_pkey_type, size_t *mac_secret_size, - SSL_COMP **comp, int use_etm); + const EVP_CIPHER **enc, const EVP_MD **md, + int *mac_pkey_type, size_t *mac_secret_size, + SSL_COMP **comp, int use_etm); __owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, - size_t *int_overhead, size_t *blocksize, - size_t *ext_overhead); + size_t *int_overhead, size_t *blocksize, + size_t *ext_overhead); __owur int ssl_cert_is_disabled(SSL_CTX *ctx, size_t idx); __owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, - const unsigned char *ptr, - int all); + const unsigned char *ptr, + int all); __owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain); __owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain); __owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x); __owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x); __owur int ssl_cert_select_current(CERT *c, X509 *x); __owur int ssl_cert_set_current(CERT *c, long arg); -void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg); +void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg); __owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); __owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags); __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, - int ref); + int ref); __owur int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain); __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, - void *other); + void *other); int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp); __owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx); __owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, - size_t *pidx); + size_t *pidx); __owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx); int ssl_undefined_function(SSL *s); __owur int ssl_undefined_void_function(void); __owur int ssl_undefined_const_function(const SSL *s); __owur int ssl_get_server_cert_serverinfo(SSL *s, - const unsigned char **serverinfo, - size_t *serverinfo_length); + const unsigned char **serverinfo, + size_t *serverinfo_length); void ssl_set_masks(SSL *s); __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); __owur int ssl_x509err2alert(int type); @@ -2456,22 +2468,22 @@ int ssl_load_ciphers(SSL_CTX *ctx); __owur int ssl_setup_sig_algs(SSL_CTX *ctx); int ssl_load_groups(SSL_CTX *ctx); __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, - size_t len, DOWNGRADE dgrd); + size_t len, DOWNGRADE dgrd); __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, - int free_pms); + int free_pms); __owur EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm); __owur int ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen); __owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, - int genmaster); + int genmaster); __owur int ssl_decapsulate(SSL *s, EVP_PKEY *privkey, - const unsigned char *ct, size_t ctlen, - int gensecret); + const unsigned char *ct, size_t ctlen, + int gensecret); __owur int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey, - unsigned char **ctp, size_t *ctlenp, - int gensecret); + unsigned char **ctp, size_t *ctlenp, + int gensecret); __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh); __owur int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen, - void *key); + void *key); __owur unsigned int ssl_get_max_send_fragment(const SSL *ssl); __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl); @@ -2479,7 +2491,7 @@ __owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id); __owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname); __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); __owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, - size_t *len); + size_t *len); int ssl3_init_finished_mac(SSL *s); __owur int ssl3_setup_key_block(SSL *s); __owur int ssl3_change_cipher_state(SSL *s, int which); @@ -2487,25 +2499,25 @@ void ssl3_cleanup_key_block(SSL *s); __owur int ssl3_do_write(SSL *s, int type); int ssl3_send_alert(SSL *s, int level, int desc); __owur int ssl3_generate_master_secret(SSL *s, unsigned char *out, - unsigned char *p, size_t len, - size_t *secret_size); + unsigned char *p, size_t len, + size_t *secret_size); __owur int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt); __owur int ssl3_num_ciphers(void); __owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u); int ssl3_renegotiate(SSL *ssl); int ssl3_renegotiate_check(SSL *ssl, int initok); void ssl3_digest_master_key_set_params(const SSL_SESSION *session, - OSSL_PARAM params[]); + OSSL_PARAM params[]); __owur int ssl3_dispatch_alert(SSL *s); __owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t slen, - unsigned char *p); + unsigned char *p); __owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len); void ssl3_free_digest_list(SSL *s); __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, - CERT_PKEY *cpk); + CERT_PKEY *cpk); __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, - STACK_OF(SSL_CIPHER) *clnt, - STACK_OF(SSL_CIPHER) *srvr); + STACK_OF(SSL_CIPHER) *clnt, + STACK_OF(SSL_CIPHER) *srvr); __owur int ssl3_digest_cached_records(SSL *s, int keep); __owur int ssl3_new(SSL *s); void ssl3_free(SSL *s); @@ -2516,8 +2528,8 @@ __owur int ssl3_shutdown(SSL *s); int ssl3_clear(SSL *s); __owur long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg); __owur long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); -__owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); -__owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void)); +__owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)); +__owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void)); __owur int ssl3_do_change_cipher_spec(SSL *ssl); __owur long ssl3_default_timeout(void); @@ -2532,27 +2544,27 @@ __owur int ssl3_handshake_write(SSL *s); __owur int ssl_allow_compression(SSL *s); __owur int ssl_version_supported(const SSL *s, int version, - const SSL_METHOD **meth); + const SSL_METHOD **meth); __owur int ssl_set_client_hello_version(SSL *s); __owur int ssl_check_version_downgrade(SSL *s); __owur int ssl_set_version_bound(int method_version, int version, int *bound); __owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, - DOWNGRADE *dgrd); + DOWNGRADE *dgrd); __owur int ssl_choose_client_version(SSL *s, int version, - RAW_EXTENSION *extensions); + RAW_EXTENSION *extensions); __owur int ssl_get_min_max_version(const SSL *s, int *min_version, - int *max_version, int *real_max); + int *max_version, int *real_max); __owur long tls1_default_timeout(void); __owur int dtls1_do_write(SSL *s, int type); void dtls1_set_message_header(SSL *s, - unsigned char mt, - size_t len, - size_t frag_off, size_t frag_len); + unsigned char mt, + size_t len, + size_t frag_off, size_t frag_len); int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, - size_t *written); + size_t *written); __owur int dtls1_read_failed(SSL *s, int code); __owur int dtls1_buffer_message(SSL *s, int ccs); @@ -2562,7 +2574,7 @@ int dtls1_retransmit_buffered_messages(SSL *s); void dtls1_clear_received_buffer(SSL *s); void dtls1_clear_sent_buffer(SSL *s); void dtls1_get_message_header(unsigned char *data, - struct hm_header_st *msg_hdr); + struct hm_header_st *msg_hdr); __owur long dtls1_default_timeout(void); __owur struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft); __owur int dtls1_check_timeout_num(SSL *s); @@ -2571,7 +2583,7 @@ void dtls1_start_timer(SSL *s); void dtls1_stop_timer(SSL *s); __owur int dtls1_is_timer_expired(SSL *s); __owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, - size_t cookie_len); + size_t cookie_len); __owur size_t dtls1_min_mtu(SSL *s); void dtls1_hm_fragment_free(hm_fragment *frag); __owur int dtls1_query_mtu(SSL *s); @@ -2594,53 +2606,53 @@ int ssl_free_wbio_buffer(SSL *s); __owur int tls1_change_cipher_state(SSL *s, int which); __owur int tls1_setup_key_block(SSL *s); __owur size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, - unsigned char *p); + unsigned char *p); __owur int tls1_generate_master_secret(SSL *s, unsigned char *out, - unsigned char *p, size_t len, - size_t *secret_size); + unsigned char *p, size_t len, + size_t *secret_size); __owur int tls13_setup_key_block(SSL *s); __owur size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, - unsigned char *p); + unsigned char *p); __owur int tls13_change_cipher_state(SSL *s, int which); __owur int tls13_update_key(SSL *s, int send); __owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md, - const unsigned char *secret, - const unsigned char *label, size_t labellen, - const unsigned char *data, size_t datalen, - unsigned char *out, size_t outlen, int fatal); + const unsigned char *secret, + const unsigned char *label, size_t labellen, + const unsigned char *data, size_t datalen, + unsigned char *out, size_t outlen, int fatal); __owur int tls13_derive_key(SSL *s, const EVP_MD *md, - const unsigned char *secret, unsigned char *key, - size_t keylen); + const unsigned char *secret, unsigned char *key, + size_t keylen); __owur int tls13_derive_iv(SSL *s, const EVP_MD *md, - const unsigned char *secret, unsigned char *iv, - size_t ivlen); + const unsigned char *secret, unsigned char *iv, + size_t ivlen); __owur int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, - const unsigned char *secret, - unsigned char *fin, size_t finlen); + const unsigned char *secret, + unsigned char *fin, size_t finlen); int tls13_generate_secret(SSL *s, const EVP_MD *md, - const unsigned char *prevsecret, - const unsigned char *insecret, - size_t insecretlen, - unsigned char *outsecret); + const unsigned char *prevsecret, + const unsigned char *insecret, + size_t insecretlen, + unsigned char *outsecret); __owur int tls13_generate_handshake_secret(SSL *s, - const unsigned char *insecret, - size_t insecretlen); + const unsigned char *insecret, + size_t insecretlen); __owur int tls13_generate_master_secret(SSL *s, unsigned char *out, - unsigned char *prev, size_t prevlen, - size_t *secret_size); + unsigned char *prev, size_t prevlen, + size_t *secret_size); __owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *p, size_t plen, - int use_context); + const char *label, size_t llen, + const unsigned char *p, size_t plen, + int use_context); __owur int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *context, - size_t contextlen, int use_context); + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); __owur int tls13_export_keying_material_early(SSL *s, unsigned char *out, - size_t olen, const char *label, - size_t llen, - const unsigned char *context, - size_t contextlen); + size_t olen, const char *label, + size_t llen, + const unsigned char *context, + size_t contextlen); __owur int tls1_alert_code(int code); __owur int tls13_alert_code(int code); __owur int ssl3_alert_code(int code); @@ -2655,29 +2667,29 @@ __owur uint16_t tls1_nid2group_id(int nid); __owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves); __owur uint16_t tls1_shared_group(SSL *s, int nmatch); __owur int tls1_set_groups(uint16_t **pext, size_t *pextlen, - int *curves, size_t ncurves); + int *curves, size_t ncurves); __owur int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen, - const char *str); + const char *str); __owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id); __owur int tls_valid_group(SSL *s, uint16_t group_id, int minversion, - int maxversion, int isec, int *okfortls13); + int maxversion, int isec, int *okfortls13); __owur EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id); void tls1_get_formatlist(SSL *s, const unsigned char **pformats, - size_t *num_formats); + size_t *num_formats); __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); __owur int tls_group_allowed(SSL *s, uint16_t curve, int op); void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, - size_t *pgroupslen); + size_t *pgroupslen); __owur int tls1_set_server_sigalgs(SSL *s); __owur SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, - SSL_SESSION **ret); + SSL_SESSION **ret); __owur SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, - size_t eticklen, - const unsigned char *sess_id, - size_t sesslen, SSL_SESSION **psess); + size_t eticklen, + const unsigned char *sess_id, + size_t sesslen, SSL_SESSION **psess); __owur int tls_use_ticket(SSL *s); @@ -2685,22 +2697,22 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op); __owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client); __owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen, - int client); + int client); __owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, - int client); + int client); int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, - int idx); + int idx); void tls1_set_cert_validity(SSL *s); -# ifndef OPENSSL_NO_CT +#ifndef OPENSSL_NO_CT __owur int ssl_validate_ct(SSL *s); -# endif +#endif __owur EVP_PKEY *ssl_get_auto_dh(SSL *s); __owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee); __owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex, - int vfy); + int vfy); int tls_choose_sigalg(SSL *s, int fatalerrs); @@ -2708,13 +2720,13 @@ __owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md); void ssl_clear_hash_ctx(EVP_MD_CTX **hash); __owur long ssl_get_algorithm2(SSL *s); __owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, - const uint16_t *psig, size_t psiglen); + const uint16_t *psig, size_t psiglen); __owur int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen); __owur int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert); __owur int tls1_process_sigalgs(SSL *s); __owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey); __owur int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, - const EVP_MD **pmd); + const EVP_MD **pmd); __owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs); __owur int tls_check_sigalg_curve(const SSL *s, int curve); __owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey); @@ -2722,7 +2734,7 @@ __owur int ssl_set_client_disabled(SSL *s); __owur int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int echde); __owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, - size_t *hashlen); + size_t *hashlen); __owur const EVP_MD *ssl_md(SSL_CTX *ctx, int idx); __owur const EVP_MD *ssl_handshake_md(SSL *s); __owur const EVP_MD *ssl_prf_md(SSL *s); @@ -2734,10 +2746,10 @@ __owur const EVP_MD *ssl_prf_md(SSL *s); * |encrypted_premaster|. */ __owur int ssl_log_rsa_client_key_exchange(SSL *ssl, - const uint8_t *encrypted_premaster, - size_t encrypted_premaster_len, - const uint8_t *premaster, - size_t premaster_len); + const uint8_t *encrypted_premaster, + size_t encrypted_premaster_len, + const uint8_t *premaster, + size_t premaster_len); /* * ssl_log_secret logs |secret| to the SSL_CTX associated with |ssl|, if @@ -2745,7 +2757,7 @@ __owur int ssl_log_rsa_client_key_exchange(SSL *ssl, * the entry with |label|. */ __owur int ssl_log_secret(SSL *ssl, const char *label, - const uint8_t *secret, size_t secret_len); + const uint8_t *secret, size_t secret_len); #define MASTER_SECRET_LABEL "CLIENT_RANDOM" #define CLIENT_EARLY_LABEL "CLIENT_EARLY_TRAFFIC_SECRET" @@ -2758,28 +2770,28 @@ __owur int ssl_log_secret(SSL *ssl, const char *label, #define EARLY_EXPORTER_SECRET_LABEL "EARLY_EXPORTER_SECRET" #define EXPORTER_SECRET_LABEL "EXPORTER_SECRET" -# ifndef OPENSSL_NO_KTLS +#ifndef OPENSSL_NO_KTLS /* ktls.c */ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, - const EVP_CIPHER_CTX *dd); + const EVP_CIPHER_CTX *dd); int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, - void *rl_sequence, ktls_crypto_info_t *crypto_info, - unsigned char **rec_seq, unsigned char *iv, - unsigned char *key, unsigned char *mac_key, - size_t mac_secret_size); -# endif + void *rl_sequence, ktls_crypto_info_t *crypto_info, + unsigned char **rec_seq, unsigned char *iv, + unsigned char *key, unsigned char *mac_key, + size_t mac_secret_size); +#endif /* s3_cbc.c */ __owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); __owur int ssl3_cbc_digest_record(const EVP_MD *md, - unsigned char *md_out, - size_t *md_out_size, - const unsigned char *header, - const unsigned char *data, - size_t data_size, - size_t data_plus_mac_plus_padding_size, - const unsigned char *mac_secret, - size_t mac_secret_length, char is_sslv3); + unsigned char *md_out, + size_t *md_out_size, + const unsigned char *header, + const unsigned char *data, + size_t data_size, + size_t data_plus_mac_plus_padding_size, + const unsigned char *mac_secret, + size_t mac_secret_length, char is_sslv3); __owur int srp_generate_server_master_secret(SSL *s); __owur int srp_generate_client_master_secret(SSL *s); @@ -2792,21 +2804,21 @@ __owur int send_certificate_request(SSL *s); /* statem/extensions_cust.c */ custom_ext_method *custom_ext_find(const custom_ext_methods *exts, - ENDPOINT role, unsigned int ext_type, - size_t *idx); + ENDPOINT role, unsigned int ext_type, + size_t *idx); void custom_ext_init(custom_ext_methods *meths); __owur int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, - const unsigned char *ext_data, size_t ext_size, - X509 *x, size_t chainidx); + const unsigned char *ext_data, size_t ext_size, + X509 *x, size_t chainidx); __owur int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, - size_t chainidx, int maxversion); + size_t chainidx, int maxversion); __owur int custom_exts_copy(custom_ext_methods *dst, - const custom_ext_methods *src); + const custom_ext_methods *src); __owur int custom_exts_copy_flags(custom_ext_methods *dst, - const custom_ext_methods *src); + const custom_ext_methods *src); void custom_exts_free(custom_ext_methods *exts); void ssl_comp_free_compression_methods_int(void); @@ -2815,19 +2827,19 @@ void ssl_comp_free_compression_methods_int(void); void ssl_ctx_system_config(SSL_CTX *ctx); const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx, - int nid, - const char *properties); + int nid, + const char *properties); int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher); void ssl_evp_cipher_free(const EVP_CIPHER *cipher); const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx, - int nid, - const char *properties); + int nid, + const char *properties); int ssl_evp_md_up_ref(const EVP_MD *md); void ssl_evp_md_free(const EVP_MD *md); int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *ciph, - const EVP_MD *md); + const EVP_CIPHER *ciph, + const EVP_MD *md); void tls_engine_finish(ENGINE *e); const EVP_CIPHER *tls_get_cipher_from_engine(int nid); @@ -2848,14 +2860,14 @@ int ssl_srp_ctx_init_intern(SSL *s); int ssl_srp_calc_a_param_intern(SSL *s); int ssl_srp_server_param_with_username_intern(SSL *s, int *ad); -void ssl_session_calculate_timeout(SSL_SESSION* ss); +void ssl_session_calculate_timeout(SSL_SESSION *ss); -# else /* OPENSSL_UNIT_TEST */ +#else /* OPENSSL_UNIT_TEST */ -# define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer -# define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers +#define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer +#define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers -# endif +#endif /* Some helper routines to support TSAN operations safely */ static ossl_unused ossl_inline int ssl_tsan_lock(const SSL_CTX *ctx) @@ -2875,7 +2887,7 @@ static ossl_unused ossl_inline void ssl_tsan_unlock(const SSL_CTX *ctx) } static ossl_unused ossl_inline void ssl_tsan_counter(const SSL_CTX *ctx, - TSAN_QUALIFIER int *stat) + TSAN_QUALIFIER int *stat) { if (ssl_tsan_lock(ctx)) { tsan_counter(stat); diff --git a/ssl/ssl_mcnf.c b/ssl/ssl_mcnf.c index 8bccce84d465..11e7016d276c 100644 --- a/ssl/ssl_mcnf.c +++ b/ssl/ssl_mcnf.c @@ -41,7 +41,7 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) if (!conf_ssl_name_find(name, &idx)) { if (!system) ERR_raise_data(ERR_LIB_SSL, SSL_R_INVALID_CONFIGURATION_NAME, - "name=%s", name); + "name=%s", name); goto err; } cmds = conf_ssl_get(idx, &name, &cmd_count); @@ -78,7 +78,7 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) } if (!SSL_CONF_CTX_finish(cctx)) ++err; - err: +err: OSSL_LIB_CTX_set0_default(prev_libctx); SSL_CONF_CTX_free(cctx); return err == 0; diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 4f45e60535d2..82b16310b31b 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -20,10 +20,10 @@ static int ssl_set_cert(CERT *c, X509 *x509); static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); -#define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \ - | SSL_EXT_CLIENT_HELLO \ - | SSL_EXT_TLS1_2_SERVER_HELLO \ - | SSL_EXT_IGNORE_ON_RESUMPTION) +#define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \ + | SSL_EXT_CLIENT_HELLO \ + | SSL_EXT_TLS1_2_SERVER_HELLO \ + | SSL_EXT_IGNORE_ON_RESUMPTION) int SSL_use_certificate(SSL *ssl, X509 *x) { @@ -75,7 +75,7 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type) } else if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; cert = PEM_read_bio_X509(in, &x, ssl->default_passwd_callback, - ssl->default_passwd_callback_userdata); + ssl->default_passwd_callback_userdata); } else { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); goto end; @@ -87,7 +87,7 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type) } ret = SSL_use_certificate(ssl, x); - end: +end: X509_free(x); BIO_free(in); return ret; @@ -104,7 +104,7 @@ int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) return 0; } - if (d2i_X509(&x, &d, (long)len)== NULL) { + if (d2i_X509(&x, &d, (long)len) == NULL) { X509_free(x); ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); return 0; @@ -125,7 +125,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) } if (c->pkeys[i].x509 != NULL - && !X509_check_private_key(c->pkeys[i].x509, pkey)) + && !X509_check_private_key(c->pkeys[i].x509, pkey)) return 0; EVP_PKEY_free(c->pkeys[i].privatekey); @@ -166,14 +166,14 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; pkey = PEM_read_bio_PrivateKey_ex(in, NULL, - ssl->default_passwd_callback, - ssl->default_passwd_callback_userdata, - ssl->ctx->libctx, - ssl->ctx->propq); + ssl->default_passwd_callback, + ssl->default_passwd_callback_userdata, + ssl->ctx->libctx, + ssl->ctx->propq); } else if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; pkey = d2i_PrivateKey_ex_bio(in, NULL, ssl->ctx->libctx, - ssl->ctx->propq); + ssl->ctx->propq); } else { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); goto end; @@ -184,13 +184,13 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) } ret = SSL_use_PrivateKey(ssl, pkey); EVP_PKEY_free(pkey); - end: +end: BIO_free(in); return ret; } int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, - long len) + long len) { int ret; const unsigned char *p; @@ -198,7 +198,8 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, p = d; if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ssl->ctx->libctx, - ssl->ctx->propq)) == NULL) { + ssl->ctx->propq)) + == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); return 0; } @@ -306,7 +307,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) } else if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; cert = PEM_read_bio_X509(in, &x, ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); + ctx->default_passwd_callback_userdata); } if (cert == NULL) { ERR_raise(ERR_LIB_SSL, j); @@ -314,7 +315,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) } ret = SSL_CTX_use_certificate(ctx, x); - end: +end: X509_free(x); BIO_free(in); return ret; @@ -370,9 +371,9 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; pkey = PEM_read_bio_PrivateKey_ex(in, NULL, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata, - ctx->libctx, ctx->propq); + ctx->default_passwd_callback, + ctx->default_passwd_callback_userdata, + ctx->libctx, ctx->propq); } else if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; pkey = d2i_PrivateKey_ex_bio(in, NULL, ctx->libctx, ctx->propq); @@ -386,13 +387,13 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) } ret = SSL_CTX_use_PrivateKey(ctx, pkey); EVP_PKEY_free(pkey); - end: +end: BIO_free(in); return ret; } int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, - const unsigned char *d, long len) + const unsigned char *d, long len) { int ret; const unsigned char *p; @@ -400,7 +401,8 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, p = d; if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ctx->libctx, - ctx->propq)) == NULL) { + ctx->propq)) + == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); return 0; } @@ -427,8 +429,8 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) if (ctx == NULL && ssl == NULL) return 0; - ERR_clear_error(); /* clear error stack for - * SSL_CTX_use_certificate() */ + ERR_clear_error(); /* clear error stack for + * SSL_CTX_use_certificate() */ if (ctx != NULL) { passwd_callback = ctx->default_passwd_callback; @@ -455,7 +457,8 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) goto end; } if (PEM_read_bio_X509_AUX(in, &x, passwd_callback, - passwd_callback_userdata) == NULL) { + passwd_callback_userdata) + == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_PEM_LIB); goto end; } @@ -466,8 +469,8 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) ret = SSL_use_certificate(ssl, x); if (ERR_peek_error() != 0) - ret = 0; /* Key/certificate mismatch doesn't imply - * ret==0 ... */ + ret = 0; /* Key/certificate mismatch doesn't imply + * ret==0 ... */ if (ret) { /* * If we could set up our certificate, now proceed to the CA @@ -494,7 +497,8 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) goto end; } if (PEM_read_bio_X509(in, &ca, passwd_callback, - passwd_callback_userdata) != NULL) { + passwd_callback_userdata) + != NULL) { if (ctx) r = SSL_CTX_add0_chain_cert(ctx, ca); else @@ -520,10 +524,10 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) ERR_clear_error(); else - ret = 0; /* some real error */ + ret = 0; /* some real error */ } - end: +end: X509_free(x); BIO_free(in); return ret; @@ -540,10 +544,10 @@ int SSL_use_certificate_chain_file(SSL *ssl, const char *file) } static int serverinfo_find_extension(const unsigned char *serverinfo, - size_t serverinfo_length, - unsigned int extension_type, - const unsigned char **extension_data, - size_t *extension_length) + size_t serverinfo_length, + unsigned int extension_type, + const unsigned char **extension_data, + size_t *extension_length) { PACKET pkt, data; @@ -561,27 +565,28 @@ static int serverinfo_find_extension(const unsigned char *serverinfo, /* end of serverinfo */ if (PACKET_remaining(&pkt) == 0) - return 0; /* Extension not found */ + return 0; /* Extension not found */ if (!PACKET_get_net_4(&pkt, &context) - || !PACKET_get_net_2(&pkt, &type) - || !PACKET_get_length_prefixed_2(&pkt, &data)) + || !PACKET_get_net_2(&pkt, &type) + || !PACKET_get_length_prefixed_2(&pkt, &data)) return -1; if (type == extension_type) { *extension_data = PACKET_data(&data); - *extension_length = PACKET_remaining(&data);; - return 1; /* Success */ + *extension_length = PACKET_remaining(&data); + ; + return 1; /* Success */ } } /* Unreachable */ } static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char *in, - size_t inlen, X509 *x, size_t chainidx, - int *al, void *arg) + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, size_t chainidx, + int *al, void *arg) { if (inlen != 0) { @@ -593,18 +598,18 @@ static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type, } static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, void *arg) + const unsigned char *in, + size_t inlen, int *al, void *arg) { return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, NULL, 0, al, - arg); + arg); } static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char **out, - size_t *outlen, X509 *x, size_t chainidx, - int *al, void *arg) + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, size_t chainidx, + int *al, void *arg) { const unsigned char *serverinfo = NULL; size_t serverinfo_length = 0; @@ -615,28 +620,29 @@ static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type, /* Is there serverinfo data for the chosen server cert? */ if ((ssl_get_server_cert_serverinfo(s, &serverinfo, - &serverinfo_length)) != 0) { + &serverinfo_length)) + != 0) { /* Find the relevant extension from the serverinfo */ int retval = serverinfo_find_extension(serverinfo, serverinfo_length, - ext_type, out, outlen); + ext_type, out, outlen); if (retval == -1) { *al = SSL_AD_INTERNAL_ERROR; - return -1; /* Error */ + return -1; /* Error */ } if (retval == 0) - return 0; /* No extension found, don't send extension */ - return 1; /* Send extension */ + return 0; /* No extension found, don't send extension */ + return 1; /* Send extension */ } - return 0; /* No serverinfo data found, don't send - * extension */ + return 0; /* No serverinfo data found, don't send + * extension */ } static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, size_t *outlen, - int *al, void *arg) + const unsigned char **out, size_t *outlen, + int *al, void *arg) { return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, NULL, 0, al, - arg); + arg); } /* @@ -645,8 +651,8 @@ static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type, * the included extensions. */ static int serverinfo_process_buffer(unsigned int version, - const unsigned char *serverinfo, - size_t serverinfo_length, SSL_CTX *ctx) + const unsigned char *serverinfo, + size_t serverinfo_length, SSL_CTX *ctx) { PACKET pkt; @@ -665,8 +671,8 @@ static int serverinfo_process_buffer(unsigned int version, PACKET data; if ((version == SSL_SERVERINFOV2 && !PACKET_get_net_4(&pkt, &context)) - || !PACKET_get_net_2(&pkt, &ext_type) - || !PACKET_get_length_prefixed_2(&pkt, &data)) + || !PACKET_get_net_2(&pkt, &ext_type) + || !PACKET_get_length_prefixed_2(&pkt, &data)) return 0; if (ctx == NULL) @@ -685,17 +691,17 @@ static int serverinfo_process_buffer(unsigned int version, */ if (version == SSL_SERVERINFOV1 || context == SYNTHV1CONTEXT) { if (!SSL_CTX_add_server_custom_ext(ctx, ext_type, - serverinfo_srv_add_cb, - NULL, NULL, - serverinfo_srv_parse_cb, - NULL)) + serverinfo_srv_add_cb, + NULL, NULL, + serverinfo_srv_parse_cb, + NULL)) return 0; } else { if (!SSL_CTX_add_custom_ext(ctx, ext_type, context, - serverinfoex_srv_add_cb, - NULL, NULL, - serverinfoex_srv_parse_cb, - NULL)) + serverinfoex_srv_add_cb, + NULL, NULL, + serverinfoex_srv_parse_cb, + NULL)) return 0; } } @@ -714,9 +720,9 @@ static size_t extension_append_length(unsigned int version, size_t extension_len } static void extension_append(unsigned int version, - const unsigned char *extension, - const size_t extension_length, - unsigned char *serverinfo) + const unsigned char *extension, + const size_t extension_length, + unsigned char *serverinfo) { const size_t contextoff = extension_contextoff(version); @@ -732,8 +738,8 @@ static void extension_append(unsigned int version, } int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, - const unsigned char *serverinfo, - size_t serverinfo_length) + const unsigned char *serverinfo, + size_t serverinfo_length) { unsigned char *new_serverinfo = NULL; @@ -747,7 +753,7 @@ int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, * over the converted serverinfo. */ const size_t sinfo_length = extension_append_length(SSL_SERVERINFOV1, - serverinfo_length); + serverinfo_length); unsigned char *sinfo; int ret; @@ -760,13 +766,13 @@ int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, extension_append(SSL_SERVERINFOV1, serverinfo, serverinfo_length, sinfo); ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, sinfo, - sinfo_length); + sinfo_length); OPENSSL_free(sinfo); return ret; } if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length, - NULL)) { + NULL)) { ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA); return 0; } @@ -775,7 +781,7 @@ int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, return 0; } new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo, - serverinfo_length); + serverinfo_length); if (new_serverinfo == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 0; @@ -789,7 +795,7 @@ int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, * register callbacks. */ if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length, - ctx)) { + ctx)) { ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA); return 0; } @@ -797,10 +803,10 @@ int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, } int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, - size_t serverinfo_length) + size_t serverinfo_length) { return SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV1, serverinfo, - serverinfo_length); + serverinfo_length); } int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) @@ -846,7 +852,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) if (num_extensions == 0) { ERR_raise(ERR_LIB_SSL, SSL_R_NO_PEM_EXTENSIONS); goto end; - } else /* End of file, we're done */ + } else /* End of file, we're done */ break; } /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */ @@ -874,16 +880,16 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) if (version == SSL_SERVERINFOV1) { /* 4 byte header: 2 bytes type, 2 bytes len */ if (extension_length < 4 - || (extension[2] << 8) + extension[3] - != extension_length - 4) { + || (extension[2] << 8) + extension[3] + != extension_length - 4) { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA); goto end; } } else { /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */ if (extension_length < 8 - || (extension[6] << 8) + extension[7] - != extension_length - 8) { + || (extension[6] << 8) + extension[7] + != extension_length - 8) { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA); goto end; } @@ -897,7 +903,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) } serverinfo = tmp; extension_append(version, extension, extension_length, - serverinfo + serverinfo_length); + serverinfo + serverinfo_length); serverinfo_length += append_length; OPENSSL_free(name); @@ -909,8 +915,8 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) } ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, serverinfo, - serverinfo_length); - end: + serverinfo_length); +end: /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */ OPENSSL_free(name); OPENSSL_free(header); @@ -921,7 +927,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) } static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, - STACK_OF(X509) *chain, int override) + STACK_OF(X509) *chain, int override) { int ret = 0; size_t i; @@ -983,9 +989,7 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr goto out; } - if (!override && (c->pkeys[i].x509 != NULL - || c->pkeys[i].privatekey != NULL - || c->pkeys[i].chain != NULL)) { + if (!override && (c->pkeys[i].x509 != NULL || c->pkeys[i].privatekey != NULL || c->pkeys[i].chain != NULL)) { /* No override, and something already there */ ERR_raise(ERR_LIB_SSL, SSL_R_NOT_REPLACING_CERTIFICATE); goto out; @@ -993,7 +997,7 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr if (chain != NULL) { dup_chain = X509_chain_up_ref(chain); - if (dup_chain == NULL) { + if (dup_chain == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); goto out; } @@ -1013,19 +1017,19 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr c->key = &(c->pkeys[i]); ret = 1; - out: +out: EVP_PKEY_free(pubkey); return ret; } int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, - STACK_OF(X509) *chain, int override) + STACK_OF(X509) *chain, int override) { return ssl_set_cert_and_key(ssl, NULL, x509, privatekey, chain, override); } int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, - STACK_OF(X509) *chain, int override) + STACK_OF(X509) *chain, int override) { return ssl_set_cert_and_key(NULL, ctx, x509, privatekey, chain, override); } diff --git a/ssl/ssl_rsa_legacy.c b/ssl/ssl_rsa_legacy.c index 49cd7a3bbaa5..e3ae1a713312 100644 --- a/ssl/ssl_rsa_legacy.c +++ b/ssl/ssl_rsa_legacy.c @@ -62,8 +62,8 @@ int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) } else if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; rsa = PEM_read_bio_RSAPrivateKey(in, NULL, - SSL_get_default_passwd_cb(ssl), - SSL_get_default_passwd_cb_userdata(ssl)); + SSL_get_default_passwd_cb(ssl), + SSL_get_default_passwd_cb_userdata(ssl)); } else { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); goto end; @@ -74,7 +74,7 @@ int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) } ret = SSL_use_RSAPrivateKey(ssl, rsa); RSA_free(rsa); - end: +end: BIO_free(in); return ret; } @@ -144,8 +144,8 @@ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) } else if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; rsa = PEM_read_bio_RSAPrivateKey(in, NULL, - SSL_CTX_get_default_passwd_cb(ctx), - SSL_CTX_get_default_passwd_cb_userdata(ctx)); + SSL_CTX_get_default_passwd_cb(ctx), + SSL_CTX_get_default_passwd_cb_userdata(ctx)); } else { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); goto end; @@ -156,13 +156,13 @@ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) } ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); RSA_free(rsa); - end: +end: BIO_free(in); return ret; } int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, - long len) + long len) { int ret; const unsigned char *p; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 72b6dae677e3..84e8eb0fa306 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -9,8 +9,8 @@ */ #if defined(__TANDEM) && defined(_SPT_MODEL_) -# include <spthread.h> -# include <spt_extensions.h> /* timeval */ +#include <spthread.h> +#include <spt_extensions.h> /* timeval */ #endif #include <stdio.h> #include <openssl/rand.h> @@ -54,22 +54,23 @@ __owur static int timeoutcmp(SSL_SESSION *a, SSL_SESSION *b) } #ifdef __DJGPP__ /* time_t is unsigned on djgpp, it's signed anywhere else */ -# define TMAX(_type_) ((time_t)-1) +#define TMAX(_type_) ((time_t)-1) #else -# define TMAX(_type_) ((time_t)(((_type_)-1) >> 1)) +#define TMAX(_type_) ((time_t)(((_type_) - 1) >> 1)) #endif -#define CALCULATE_TIMEOUT(_ss_, _type_) do { \ - _type_ overflow; \ - time_t tmax = TMAX(_type_); \ - overflow = (_type_)tmax - (_type_)(_ss_)->time; \ - if ((_ss_)->timeout > (time_t)overflow) { \ - (_ss_)->timeout_ovf = 1; \ +#define CALCULATE_TIMEOUT(_ss_, _type_) \ + do { \ + _type_ overflow; \ + time_t tmax = TMAX(_type_); \ + overflow = (_type_)tmax - (_type_)(_ss_)->time; \ + if ((_ss_)->timeout > (time_t)overflow) { \ + (_ss_)->timeout_ovf = 1; \ (_ss_)->calc_timeout = (_ss_)->timeout - (time_t)overflow; \ - } else { \ - (_ss_)->timeout_ovf = 0; \ - (_ss_)->calc_timeout = (_ss_)->time + (_ss_)->timeout; \ - } \ + } else { \ + (_ss_)->timeout_ovf = 0; \ + (_ss_)->calc_timeout = (_ss_)->time + (_ss_)->timeout; \ + } \ } while (0) /* * Calculates effective timeout, saving overflow state @@ -148,9 +149,9 @@ SSL_SESSION *SSL_SESSION_new(void) } ss->ext.max_fragment_len_mode = TLSEXT_max_fragment_length_UNSPECIFIED; - ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ + ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ ss->references = 1; - ss->timeout = 60 * 5 + 4; /* 5 minute timeout by default */ + ss->timeout = 60 * 5 + 4; /* 5 minute timeout by default */ ss->time = time(NULL); ssl_session_calculate_timeout(ss); ss->lock = CRYPTO_THREAD_lock_new(); @@ -245,7 +246,7 @@ static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) #endif if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, - &dest->ex_data, &src->ex_data)) { + &dest->ex_data, &src->ex_data)) { goto err; } @@ -257,8 +258,7 @@ static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) } if (ticket != 0 && src->ext.tick != NULL) { - dest->ext.tick = - OPENSSL_memdup(src->ext.tick, src->ext.ticklen); + dest->ext.tick = OPENSSL_memdup(src->ext.tick, src->ext.ticklen); if (dest->ext.tick == NULL) goto err; } else { @@ -268,7 +268,7 @@ static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) if (src->ext.alpn_selected != NULL) { dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected, - src->ext.alpn_selected_len); + src->ext.alpn_selected_len); if (dest->ext.alpn_selected == NULL) goto err; } @@ -283,14 +283,13 @@ static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) #endif if (src->ticket_appdata != NULL) { - dest->ticket_appdata = - OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len); + dest->ticket_appdata = OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len); if (dest->ticket_appdata == NULL) goto err; } return dest; - err: +err: ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); SSL_SESSION_free(dest); return NULL; @@ -324,7 +323,7 @@ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) return s->session_id; } const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, - unsigned int *len) + unsigned int *len) { if (len != NULL) *len = (unsigned int)s->sid_ctx_length; @@ -349,14 +348,13 @@ unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) #define MAX_SESS_ID_ATTEMPTS 10 static int def_generate_session_id(SSL *ssl, unsigned char *id, - unsigned int *id_len) + unsigned int *id_len) { unsigned int retry = 0; do if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0) return 0; - while (SSL_has_matching_session_id(ssl, id, *id_len) && - (++retry < MAX_SESS_ID_ATTEMPTS)) ; + while (SSL_has_matching_session_id(ssl, id, *id_len) && (++retry < MAX_SESS_ID_ATTEMPTS)); if (retry < MAX_SESS_ID_ATTEMPTS) return 1; /* else - woops a session_id match */ @@ -418,7 +416,7 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss) if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) { CRYPTO_THREAD_unlock(s->lock); SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); + SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); return 0; } if (s->generate_session_id) @@ -433,7 +431,7 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss) if (!cb(s, ss->session_id, &tmp)) { /* The callback failed */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); + SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); return 0; } /* @@ -443,13 +441,13 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss) if (tmp == 0 || tmp > ss->session_id_length) { /* The callback set an illegal length */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); + SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); return 0; } ss->session_id_length = tmp; /* Finally, check for a conflict */ if (SSL_has_matching_session_id(s, ss->session_id, - (unsigned int)ss->session_id_length)) { + (unsigned int)ss->session_id_length)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT); return 0; } @@ -514,12 +512,13 @@ int ssl_get_new_session(SSL *s, int session) } SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, - size_t sess_id_len) + size_t sess_id_len) { SSL_SESSION *ret = NULL; if ((s->session_ctx->session_cache_mode - & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) { + & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) + == 0) { SSL_SESSION data; data.ssl_version = s->version; @@ -554,7 +553,7 @@ SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, return NULL; } ssl_tsan_counter(s->session_ctx, - &s->session_ctx->stats.sess_cb_hit); + &s->session_ctx->stats.sess_cb_hit); /* * Increment reference count now if the session callback asks us @@ -570,8 +569,7 @@ SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, * Add the externally cached session to the internal cache as * well if and only if we are supposed to. */ - if ((s->session_ctx->session_cache_mode & - SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) { + if ((s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) { /* * Either return value of SSL_CTX_add_session should not * interrupt the session resumption process. The return @@ -620,10 +618,10 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) */ s->ext.ticket_expected = 1; if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes, - SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts, - NULL, 0) - || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO, - hello->pre_proc_exts, NULL, 0)) + SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts, + NULL, 0) + || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO, + hello->pre_proc_exts, NULL, 0)) return -1; /* If we resumed, s->session will now be set */ @@ -642,7 +640,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) if (hello->session_id_len > 0) { try_session_cache = 1; ret = lookup_sess_in_cache(s, hello->session_id, - hello->session_id_len); + hello->session_id_len); } break; case SSL_TICKET_NO_DECRYPT: @@ -667,7 +665,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) * We have the session requested by the client, but we don't want to * use it in this context. */ - goto err; /* treat like cache miss */ + goto err; /* treat like cache miss */ } if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { @@ -682,7 +680,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); + SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); fatal = 1; goto err; } @@ -700,7 +698,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) if (ret->flags & SSL_SESS_FLAG_EXTMS) { /* If old session includes extms, but new does not: abort handshake */ if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INCONSISTENT_EXTMS); + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS); fatal = 1; goto err; } @@ -719,7 +717,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) s->verify_result = s->session->verify_result; return 1; - err: +err: if (ret != NULL) { SSL_SESSION_free(ret); /* In TLSv1.3 s->session was already set to ret, so we NULL it out */ @@ -777,8 +775,7 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) * obtain the same session from an external cache) */ s = NULL; - } else if (s == NULL && - lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) { + } else if (s == NULL && lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) { /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */ /* @@ -820,7 +817,7 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) * count because it already takes into account the cache */ - SSL_SESSION_free(s); /* s == c */ + SSL_SESSION_free(s); /* s == c */ ret = 0; } CRYPTO_THREAD_unlock(ctx->lock); @@ -925,11 +922,11 @@ int SSL_set_session(SSL *s, SSL_SESSION *session) } int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, - unsigned int sid_len) + unsigned int sid_len) { if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) { - ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG); - return 0; + ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG); + return 0; } s->session_id_length = sid_len; if (sid != s->session_id) @@ -1041,7 +1038,7 @@ unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s) } void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, - size_t *len) + size_t *len) { *len = s->ext.ticklen; if (tick != NULL) @@ -1061,15 +1058,15 @@ int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data) } void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, - const unsigned char **alpn, - size_t *len) + const unsigned char **alpn, + size_t *len) { *alpn = s->ext.alpn_selected; *len = s->ext.alpn_selected_len; } int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, - size_t len) + size_t len) { OPENSSL_free(s->ext.alpn_selected); if (alpn == NULL || len == 0) { @@ -1093,7 +1090,7 @@ X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) } int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, - unsigned int sid_ctx_len) + unsigned int sid_ctx_len) { if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); @@ -1113,7 +1110,7 @@ int SSL_SESSION_is_resumable(const SSL_SESSION *s) * session ID. */ return !s->not_resumable - && (s->session_id_length > 0 || s->ext.ticklen > 0); + && (s->session_id_length > 0 || s->ext.ticklen > 0); } long SSL_CTX_set_timeout(SSL_CTX *s, long t) @@ -1134,8 +1131,8 @@ long SSL_CTX_get_timeout(const SSL_CTX *s) } int SSL_set_session_secret_cb(SSL *s, - tls_session_secret_cb_fn tls_session_secret_cb, - void *arg) + tls_session_secret_cb_fn tls_session_secret_cb, + void *arg) { if (s == NULL) return 0; @@ -1145,7 +1142,7 @@ int SSL_set_session_secret_cb(SSL *s, } int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, - void *arg) + void *arg) { if (s == NULL) return 0; @@ -1159,8 +1156,7 @@ int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) if (s->version >= TLS1_VERSION) { OPENSSL_free(s->ext.session_ticket); s->ext.session_ticket = NULL; - s->ext.session_ticket = - OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); + s->ext.session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); if (s->ext.session_ticket == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 0; @@ -1231,9 +1227,7 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t) int ssl_clear_bad_session(SSL *s) { - if ((s->session != NULL) && - !(s->shutdown & SSL_SENT_SHUTDOWN) && - !(SSL_in_init(s) || SSL_in_before(s))) { + if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) && !(SSL_in_init(s) || SSL_in_before(s))) { SSL_CTX_remove_session(s->session_ctx, s->session); return 1; } else @@ -1305,7 +1299,7 @@ static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) * one session in the cache it will be caught above */ next = ctx->session_cache_head->next; - while (next != (SSL_SESSION*)&(ctx->session_cache_tail)) { + while (next != (SSL_SESSION *)&(ctx->session_cache_tail)) { if (timeoutcmp(s, next) >= 0) { s->next = next; s->prev = next->prev; @@ -1321,76 +1315,82 @@ static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) } void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, - int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess)) + int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) { ctx->new_session_cb = cb; } -int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) { +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) +{ return ctx->new_session_cb; } void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, - void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess)) + void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)) { ctx->remove_session_cb = cb; } -void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx, - SSL_SESSION *sess) { +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX *ctx, + SSL_SESSION *sess) +{ return ctx->remove_session_cb; } void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, - SSL_SESSION *(*cb) (struct ssl_st *ssl, - const unsigned char *data, - int len, int *copy)) + SSL_SESSION *(*cb)(struct ssl_st *ssl, + const unsigned char *data, + int len, int *copy)) { ctx->get_session_cb = cb; } -SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl, - const unsigned char - *data, int len, - int *copy) { +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, + const unsigned char + *data, + int len, + int *copy) +{ return ctx->get_session_cb; } void SSL_CTX_set_info_callback(SSL_CTX *ctx, - void (*cb) (const SSL *ssl, int type, int val)) + void (*cb)(const SSL *ssl, int type, int val)) { ctx->info_callback = cb; } -void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, - int val) { +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, + int val) +{ return ctx->info_callback; } void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, X509 **x509, - EVP_PKEY **pkey)) + int (*cb)(SSL *ssl, X509 **x509, + EVP_PKEY **pkey)) { ctx->client_cert_cb = cb; } -int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, - EVP_PKEY **pkey) { +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, + EVP_PKEY **pkey) +{ return ctx->client_cert_cb; } void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - unsigned char *cookie, - unsigned int *cookie_len)) + int (*cb)(SSL *ssl, + unsigned char *cookie, + unsigned int *cookie_len)) { ctx->app_gen_cookie_cb = cb; } void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - const unsigned char *cookie, - unsigned int cookie_len)) + int (*cb)(SSL *ssl, + const unsigned char *cookie, + unsigned int cookie_len)) { ctx->app_verify_cookie_cb = cb; } @@ -1420,18 +1420,18 @@ int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len) void SSL_CTX_set_stateless_cookie_generate_cb( SSL_CTX *ctx, - int (*cb) (SSL *ssl, - unsigned char *cookie, - size_t *cookie_len)) + int (*cb)(SSL *ssl, + unsigned char *cookie, + size_t *cookie_len)) { ctx->gen_stateless_cookie_cb = cb; } void SSL_CTX_set_stateless_cookie_verify_cb( SSL_CTX *ctx, - int (*cb) (SSL *ssl, - const unsigned char *cookie, - size_t cookie_len)) + int (*cb)(SSL *ssl, + const unsigned char *cookie, + size_t cookie_len)) { ctx->verify_stateless_cookie_cb = cb; } diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 212fe00962ea..eb4cbde2c52c 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -47,17 +47,20 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (x->cipher == NULL) { if (((x->cipher_id) & 0xff000000) == 0x02000000) { if (BIO_printf(bp, " Cipher : %06lX\n", - x->cipher_id & 0xffffff) <= 0) + x->cipher_id & 0xffffff) + <= 0) goto err; } else { if (BIO_printf(bp, " Cipher : %04lX\n", - x->cipher_id & 0xffff) <= 0) + x->cipher_id & 0xffff) + <= 0) goto err; } } else { if (BIO_printf(bp, " Cipher : %s\n", - ((x->cipher->name == NULL) ? "unknown" - : x->cipher->name)) <= 0) + ((x->cipher->name == NULL) ? "unknown" + : x->cipher->name)) + <= 0) goto err; } if (BIO_puts(bp, " Session-ID: ") <= 0) @@ -88,8 +91,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) goto err; if (BIO_puts(bp, "\n PSK identity hint: ") <= 0) goto err; - if (BIO_printf - (bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) + if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err; #endif #ifndef OPENSSL_NO_SRP @@ -100,15 +102,15 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) #endif if (x->ext.tick_lifetime_hint) { if (BIO_printf(bp, - "\n TLS session ticket lifetime hint: %ld (seconds)", - x->ext.tick_lifetime_hint) <= 0) + "\n TLS session ticket lifetime hint: %ld (seconds)", + x->ext.tick_lifetime_hint) + <= 0) goto err; } if (x->ext.tick) { if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; - if (BIO_dump_indent - (bp, (const char *)x->ext.tick, (int)x->ext.ticklen, 4) + if (BIO_dump_indent(bp, (const char *)x->ext.tick, (int)x->ext.ticklen, 4) <= 0) goto err; } @@ -123,7 +125,8 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) goto err; } else { if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, - comp->name) <= 0) + comp->name) + <= 0) goto err; } } @@ -142,21 +145,24 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (BIO_puts(bp, " Verify return code: ") <= 0) goto err; if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, - X509_verify_cert_error_string(x->verify_result)) <= 0) + X509_verify_cert_error_string(x->verify_result)) + <= 0) goto err; if (BIO_printf(bp, " Extended master secret: %s\n", - x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0) + x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") + <= 0) goto err; if (istls13) { if (BIO_printf(bp, " Max Early Data: %u\n", - x->ext.max_early_data) <= 0) + x->ext.max_early_data) + <= 0) goto err; } return 1; - err: +err: return 0; } @@ -197,6 +203,6 @@ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x) goto err; return 1; - err: +err: return 0; } diff --git a/ssl/sslerr.h b/ssl/sslerr.h index 5c5b760e3821..89a6f16bf541 100644 --- a/ssl/sslerr.h +++ b/ssl/sslerr.h @@ -9,19 +9,19 @@ */ #ifndef OSSL_SSLERR_H -# define OSSL_SSLERR_H -# pragma once +#define OSSL_SSLERR_H +#pragma once -# include <openssl/opensslconf.h> -# include <openssl/symhacks.h> +#include <openssl/opensslconf.h> +#include <openssl/symhacks.h> -# ifdef __cplusplus +#ifdef __cplusplus extern "C" { -# endif +#endif int ossl_err_load_SSL_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index f8157389b7f1..ad597cb8ed85 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -8,8 +8,8 @@ */ #if defined(__TANDEM) && defined(_SPT_MODEL_) -# include <spthread.h> -# include <spt_extensions.h> /* timeval */ +#include <spthread.h> +#include <spt_extensions.h> /* timeval */ #endif #include <string.h> @@ -36,12 +36,12 @@ static int init_sig_algs_cert(SSL *s, unsigned int context); static int init_sig_algs(SSL *s, unsigned int context); static int init_certificate_authorities(SSL *s, unsigned int context); static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, - unsigned int context, - X509 *x, - size_t chainidx); + unsigned int context, + X509 *x, + size_t chainidx); static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #ifndef OPENSSL_NO_SRP static int init_srp(SSL *s, unsigned int context); #endif @@ -76,16 +76,16 @@ typedef struct extensions_definition_st { int (*init)(SSL *s, unsigned int context); /* Parse extension sent from client to server */ int (*parse_ctos)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); /* Parse extension send from server to client */ int (*parse_stoc)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); /* Construct extension sent from server to client */ EXT_RETURN (*construct_stoc)(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); /* Construct extension sent from client to server */ EXT_RETURN (*construct_ctos)(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); /* * Finalise extension after parsing. Always called where an extensions was * initialised even if the extension was not present. |sent| is set to 1 if @@ -123,269 +123,225 @@ typedef struct extensions_definition_st { */ #define INVALID_EXTENSION { TLSEXT_TYPE_invalid, 0, NULL, NULL, NULL, NULL, NULL, NULL } static const EXTENSION_DEFINITION ext_defs[] = { - { - TLSEXT_TYPE_renegotiate, + { TLSEXT_TYPE_renegotiate, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_SSL3_ALLOWED | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_SSL3_ALLOWED | SSL_EXT_TLS1_2_AND_BELOW_ONLY, NULL, tls_parse_ctos_renegotiate, tls_parse_stoc_renegotiate, tls_construct_stoc_renegotiate, tls_construct_ctos_renegotiate, - final_renegotiate - }, - { - TLSEXT_TYPE_server_name, + final_renegotiate }, + { TLSEXT_TYPE_server_name, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, init_server_name, tls_parse_ctos_server_name, tls_parse_stoc_server_name, tls_construct_stoc_server_name, tls_construct_ctos_server_name, - final_server_name - }, - { - TLSEXT_TYPE_max_fragment_length, + final_server_name }, + { TLSEXT_TYPE_max_fragment_length, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, NULL, tls_parse_ctos_maxfragmentlen, tls_parse_stoc_maxfragmentlen, tls_construct_stoc_maxfragmentlen, tls_construct_ctos_maxfragmentlen, - final_maxfragmentlen - }, + final_maxfragmentlen }, #ifndef OPENSSL_NO_SRP - { - TLSEXT_TYPE_srp, + { TLSEXT_TYPE_srp, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY, - init_srp, tls_parse_ctos_srp, NULL, NULL, tls_construct_ctos_srp, NULL - }, + init_srp, tls_parse_ctos_srp, NULL, NULL, tls_construct_ctos_srp, NULL }, #else INVALID_EXTENSION, #endif - { - TLSEXT_TYPE_ec_point_formats, + { TLSEXT_TYPE_ec_point_formats, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats, tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats, - final_ec_pt_formats - }, - { - /* - * "supported_groups" is spread across several specifications. - * It was originally specified as "elliptic_curves" in RFC 4492, - * and broadened to include named FFDH groups by RFC 7919. - * Both RFCs 4492 and 7919 do not include a provision for the server - * to indicate to the client the complete list of groups supported - * by the server, with the server instead just indicating the - * selected group for this connection in the ServerKeyExchange - * message. TLS 1.3 adds a scheme for the server to indicate - * to the client its list of supported groups in the - * EncryptedExtensions message, but none of the relevant - * specifications permit sending supported_groups in the ServerHello. - * Nonetheless (possibly due to the close proximity to the - * "ec_point_formats" extension, which is allowed in the ServerHello), - * there are several servers that send this extension in the - * ServerHello anyway. Up to and including the 1.1.0 release, - * we did not check for the presence of nonpermitted extensions, - * so to avoid a regression, we must permit this extension in the - * TLS 1.2 ServerHello as well. - * - * Note that there is no tls_parse_stoc_supported_groups function, - * so we do not perform any additional parsing, validation, or - * processing on the server's group list -- this is just a minimal - * change to preserve compatibility with these misbehaving servers. - */ + final_ec_pt_formats }, + { /* + * "supported_groups" is spread across several specifications. + * It was originally specified as "elliptic_curves" in RFC 4492, + * and broadened to include named FFDH groups by RFC 7919. + * Both RFCs 4492 and 7919 do not include a provision for the server + * to indicate to the client the complete list of groups supported + * by the server, with the server instead just indicating the + * selected group for this connection in the ServerKeyExchange + * message. TLS 1.3 adds a scheme for the server to indicate + * to the client its list of supported groups in the + * EncryptedExtensions message, but none of the relevant + * specifications permit sending supported_groups in the ServerHello. + * Nonetheless (possibly due to the close proximity to the + * "ec_point_formats" extension, which is allowed in the ServerHello), + * there are several servers that send this extension in the + * ServerHello anyway. Up to and including the 1.1.0 release, + * we did not check for the presence of nonpermitted extensions, + * so to avoid a regression, we must permit this extension in the + * TLS 1.2 ServerHello as well. + * + * Note that there is no tls_parse_stoc_supported_groups function, + * so we do not perform any additional parsing, validation, or + * processing on the server's group list -- this is just a minimal + * change to preserve compatibility with these misbehaving servers. + */ TLSEXT_TYPE_supported_groups, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - | SSL_EXT_TLS1_2_SERVER_HELLO, + | SSL_EXT_TLS1_2_SERVER_HELLO, NULL, tls_parse_ctos_supported_groups, NULL, tls_construct_stoc_supported_groups, - tls_construct_ctos_supported_groups, NULL - }, - { - TLSEXT_TYPE_session_ticket, + tls_construct_ctos_supported_groups, NULL }, + { TLSEXT_TYPE_session_ticket, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, init_session_ticket, tls_parse_ctos_session_ticket, tls_parse_stoc_session_ticket, tls_construct_stoc_session_ticket, - tls_construct_ctos_session_ticket, NULL - }, + tls_construct_ctos_session_ticket, NULL }, #ifndef OPENSSL_NO_OCSP - { - TLSEXT_TYPE_status_request, + { TLSEXT_TYPE_status_request, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, + | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, init_status_request, tls_parse_ctos_status_request, tls_parse_stoc_status_request, tls_construct_stoc_status_request, - tls_construct_ctos_status_request, NULL - }, + tls_construct_ctos_status_request, NULL }, #else INVALID_EXTENSION, #endif #ifndef OPENSSL_NO_NEXTPROTONEG - { - TLSEXT_TYPE_next_proto_neg, + { TLSEXT_TYPE_next_proto_neg, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, init_npn, tls_parse_ctos_npn, tls_parse_stoc_npn, - tls_construct_stoc_next_proto_neg, tls_construct_ctos_npn, NULL - }, + tls_construct_stoc_next_proto_neg, tls_construct_ctos_npn, NULL }, #else INVALID_EXTENSION, #endif - { - /* - * Must appear in this list after server_name so that finalisation - * happens after server_name callbacks - */ + { /* + * Must appear in this list after server_name so that finalisation + * happens after server_name callbacks + */ TLSEXT_TYPE_application_layer_protocol_negotiation, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, init_alpn, tls_parse_ctos_alpn, tls_parse_stoc_alpn, - tls_construct_stoc_alpn, tls_construct_ctos_alpn, final_alpn - }, + tls_construct_stoc_alpn, tls_construct_ctos_alpn, final_alpn }, #ifndef OPENSSL_NO_SRTP - { - TLSEXT_TYPE_use_srtp, + { TLSEXT_TYPE_use_srtp, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_DTLS_ONLY, + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_DTLS_ONLY, init_srtp, tls_parse_ctos_use_srtp, tls_parse_stoc_use_srtp, - tls_construct_stoc_use_srtp, tls_construct_ctos_use_srtp, NULL - }, + tls_construct_stoc_use_srtp, tls_construct_ctos_use_srtp, NULL }, #else INVALID_EXTENSION, #endif - { - TLSEXT_TYPE_encrypt_then_mac, + { TLSEXT_TYPE_encrypt_then_mac, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, init_etm, tls_parse_ctos_etm, tls_parse_stoc_etm, - tls_construct_stoc_etm, tls_construct_ctos_etm, NULL - }, + tls_construct_stoc_etm, tls_construct_ctos_etm, NULL }, #ifndef OPENSSL_NO_CT - { - TLSEXT_TYPE_signed_certificate_timestamp, + { TLSEXT_TYPE_signed_certificate_timestamp, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, + | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL, /* * No server side support for this, but can be provided by a custom * extension. This is an exception to the rule that custom extensions * cannot override built in ones. */ - NULL, tls_parse_stoc_sct, NULL, tls_construct_ctos_sct, NULL - }, + NULL, tls_parse_stoc_sct, NULL, tls_construct_ctos_sct, NULL }, #else INVALID_EXTENSION, #endif - { - TLSEXT_TYPE_extended_master_secret, + { TLSEXT_TYPE_extended_master_secret, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, init_ems, tls_parse_ctos_ems, tls_parse_stoc_ems, - tls_construct_stoc_ems, tls_construct_ctos_ems, final_ems - }, - { - TLSEXT_TYPE_signature_algorithms_cert, + tls_construct_stoc_ems, tls_construct_ctos_ems, final_ems }, + { TLSEXT_TYPE_signature_algorithms_cert, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, init_sig_algs_cert, tls_parse_ctos_sig_algs_cert, tls_parse_ctos_sig_algs_cert, /* We do not generate signature_algorithms_cert at present. */ - NULL, NULL, NULL - }, + NULL, NULL, NULL }, { TLSEXT_TYPE_post_handshake_auth, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ONLY, init_post_handshake_auth, - tls_parse_ctos_post_handshake_auth, NULL, - NULL, tls_construct_ctos_post_handshake_auth, + tls_parse_ctos_post_handshake_auth, + NULL, + NULL, + tls_construct_ctos_post_handshake_auth, NULL, }, - { - TLSEXT_TYPE_signature_algorithms, + { TLSEXT_TYPE_signature_algorithms, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, init_sig_algs, tls_parse_ctos_sig_algs, tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs, - tls_construct_ctos_sig_algs, final_sig_algs - }, - { - TLSEXT_TYPE_supported_versions, + tls_construct_ctos_sig_algs, final_sig_algs }, + { TLSEXT_TYPE_supported_versions, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY, + | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY, NULL, /* Processed inline as part of version selection */ NULL, tls_parse_stoc_supported_versions, tls_construct_stoc_supported_versions, - tls_construct_ctos_supported_versions, NULL - }, - { - TLSEXT_TYPE_psk_kex_modes, + tls_construct_ctos_supported_versions, NULL }, + { TLSEXT_TYPE_psk_kex_modes, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS_IMPLEMENTATION_ONLY - | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS1_3_ONLY, init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL, - tls_construct_ctos_psk_kex_modes, NULL - }, - { - /* - * Must be in this list after supported_groups. We need that to have - * been parsed before we do this one. - */ + tls_construct_ctos_psk_kex_modes, NULL }, + { /* + * Must be in this list after supported_groups. We need that to have + * been parsed before we do this one. + */ TLSEXT_TYPE_key_share, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY - | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY + | SSL_EXT_TLS1_3_ONLY, NULL, tls_parse_ctos_key_share, tls_parse_stoc_key_share, tls_construct_stoc_key_share, tls_construct_ctos_key_share, - final_key_share - }, - { - /* Must be after key_share */ + final_key_share }, + { /* Must be after key_share */ TLSEXT_TYPE_cookie, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST - | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, NULL, tls_parse_ctos_cookie, tls_parse_stoc_cookie, - tls_construct_stoc_cookie, tls_construct_ctos_cookie, NULL - }, - { - /* - * Special unsolicited ServerHello extension only used when - * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but - * ignore it. - */ + tls_construct_stoc_cookie, tls_construct_ctos_cookie, NULL }, + { /* + * Special unsolicited ServerHello extension only used when + * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but + * ignore it. + */ TLSEXT_TYPE_cryptopro_bug, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, - NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL - }, - { - TLSEXT_TYPE_early_data, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL }, + { TLSEXT_TYPE_early_data, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - | SSL_EXT_TLS1_3_NEW_SESSION_TICKET | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS1_3_NEW_SESSION_TICKET | SSL_EXT_TLS1_3_ONLY, NULL, tls_parse_ctos_early_data, tls_parse_stoc_early_data, tls_construct_stoc_early_data, tls_construct_ctos_early_data, - final_early_data - }, + final_early_data }, { TLSEXT_TYPE_certificate_authorities, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST - | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS1_3_ONLY, init_certificate_authorities, - tls_parse_certificate_authorities, tls_parse_certificate_authorities, + tls_parse_certificate_authorities, + tls_parse_certificate_authorities, tls_construct_certificate_authorities, - tls_construct_certificate_authorities, NULL, + tls_construct_certificate_authorities, + NULL, }, - { - /* Must be immediately before pre_shared_key */ + { /* Must be immediately before pre_shared_key */ TLSEXT_TYPE_padding, SSL_EXT_CLIENT_HELLO, NULL, /* We send this, but don't read it */ - NULL, NULL, NULL, tls_construct_ctos_padding, NULL - }, - { - /* Required by the TLSv1.3 spec to always be the last extension */ + NULL, NULL, NULL, tls_construct_ctos_padding, NULL }, + { /* Required by the TLSv1.3 spec to always be the last extension */ TLSEXT_TYPE_psk, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk, - tls_construct_ctos_psk, final_psk - } + tls_construct_ctos_psk, final_psk } }; /* Returns a TLSEXT_TYPE for the given index */ @@ -441,7 +397,7 @@ int tls_validate_all_contexts(SSL *s, unsigned int thisctx, RAW_EXTENSION *exts) custom_ext_method *meth = NULL; meth = custom_ext_find(&s->cert->custext, role, thisext->type, - &offset); + &offset); if (!ossl_assert(meth != NULL)) return 0; context = meth->context; @@ -461,8 +417,8 @@ int tls_validate_all_contexts(SSL *s, unsigned int thisctx, RAW_EXTENSION *exts) * the definition for the extension we found. */ static int verify_extension(SSL *s, unsigned int context, unsigned int type, - custom_ext_methods *meths, RAW_EXTENSION *rawexlist, - RAW_EXTENSION **found) + custom_ext_methods *meths, RAW_EXTENSION *rawexlist, + RAW_EXTENSION **found) { size_t i; size_t builtin_num = OSSL_NELEM(ext_defs); @@ -522,22 +478,22 @@ int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx) is_tls13 = SSL_IS_TLS13(s); if ((SSL_IS_DTLS(s) - && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0) - || (s->version == SSL3_VERSION - && (extctx & SSL_EXT_SSL3_ALLOWED) == 0) - /* - * Note that SSL_IS_TLS13() means "TLS 1.3 has been negotiated", - * which is never true when generating the ClientHello. - * However, version negotiation *has* occurred by the time the - * ClientHello extensions are being parsed. - * Be careful to allow TLS 1.3-only extensions when generating - * the ClientHello. - */ - || (is_tls13 && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0) - || (!is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0 - && (thisctx & SSL_EXT_CLIENT_HELLO) == 0) - || (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0) - || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0)) + && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0) + || (s->version == SSL3_VERSION + && (extctx & SSL_EXT_SSL3_ALLOWED) == 0) + /* + * Note that SSL_IS_TLS13() means "TLS 1.3 has been negotiated", + * which is never true when generating the ClientHello. + * However, version negotiation *has* occurred by the time the + * ClientHello extensions are being parsed. + * Be careful to allow TLS 1.3-only extensions when generating + * the ClientHello. + */ + || (is_tls13 && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0) + || (!is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0 + && (thisctx & SSL_EXT_CLIENT_HELLO) == 0) + || (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0) + || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0)) return 0; return 1; } @@ -559,7 +515,7 @@ int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx) * extensions that we know about. We ignore others. */ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, - RAW_EXTENSION **res, size_t *len, int init) + RAW_EXTENSION **res, size_t *len, int init) { PACKET extensions = *packet; size_t i = 0; @@ -590,8 +546,7 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, PACKET extension; RAW_EXTENSION *thisex; - if (!PACKET_get_net_2(&extensions, &type) || - !PACKET_get_length_prefixed_2(&extensions, &extension)) { + if (!PACKET_get_net_2(&extensions, &type) || !PACKET_get_length_prefixed_2(&extensions, &extension)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); goto err; } @@ -601,10 +556,10 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, * PSK extension, which must be the last one in the ClientHello. */ if (!verify_extension(s, context, type, exts, raw_extensions, &thisex) - || (thisex != NULL && thisex->present == 1) - || (type == TLSEXT_TYPE_psk - && (context & SSL_EXT_CLIENT_HELLO) != 0 - && PACKET_remaining(&extensions) != 0)) { + || (thisex != NULL && thisex->present == 1) + || (type == TLSEXT_TYPE_psk + && (context & SSL_EXT_CLIENT_HELLO) != 0 + && PACKET_remaining(&extensions) != 0)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EXTENSION); goto err; } @@ -624,20 +579,18 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, * itself handle unsolicited response checks. */ if (idx < OSSL_NELEM(ext_defs) - && (context & (SSL_EXT_CLIENT_HELLO - | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST - | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) == 0 - && type != TLSEXT_TYPE_cookie - && type != TLSEXT_TYPE_renegotiate - && type != TLSEXT_TYPE_signed_certificate_timestamp - && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0 + && (context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) == 0 + && type != TLSEXT_TYPE_cookie + && type != TLSEXT_TYPE_renegotiate + && type != TLSEXT_TYPE_signed_certificate_timestamp + && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0 #ifndef OPENSSL_NO_GOST - && !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0 - && type == TLSEXT_TYPE_cryptopro_bug) + && !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0 + && type == TLSEXT_TYPE_cryptopro_bug) #endif - ) { + ) { SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, - SSL_R_UNSOLICITED_EXTENSION); + SSL_R_UNSOLICITED_EXTENSION); goto err; } if (thisex != NULL) { @@ -647,9 +600,9 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, thisex->received_order = i++; if (s->ext.debug_cb) s->ext.debug_cb(s, !s->server, thisex->type, - PACKET_data(&thisex->data), - PACKET_remaining(&thisex->data), - s->ext.debug_arg); + PACKET_data(&thisex->data), + PACKET_remaining(&thisex->data), + s->ext.debug_arg); } } @@ -659,7 +612,7 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, * whether we have found them or not */ for (thisexd = ext_defs, i = 0; i < OSSL_NELEM(ext_defs); - i++, thisexd++) { + i++, thisexd++) { if (thisexd->init != NULL && (thisexd->context & context) != 0 && extension_is_relevant(s, thisexd->context, context) && !thisexd->init(s, context)) { @@ -674,7 +627,7 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, *len = num_exts; return 1; - err: +err: OPENSSL_free(raw_extensions); return 0; } @@ -690,11 +643,12 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, * present this counted as success. */ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, - RAW_EXTENSION *exts, X509 *x, size_t chainidx) + RAW_EXTENSION *exts, X509 *x, size_t chainidx) { RAW_EXTENSION *currext = &exts[idx]; int (*parser)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) = NULL; + size_t chainidx) + = NULL; /* Skip if the extension is not present */ if (!currext->present) @@ -727,9 +681,9 @@ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, /* Parse custom extensions */ return custom_ext_parse(s, context, currext->type, - PACKET_data(&currext->data), - PACKET_remaining(&currext->data), - x, chainidx); + PACKET_data(&currext->data), + PACKET_remaining(&currext->data), + x, chainidx); } /* @@ -740,7 +694,7 @@ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, * its position in the |chainidx|, with 0 being the first certificate. */ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x, - size_t chainidx, int fin) + size_t chainidx, int fin) { size_t i, numexts = OSSL_NELEM(ext_defs); const EXTENSION_DEFINITION *thisexd; @@ -762,7 +716,7 @@ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x, * whether we have found them or not */ for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); - i++, thisexd++) { + i++, thisexd++) { if (thisexd->final != NULL && (thisexd->context & context) != 0 && !thisexd->final(s, context, exts[i].present)) { /* SSLfatal() already called */ @@ -775,7 +729,7 @@ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x, } int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx, - int max_version) + int max_version) { /* Skip if not relevant for our context */ if ((extctx & thisctx) == 0) @@ -783,9 +737,9 @@ int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx, /* Check if this extension is defined for our protocol. If not, skip */ if (!extension_is_relevant(s, extctx, thisctx) - || ((extctx & SSL_EXT_TLS1_3_ONLY) != 0 - && (thisctx & SSL_EXT_CLIENT_HELLO) != 0 - && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION))) + || ((extctx & SSL_EXT_TLS1_3_ONLY) != 0 + && (thisctx & SSL_EXT_CLIENT_HELLO) != 0 + && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION))) return 0; return 1; @@ -800,22 +754,21 @@ int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx, * failure construction stops at the first extension to fail to construct. */ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { size_t i; int min_version, max_version = 0, reason; const EXTENSION_DEFINITION *thisexd; if (!WPACKET_start_sub_packet_u16(pkt) - /* - * If extensions are of zero length then we don't even add the - * extensions length bytes to a ClientHello/ServerHello - * (for non-TLSv1.3). - */ - || ((context & - (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0 - && !WPACKET_set_flags(pkt, - WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))) { + /* + * If extensions are of zero length then we don't even add the + * extensions length bytes to a ClientHello/ServerHello + * (for non-TLSv1.3). + */ + || ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0 + && !WPACKET_set_flags(pkt, + WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -840,7 +793,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) { EXT_RETURN (*construct)(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN ret; /* Skip if not relevant for our context */ @@ -859,9 +812,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, return 0; } if (ret == EXT_RETURN_SENT - && (context & (SSL_EXT_CLIENT_HELLO - | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST - | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) != 0) + && (context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) != 0) s->ext.extflags[i] |= SSL_EXT_FLAG_SENT; } @@ -888,10 +839,10 @@ static int final_renegotiate(SSL *s, unsigned int context, int sent) * renegotiation */ if (!(s->options & SSL_OP_LEGACY_SERVER_CONNECT) - && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) - && !sent) { + && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) + && !sent) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); return 0; } @@ -900,19 +851,18 @@ static int final_renegotiate(SSL *s, unsigned int context, int sent) /* Need RI if renegotiating */ if (s->renegotiate - && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) - && !sent) { + && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) + && !sent) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); return 0; } - return 1; } static ossl_inline void ssl_tsan_decr(const SSL_CTX *ctx, - TSAN_QUALIFIER int *stat) + TSAN_QUALIFIER int *stat) { if (ssl_tsan_lock(ctx)) { tsan_decr(stat); @@ -945,10 +895,10 @@ static int final_server_name(SSL *s, unsigned int context, int sent) if (s->ctx->ext.servername_cb != NULL) ret = s->ctx->ext.servername_cb(s, &altmp, - s->ctx->ext.servername_arg); + s->ctx->ext.servername_arg); else if (s->session_ctx->ext.servername_cb != NULL) ret = s->session_ctx->ext.servername_cb(s, &altmp, - s->session_ctx->ext.servername_arg); + s->session_ctx->ext.servername_arg); /* * For servers, propagate the SNI hostname from the temporary @@ -976,7 +926,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent) * exceed sess_accept (zero) for the new context. */ if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx - && s->hello_retry_request == SSL_HRR_NONE) { + && s->hello_retry_request == SSL_HRR_NONE) { ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept); ssl_tsan_decr(s->session_ctx, &s->session_ctx->stats.sess_accept); } @@ -987,10 +937,10 @@ static int final_server_name(SSL *s, unsigned int context, int sent) * Also, if this is not a resumption, create a new session ID */ if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected - && was_ticket && (SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) { + && was_ticket && (SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) { s->ext.ticket_expected = 0; if (!s->hit) { - SSL_SESSION* ss = SSL_get_session(s); + SSL_SESSION *ss = SSL_get_session(s); if (ss != NULL) { OPENSSL_free(ss->ext.tick); @@ -1046,10 +996,10 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) * must contain uncompressed. */ if (s->ext.ecpointformats != NULL - && s->ext.ecpointformats_len > 0 - && s->ext.peer_ecpointformats != NULL - && s->ext.peer_ecpointformats_len > 0 - && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { + && s->ext.ecpointformats_len > 0 + && s->ext.peer_ecpointformats != NULL + && s->ext.peer_ecpointformats_len > 0 + && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { /* we are using an ECC cipher */ size_t i; unsigned char *list = s->ext.peer_ecpointformats; @@ -1060,7 +1010,7 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) } if (i == s->ext.peer_ecpointformats_len) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); + SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); return 0; } } @@ -1120,7 +1070,7 @@ static int init_alpn(SSL *s, unsigned int context) static int final_alpn(SSL *s, unsigned int context, int sent) { if (!s->server && !sent && s->session->ext.alpn_selected != NULL) - s->ext.early_data_ok = 0; + s->ext.early_data_ok = 0; if (!s->server || !SSL_IS_TLS13(s)) return 1; @@ -1209,8 +1159,7 @@ static int final_ems(SSL *s, unsigned int context, int sent) * Check extended master secret extension is consistent with * original session. */ - if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) != - !(s->session->flags & SSL_SESS_FLAG_EXTMS)) { + if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) != !(s->session->flags & SSL_SESS_FLAG_EXTMS)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS); return 0; } @@ -1227,9 +1176,9 @@ static int init_certificate_authorities(SSL *s, unsigned int context) } static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, - unsigned int context, - X509 *x, - size_t chainidx) + unsigned int context, + X509 *x, + size_t chainidx) { const STACK_OF(X509_NAME) *ca_sk = get_ca_names(s); @@ -1256,8 +1205,8 @@ static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, } static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (!parse_ca_names(s, pkt)) return 0; @@ -1282,7 +1231,7 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent) { if (!sent && SSL_IS_TLS13(s) && !s->hit) { SSLfatal(s, TLS13_AD_MISSING_EXTENSION, - SSL_R_MISSING_SIGALGS_EXTENSION); + SSL_R_MISSING_SIGALGS_EXTENSION); return 0; } @@ -1311,9 +1260,9 @@ static int final_key_share(SSL *s, unsigned int context, int sent) * fail; */ if (!s->server - && !sent - && (!s->hit - || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0)) { + && !sent + && (!s->hit + || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0)) { /* Nothing left we can do - just fail */ SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_R_NO_SUITABLE_KEY_SHARE); return 0; @@ -1356,7 +1305,7 @@ static int final_key_share(SSL *s, unsigned int context, int sent) if (s->s3.peer_tmp != NULL) { /* We have a suitable key_share */ if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0 - && !s->ext.cookieok) { + && !s->ext.cookieok) { if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { /* * If we are stateless then we wouldn't know about any @@ -1372,9 +1321,9 @@ static int final_key_share(SSL *s, unsigned int context, int sent) } else { /* No suitable key_share */ if (s->hello_retry_request == SSL_HRR_NONE && sent - && (!s->hit - || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) - != 0)) { + && (!s->hit + || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) + != 0)) { const uint16_t *pgroups, *clntgroups; size_t num_groups, clnt_num_groups, i; unsigned int group_id = 0; @@ -1392,11 +1341,11 @@ static int final_key_share(SSL *s, unsigned int context, int sent) group_id = pgroups[i]; if (check_in_list(s, group_id, clntgroups, clnt_num_groups, - 1) - && tls_group_allowed(s, group_id, - SSL_SECOP_CURVE_SUPPORTED) - && tls_valid_group(s, group_id, TLS1_3_VERSION, - TLS1_3_VERSION, 0, NULL)) + 1) + && tls_group_allowed(s, group_id, + SSL_SECOP_CURVE_SUPPORTED) + && tls_valid_group(s, group_id, TLS1_3_VERSION, + TLS1_3_VERSION, 0, NULL)) break; } @@ -1408,16 +1357,15 @@ static int final_key_share(SSL *s, unsigned int context, int sent) } } if (!s->hit - || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) { + || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) { /* Nothing left we can do - just fail */ - SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE - : SSL_AD_MISSING_EXTENSION, - SSL_R_NO_SUITABLE_KEY_SHARE); + SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE : SSL_AD_MISSING_EXTENSION, + SSL_R_NO_SUITABLE_KEY_SHARE); return 0; } if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0 - && !s->ext.cookieok) { + && !s->ext.cookieok) { if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { /* * If we are stateless then we wouldn't know about any @@ -1460,9 +1408,9 @@ static int init_psk_kex_modes(SSL *s, unsigned int context) } int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, - size_t binderoffset, const unsigned char *binderin, - unsigned char *binderout, SSL_SESSION *sess, int sign, - int external) + size_t binderoffset, const unsigned char *binderin, + unsigned char *binderout, SSL_SESSION *sess, int sign, + int external) { EVP_PKEY *mackey = NULL; EVP_MD_CTX *mctx = NULL; @@ -1471,7 +1419,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, unsigned char *early_secret; #ifdef CHARSET_EBCDIC static const unsigned char resumption_label[] = { 0x72, 0x65, 0x73, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 }; - static const unsigned char external_label[] = { 0x65, 0x78, 0x74, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 }; + static const unsigned char external_label[] = { 0x65, 0x78, 0x74, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 }; #else static const unsigned char resumption_label[] = "res binder"; static const unsigned char external_label[] = "ext binder"; @@ -1490,9 +1438,9 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, hashsize = (size_t)hashsizei; if (external - && s->early_data_state == SSL_EARLY_DATA_CONNECTING - && s->session->ext.max_early_data == 0 - && sess->ext.max_early_data > 0) + && s->early_data_state == SSL_EARLY_DATA_CONNECTING + && s->session->ext.max_early_data == 0 + && sess->ext.max_early_data > 0) usepskfored = 1; if (external) { @@ -1517,7 +1465,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, early_secret = (unsigned char *)sess->early_secret; if (!tls13_generate_secret(s, md, NULL, sess->master_key, - sess->master_key_length, early_secret)) { + sess->master_key_length, early_secret)) { /* SSLfatal() already called */ goto err; } @@ -1528,15 +1476,15 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, */ mctx = EVP_MD_CTX_new(); if (mctx == NULL - || EVP_DigestInit_ex(mctx, md, NULL) <= 0 - || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { + || EVP_DigestInit_ex(mctx, md, NULL) <= 0 + || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } /* Generate the binder key */ if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash, - hashsize, binderkey, hashsize, 1)) { + hashsize, binderkey, hashsize, 1)) { /* SSLfatal() already called */ goto err; } @@ -1562,8 +1510,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, long hdatalen_l; void *hdata; - hdatalen = hdatalen_l = - BIO_get_mem_data(s->s3.handshake_buffer, &hdata); + hdatalen = hdatalen_l = BIO_get_mem_data(s->s3.handshake_buffer, &hdata); if (hdatalen_l <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_LENGTH); goto err; @@ -1578,10 +1525,10 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, /* Find how many bytes are left after the first two messages */ if (!PACKET_buf_init(&hashprefix, hdata, hdatalen) - || !PACKET_forward(&hashprefix, 1) - || !PACKET_get_length_prefixed_3(&hashprefix, &msg) - || !PACKET_forward(&hashprefix, 1) - || !PACKET_get_length_prefixed_3(&hashprefix, &msg)) { + || !PACKET_forward(&hashprefix, 1) + || !PACKET_get_length_prefixed_3(&hashprefix, &msg) + || !PACKET_forward(&hashprefix, 1) + || !PACKET_get_length_prefixed_3(&hashprefix, &msg)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1595,14 +1542,14 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, } if (EVP_DigestUpdate(mctx, msgstart, binderoffset) <= 0 - || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { + || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } mackey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", - s->ctx->propq, finishedkey, - hashsize); + s->ctx->propq, finishedkey, + hashsize); if (mackey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -1613,10 +1560,11 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, bindersize = hashsize; if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_get0_name(md), s->ctx->libctx, - s->ctx->propq, mackey, NULL) <= 0 - || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0 - || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0 - || bindersize != hashsize) { + s->ctx->propq, mackey, NULL) + <= 0 + || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0 + || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0 + || bindersize != hashsize) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1630,7 +1578,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BINDER_DOES_NOT_VERIFY); } - err: +err: OPENSSL_cleanse(binderkey, sizeof(binderkey)); OPENSSL_cleanse(finishedkey, sizeof(finishedkey)); EVP_PKEY_free(mackey); @@ -1646,8 +1594,8 @@ static int final_early_data(SSL *s, unsigned int context, int sent) if (!s->server) { if (context == SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - && sent - && !s->ext.early_data_ok) { + && sent + && !s->ext.early_data_ok) { /* * If we get here then the server accepted our early_data but we * later realised that it shouldn't have done (e.g. inconsistent @@ -1661,19 +1609,19 @@ static int final_early_data(SSL *s, unsigned int context, int sent) } if (s->max_early_data == 0 - || !s->hit - || s->early_data_state != SSL_EARLY_DATA_ACCEPTING - || !s->ext.early_data_ok - || s->hello_retry_request != SSL_HRR_NONE - || (s->allow_early_data_cb != NULL - && !s->allow_early_data_cb(s, - s->allow_early_data_cb_data))) { + || !s->hit + || s->early_data_state != SSL_EARLY_DATA_ACCEPTING + || !s->ext.early_data_ok + || s->hello_retry_request != SSL_HRR_NONE + || (s->allow_early_data_cb != NULL + && !s->allow_early_data_cb(s, + s->allow_early_data_cb_data))) { s->ext.early_data = SSL_EARLY_DATA_REJECTED; } else { s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; if (!tls13_change_cipher_state(s, - SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_SERVER_READ)) { + SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_SERVER_READ)) { /* SSLfatal() already called */ return 0; } @@ -1690,7 +1638,7 @@ static int final_maxfragmentlen(SSL *s, unsigned int context, int sent) /* Current SSL buffer is lower than requested MFL */ if (s->session && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) - && s->max_send_fragment < GET_MAX_FRAGMENT_LENGTH(s->session)) + && s->max_send_fragment < GET_MAX_FRAGMENT_LENGTH(s->session)) /* trigger a larger buffer reallocation */ if (!ssl3_setup_buffers(s)) { /* SSLfatal() already called */ @@ -1714,9 +1662,9 @@ static int init_post_handshake_auth(SSL *s, ossl_unused unsigned int context) static int final_psk(SSL *s, unsigned int context, int sent) { if (s->server && sent && s->clienthello != NULL - && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { + && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { SSLfatal(s, TLS13_AD_MISSING_EXTENSION, - SSL_R_MISSING_PSK_KEX_MODES_EXTENSION); + SSL_R_MISSING_PSK_KEX_MODES_EXTENSION); return 0; } diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index ced88f77ba3c..859d6bd647d7 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -13,18 +13,18 @@ #include "statem_local.h" EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { /* Add RI if renegotiating */ if (!s->renegotiate) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, s->s3.previous_client_finished, - s->s3.previous_client_finished_len) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, s->s3.previous_client_finished, + s->s3.previous_client_finished_len) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -33,23 +33,23 @@ EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, } EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (s->ext.hostname == NULL) return EXT_RETURN_NOT_SENT; /* Add TLS extension servername to the Client Hello message */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name) - /* Sub-packet for server_name extension */ - || !WPACKET_start_sub_packet_u16(pkt) - /* Sub-packet for servername list (always 1 hostname)*/ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u8(pkt, TLSEXT_NAMETYPE_host_name) - || !WPACKET_sub_memcpy_u16(pkt, s->ext.hostname, - strlen(s->ext.hostname)) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + /* Sub-packet for server_name extension */ + || !WPACKET_start_sub_packet_u16(pkt) + /* Sub-packet for servername list (always 1 hostname)*/ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, TLSEXT_NAMETYPE_host_name) + || !WPACKET_sub_memcpy_u16(pkt, s->ext.hostname, + strlen(s->ext.hostname)) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -59,8 +59,8 @@ EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, /* Push a Max Fragment Len extension into ClientHello */ EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (s->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_DISABLED) return EXT_RETURN_NOT_SENT; @@ -71,10 +71,10 @@ EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, * 1 byte for the Max Fragment Length code value. */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_max_fragment_length) - /* Sub-packet for Max Fragment Length extension (1 byte) */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u8(pkt, s->ext.max_fragment_len_mode) - || !WPACKET_close(pkt)) { + /* Sub-packet for Max Fragment Length extension (1 byte) */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, s->ext.max_fragment_len_mode) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -84,22 +84,22 @@ EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, #ifndef OPENSSL_NO_SRP EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { /* Add SRP username if there is one */ if (s->srp_ctx.login == NULL) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_srp) - /* Sub-packet for SRP extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u8(pkt) - /* login must not be zero...internal error if so */ - || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH) - || !WPACKET_memcpy(pkt, s->srp_ctx.login, - strlen(s->srp_ctx.login)) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + /* Sub-packet for SRP extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt) + /* login must not be zero...internal error if so */ + || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH) + || !WPACKET_memcpy(pkt, s->srp_ctx.login, + strlen(s->srp_ctx.login)) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -128,8 +128,8 @@ static int use_ecc(SSL *s, int min_version, int max_version) alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) - || (alg_a & SSL_aECDSA) - || c->min_tls >= TLS1_3_VERSION) { + || (alg_a & SSL_aECDSA) + || c->min_tls >= TLS1_3_VERSION) { ret = 1; break; } @@ -144,7 +144,7 @@ static int use_ecc(SSL *s, int min_version, int max_version) uint16_t ctmp = pgroups[j]; if (tls_valid_group(s, ctmp, min_version, max_version, 1, NULL) - && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) + && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) return 1; } @@ -152,8 +152,8 @@ static int use_ecc(SSL *s, int min_version, int max_version) } EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { const unsigned char *pformats; size_t num_formats; @@ -171,10 +171,10 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, tls1_get_formatlist(s, &pformats, &num_formats); if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats) - /* Sub-packet for formats extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, pformats, num_formats) - || !WPACKET_close(pkt)) { + /* Sub-packet for formats extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, pformats, num_formats) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -183,8 +183,8 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, } EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { const uint16_t *pgroups = NULL; size_t num_groups = 0, i, tls13added = 0, added = 0; @@ -201,7 +201,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, * if we don't have EC support then we don't send this extension. */ if (!use_ecc(s, min_version, max_version) - && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION)) + && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION)) return EXT_RETURN_NOT_SENT; /* @@ -210,10 +210,10 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, tls1_get_supported_groups(s, &pgroups, &num_groups); if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups) - /* Sub-packet for supported_groups extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)) { + /* Sub-packet for supported_groups extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -223,7 +223,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, int okfortls13; if (tls_valid_group(s, ctmp, min_version, max_version, 0, &okfortls13) - && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { + && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { if (!WPACKET_put_bytes_u16(pkt, ctmp)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -236,7 +236,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { if (added == 0) SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_GROUPS, - "No groups enabled for max supported SSL/TLS version"); + "No groups enabled for max supported SSL/TLS version"); else SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -244,7 +244,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, if (tls13added == 0 && max_version == TLS1_3_VERSION) { SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_GROUPS, - "No groups enabled for max supported SSL/TLS version"); + "No groups enabled for max supported SSL/TLS version"); return EXT_RETURN_FAIL; } @@ -252,8 +252,8 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, } EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { size_t ticklen; @@ -261,11 +261,11 @@ EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; if (!s->new_session && s->session != NULL - && s->session->ext.tick != NULL - && s->session->ssl_version != TLS1_3_VERSION) { + && s->session->ext.tick != NULL + && s->session->ssl_version != TLS1_3_VERSION) { ticklen = s->session->ext.ticklen; } else if (s->session && s->ext.session_ticket != NULL - && s->ext.session_ticket->data != NULL) { + && s->ext.session_ticket->data != NULL) { ticklen = s->ext.session_ticket->length; s->session->ext.tick = OPENSSL_malloc(ticklen); if (s->session->ext.tick == NULL) { @@ -273,18 +273,17 @@ EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, return EXT_RETURN_FAIL; } memcpy(s->session->ext.tick, - s->ext.session_ticket->data, ticklen); + s->ext.session_ticket->data, ticklen); s->session->ext.ticklen = ticklen; } else { ticklen = 0; } - if (ticklen == 0 && s->ext.session_ticket != NULL && - s->ext.session_ticket->data == NULL) + if (ticklen == 0 && s->ext.session_ticket != NULL && s->ext.session_ticket->data == NULL) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket) - || !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, ticklen)) { + || !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, ticklen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -293,8 +292,8 @@ EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, } EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { size_t salglen; const uint16_t *salg; @@ -304,13 +303,13 @@ EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, salglen = tls12_get_psigalgs(s, 1, &salg); if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signature_algorithms) - /* Sub-packet for sig-algs extension */ - || !WPACKET_start_sub_packet_u16(pkt) - /* Sub-packet for the actual list */ - || !WPACKET_start_sub_packet_u16(pkt) - || !tls12_copy_sigalgs(s, pkt, salg, salglen) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + /* Sub-packet for sig-algs extension */ + || !WPACKET_start_sub_packet_u16(pkt) + /* Sub-packet for the actual list */ + || !WPACKET_start_sub_packet_u16(pkt) + || !tls12_copy_sigalgs(s, pkt, salg, salglen) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -320,8 +319,8 @@ EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, #ifndef OPENSSL_NO_OCSP EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { int i; @@ -333,11 +332,11 @@ EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request) - /* Sub-packet for status request extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u8(pkt, TLSEXT_STATUSTYPE_ocsp) - /* Sub-packet for the ids */ - || !WPACKET_start_sub_packet_u16(pkt)) { + /* Sub-packet for status request extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, TLSEXT_STATUSTYPE_ocsp) + /* Sub-packet for the ids */ + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -347,15 +346,15 @@ EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, int idlen = i2d_OCSP_RESPID(id, NULL); if (idlen <= 0 - /* Sub-packet for an individual id */ - || !WPACKET_sub_allocate_bytes_u16(pkt, idlen, &idbytes) - || i2d_OCSP_RESPID(id, &idbytes) != idlen) { + /* Sub-packet for an individual id */ + || !WPACKET_sub_allocate_bytes_u16(pkt, idlen, &idbytes) + || i2d_OCSP_RESPID(id, &idbytes) != idlen) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } } if (!WPACKET_close(pkt) - || !WPACKET_start_sub_packet_u16(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -368,11 +367,11 @@ EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, return EXT_RETURN_FAIL; } if (!WPACKET_allocate_bytes(pkt, extlen, &extbytes) - || i2d_X509_EXTENSIONS(s->ext.ocsp.exts, &extbytes) - != extlen) { + || i2d_X509_EXTENSIONS(s->ext.ocsp.exts, &extbytes) + != extlen) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; - } + } } if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -385,7 +384,7 @@ EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, #ifndef OPENSSL_NO_NEXTPROTONEG EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (s->ctx->ext.npn_select_cb == NULL || !SSL_IS_FIRST_HANDSHAKE(s)) return EXT_RETURN_NOT_SENT; @@ -395,7 +394,7 @@ EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, * for Next Protocol Negotiation */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -405,7 +404,7 @@ EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, #endif EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { s->s3.alpn_sent = 0; @@ -413,11 +412,11 @@ EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, - TLSEXT_TYPE_application_layer_protocol_negotiation) - /* Sub-packet ALPN extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u16(pkt, s->ext.alpn, s->ext.alpn_len) - || !WPACKET_close(pkt)) { + TLSEXT_TYPE_application_layer_protocol_negotiation) + /* Sub-packet ALPN extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u16(pkt, s->ext.alpn, s->ext.alpn_len) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -426,11 +425,10 @@ EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, return EXT_RETURN_SENT; } - #ifndef OPENSSL_NO_SRTP EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(s); int i, end; @@ -439,18 +437,17 @@ EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp) - /* Sub-packet for SRTP extension */ - || !WPACKET_start_sub_packet_u16(pkt) - /* Sub-packet for the protection profile list */ - || !WPACKET_start_sub_packet_u16(pkt)) { + /* Sub-packet for SRTP extension */ + || !WPACKET_start_sub_packet_u16(pkt) + /* Sub-packet for the protection profile list */ + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } end = sk_SRTP_PROTECTION_PROFILE_num(clnt); for (i = 0; i < end; i++) { - const SRTP_PROTECTION_PROFILE *prof = - sk_SRTP_PROTECTION_PROFILE_value(clnt, i); + const SRTP_PROTECTION_PROFILE *prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); if (prof == NULL || !WPACKET_put_bytes_u16(pkt, prof->id)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -458,9 +455,9 @@ EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, } } if (!WPACKET_close(pkt) - /* Add an empty use_mki value */ - || !WPACKET_put_bytes_u8(pkt, 0) - || !WPACKET_close(pkt)) { + /* Add an empty use_mki value */ + || !WPACKET_put_bytes_u8(pkt, 0) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -470,13 +467,13 @@ EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, #endif EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -486,7 +483,7 @@ EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context, #ifndef OPENSSL_NO_CT EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (s->ct_validation_callback == NULL) return EXT_RETURN_NOT_SENT; @@ -496,7 +493,7 @@ EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signed_certificate_timestamp) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -506,13 +503,13 @@ EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context, #endif EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -521,8 +518,8 @@ EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context, } EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { int currv, min_version, max_version, reason; @@ -540,8 +537,8 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u8(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -564,19 +561,19 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, * Construct a psk_kex_modes extension. */ EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 int nodhe = s->options & SSL_OP_ALLOW_NO_DHE_KEX; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk_kex_modes) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u8(pkt) - || !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE_DHE) - || (nodhe && !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE)) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt) + || !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE_DHE) + || (nodhe && !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE)) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -615,7 +612,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) /* Encode the public key. */ encodedlen = EVP_PKEY_get1_encoded_public_key(key_share_key, - &encoded_point); + &encoded_point); if (encodedlen == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EC_LIB); goto err; @@ -623,7 +620,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) /* Create KeyShareEntry */ if (!WPACKET_put_bytes_u16(pkt, curve_id) - || !WPACKET_sub_memcpy_u16(pkt, encoded_point, encodedlen)) { + || !WPACKET_sub_memcpy_u16(pkt, encoded_point, encodedlen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -638,7 +635,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) OPENSSL_free(encoded_point); return 1; - err: +err: if (s->s3.tmp.pkey == NULL) EVP_PKEY_free(key_share_key); OPENSSL_free(encoded_point); @@ -647,8 +644,8 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) #endif EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 size_t i, num_groups = 0; @@ -657,10 +654,10 @@ EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, /* key_share extension */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) - /* Extension data sub-packet */ - || !WPACKET_start_sub_packet_u16(pkt) - /* KeyShare list sub-packet */ - || !WPACKET_start_sub_packet_u16(pkt)) { + /* Extension data sub-packet */ + || !WPACKET_start_sub_packet_u16(pkt) + /* KeyShare list sub-packet */ + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -680,7 +677,7 @@ EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, continue; if (!tls_valid_group(s, pgroups[i], TLS1_3_VERSION, TLS1_3_VERSION, - 0, NULL)) + 0, NULL)) continue; curve_id = pgroups[i]; @@ -709,7 +706,7 @@ EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, } EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { EXT_RETURN ret = EXT_RETURN_FAIL; @@ -718,17 +715,17 @@ EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie) - /* Extension data sub-packet */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u16(pkt, s->ext.tls13_cookie, - s->ext.tls13_cookie_len) - || !WPACKET_close(pkt)) { + /* Extension data sub-packet */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u16(pkt, s->ext.tls13_cookie, + s->ext.tls13_cookie_len) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto end; } ret = EXT_RETURN_SENT; - end: +end: OPENSSL_free(s->ext.tls13_cookie); s->ext.tls13_cookie = NULL; s->ext.tls13_cookie_len = 0; @@ -737,12 +734,12 @@ EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context, } EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { #ifndef OPENSSL_NO_PSK char identity[PSK_MAX_IDENTITY_LEN + 1]; -#endif /* OPENSSL_NO_PSK */ +#endif /* OPENSSL_NO_PSK */ const unsigned char *id = NULL; size_t idlen = 0; SSL_SESSION *psksess = NULL; @@ -753,9 +750,9 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, handmd = ssl_handshake_md(s); if (s->psk_use_session_cb != NULL - && (!s->psk_use_session_cb(s, handmd, &id, &idlen, &psksess) - || (psksess != NULL - && psksess->ssl_version != TLS1_3_VERSION))) { + && (!s->psk_use_session_cb(s, handmd, &id, &idlen, &psksess) + || (psksess != NULL + && psksess->ssl_version != TLS1_3_VERSION))) { SSL_SESSION_free(psksess); SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_PSK); return EXT_RETURN_FAIL; @@ -768,7 +765,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, memset(identity, 0, sizeof(identity)); psklen = s->psk_client_callback(s, NULL, identity, sizeof(identity) - 1, - psk, sizeof(psk)); + psk, sizeof(psk)); if (psklen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_INTERNAL_ERROR); @@ -796,9 +793,9 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, psksess = SSL_SESSION_new(); if (psksess == NULL - || !SSL_SESSION_set1_master_key(psksess, psk, psklen) - || !SSL_SESSION_set_cipher(psksess, cipher) - || !SSL_SESSION_set_protocol_version(psksess, TLS1_3_VERSION)) { + || !SSL_SESSION_set1_master_key(psksess, psk, psklen) + || !SSL_SESSION_set_cipher(psksess, cipher) + || !SSL_SESSION_set_protocol_version(psksess, TLS1_3_VERSION)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); OPENSSL_cleanse(psk, psklen); return EXT_RETURN_FAIL; @@ -806,7 +803,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, OPENSSL_cleanse(psk, psklen); } } -#endif /* OPENSSL_NO_PSK */ +#endif /* OPENSSL_NO_PSK */ SSL_SESSION_free(s->psksession); s->psksession = psksess; @@ -822,8 +819,8 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, } if (s->early_data_state != SSL_EARLY_DATA_CONNECTING - || (s->session->ext.max_early_data == 0 - && (psksess == NULL || psksess->ext.max_early_data == 0))) { + || (s->session->ext.max_early_data == 0 + && (psksess == NULL || psksess->ext.max_early_data == 0))) { s->max_early_data = 0; return EXT_RETURN_NOT_SENT; } @@ -832,10 +829,10 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, if (edsess->ext.hostname != NULL) { if (s->ext.hostname == NULL - || (s->ext.hostname != NULL - && strcmp(s->ext.hostname, edsess->ext.hostname) != 0)) { + || (s->ext.hostname != NULL + && strcmp(s->ext.hostname, edsess->ext.hostname) != 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_INCONSISTENT_EARLY_DATA_SNI); + SSL_R_INCONSISTENT_EARLY_DATA_SNI); return EXT_RETURN_FAIL; } } @@ -859,21 +856,21 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, } while (PACKET_get_length_prefixed_1(&prots, &alpnpkt)) { if (PACKET_equal(&alpnpkt, edsess->ext.alpn_selected, - edsess->ext.alpn_selected_len)) { + edsess->ext.alpn_selected_len)) { found = 1; break; } } if (!found) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_INCONSISTENT_EARLY_DATA_ALPN); + SSL_R_INCONSISTENT_EARLY_DATA_ALPN); return EXT_RETURN_FAIL; } } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -888,8 +885,8 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -#define F5_WORKAROUND_MIN_MSG_LEN 0xff -#define F5_WORKAROUND_MAX_MSG_LEN 0x200 +#define F5_WORKAROUND_MIN_MSG_LEN 0xff +#define F5_WORKAROUND_MAX_MSG_LEN 0x200 /* * PSK pre binder overhead = @@ -906,8 +903,8 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, #define PSK_PRE_BINDER_OVERHEAD (2 + 2 + 2 + 2 + 4 + 2 + 1) EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { unsigned char *padbytes; size_t hlen; @@ -931,8 +928,8 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, * extension, so we need to calculate how long it is going to be. */ if (s->session->ssl_version == TLS1_3_VERSION - && s->session->ext.ticklen != 0 - && s->session->cipher != NULL) { + && s->session->ext.ticklen != 0 + && s->session->cipher != NULL) { const EVP_MD *md = ssl_md(s->ctx, s->session->cipher->algorithm2); if (md != NULL) { @@ -940,8 +937,8 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, * Add the fixed PSK overhead, the identity length and the binder * length. */ - hlen += PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen - + EVP_MD_get_size(md); + hlen += PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen + + EVP_MD_get_size(md); } } @@ -961,7 +958,7 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, hlen = 1; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_padding) - || !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) { + || !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -975,7 +972,7 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, * Construct the pre_shared_key extension */ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 uint32_t agesec, agems = 0; @@ -997,7 +994,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, * so don't add this extension. */ if (s->session->ssl_version != TLS1_3_VERSION - || (s->session->ext.ticklen == 0 && s->psksession == NULL)) + || (s->session->ext.ticklen == 0 && s->psksession == NULL)) return EXT_RETURN_NOT_SENT; if (s->hello_retry_request == SSL_HRR_PENDING) @@ -1076,7 +1073,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, dores = 1; } - dopsksess: +dopsksess: if (!dores && s->psksession == NULL) return EXT_RETURN_NOT_SENT; @@ -1105,16 +1102,16 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, /* Create the extension, but skip over the binder for now */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } if (dores) { if (!WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, - s->session->ext.ticklen) - || !WPACKET_put_bytes_u32(pkt, agems)) { + s->session->ext.ticklen) + || !WPACKET_put_bytes_u32(pkt, agems)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1122,8 +1119,8 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, if (s->psksession != NULL) { if (!WPACKET_sub_memcpy_u16(pkt, s->psksession_id, - s->psksession_id_len) - || !WPACKET_put_bytes_u32(pkt, 0)) { + s->psksession_id_len) + || !WPACKET_put_bytes_u32(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1131,20 +1128,20 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, } if (!WPACKET_close(pkt) - || !WPACKET_get_total_written(pkt, &binderoffset) - || !WPACKET_start_sub_packet_u16(pkt) - || (dores - && !WPACKET_sub_allocate_bytes_u8(pkt, reshashsize, &resbinder)) - || (s->psksession != NULL - && !WPACKET_sub_allocate_bytes_u8(pkt, pskhashsize, &pskbinder)) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt) - || !WPACKET_get_total_written(pkt, &msglen) - /* - * We need to fill in all the sub-packet lengths now so we can - * calculate the HMAC of the message up to the binders - */ - || !WPACKET_fill_lengths(pkt)) { + || !WPACKET_get_total_written(pkt, &binderoffset) + || !WPACKET_start_sub_packet_u16(pkt) + || (dores + && !WPACKET_sub_allocate_bytes_u8(pkt, reshashsize, &resbinder)) + || (s->psksession != NULL + && !WPACKET_sub_allocate_bytes_u8(pkt, pskhashsize, &pskbinder)) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt) + || !WPACKET_get_total_written(pkt, &msglen) + /* + * We need to fill in all the sub-packet lengths now so we can + * calculate the HMAC of the message up to the binders + */ + || !WPACKET_fill_lengths(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1152,15 +1149,17 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, msgstart = WPACKET_get_curr(pkt) - msglen; if (dores - && tls_psk_do_binder(s, mdres, msgstart, binderoffset, NULL, - resbinder, s->session, 1, 0) != 1) { + && tls_psk_do_binder(s, mdres, msgstart, binderoffset, NULL, + resbinder, s->session, 1, 0) + != 1) { /* SSLfatal() already called */ return EXT_RETURN_FAIL; } if (s->psksession != NULL - && tls_psk_do_binder(s, mdpsk, msgstart, binderoffset, NULL, - pskbinder, s->psksession, 1, 1) != 1) { + && tls_psk_do_binder(s, mdpsk, msgstart, binderoffset, NULL, + pskbinder, s->psksession, 1, 1) + != 1) { /* SSLfatal() already called */ return EXT_RETURN_FAIL; } @@ -1172,9 +1171,9 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, } EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, - ossl_unused unsigned int context, - ossl_unused X509 *x, - ossl_unused size_t chainidx) + ossl_unused unsigned int context, + ossl_unused X509 *x, + ossl_unused size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 if (!s->pha_enabled) @@ -1182,8 +1181,8 @@ EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, /* construct extension - 0 length, no contents */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_post_handshake_auth) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1196,12 +1195,11 @@ EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, #endif } - /* * Parse the server's renegotiation binding and abort if it's not right */ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { size_t expected_len = s->s3.previous_client_finished_len + s->s3.previous_server_finished_len; @@ -1210,9 +1208,9 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, /* Check for logic errors */ if (!ossl_assert(expected_len == 0 - || s->s3.previous_client_finished_len != 0) + || s->s3.previous_client_finished_len != 0) || !ossl_assert(expected_len == 0 - || s->s3.previous_server_finished_len != 0)) { + || s->s3.previous_server_finished_len != 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1237,14 +1235,16 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, if (!PACKET_get_bytes(pkt, &data, s->s3.previous_client_finished_len) || memcmp(data, s->s3.previous_client_finished, - s->s3.previous_client_finished_len) != 0) { + s->s3.previous_client_finished_len) + != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_RENEGOTIATION_MISMATCH); return 0; } if (!PACKET_get_bytes(pkt, &data, s->s3.previous_server_finished_len) || memcmp(data, s->s3.previous_server_finished, - s->s3.previous_server_finished_len) != 0) { + s->s3.previous_server_finished_len) + != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_RENEGOTIATION_MISMATCH); return 0; } @@ -1255,7 +1255,7 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, /* Parse the server's max fragment len extension packet */ int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { unsigned int value; @@ -1267,7 +1267,7 @@ int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, /* |value| should contains a valid max-fragment-length code. */ if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } @@ -1279,7 +1279,7 @@ int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, */ if (value != s->ext.max_fragment_len_mode) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } @@ -1293,7 +1293,7 @@ int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, } int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (s->ext.hostname == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1321,7 +1321,7 @@ int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, } int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { size_t ecpointformats_len; PACKET ecptformatlist; @@ -1349,8 +1349,8 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, s->ext.peer_ecpointformats_len = ecpointformats_len; if (!PACKET_copy_bytes(&ecptformatlist, - s->ext.peer_ecpointformats, - ecpointformats_len)) { + s->ext.peer_ecpointformats, + ecpointformats_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1360,12 +1360,9 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, } int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { - if (s->ext.session_ticket_cb != NULL && - !s->ext.session_ticket_cb(s, PACKET_data(pkt), - PACKET_remaining(pkt), - s->ext.session_ticket_cb_arg)) { + if (s->ext.session_ticket_cb != NULL && !s->ext.session_ticket_cb(s, PACKET_data(pkt), PACKET_remaining(pkt), s->ext.session_ticket_cb_arg)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); return 0; } @@ -1386,7 +1383,7 @@ int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context, #ifndef OPENSSL_NO_OCSP int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) { /* We ignore this if the server sends a CertificateRequest */ @@ -1424,10 +1421,9 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, } #endif - #ifndef OPENSSL_NO_CT int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) { /* We ignore this if the server sends it in a CertificateRequest */ @@ -1461,23 +1457,25 @@ int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } } else { ENDPOINT role = (context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0 - ? ENDPOINT_CLIENT : ENDPOINT_BOTH; + ? ENDPOINT_CLIENT + : ENDPOINT_BOTH; /* * If we didn't ask for it then there must be a custom extension, * otherwise this is unsolicited. */ if (custom_ext_find(&s->cert->custext, role, - TLSEXT_TYPE_signed_certificate_timestamp, - NULL) == NULL) { + TLSEXT_TYPE_signed_certificate_timestamp, + NULL) + == NULL) { SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION); return 0; } if (!custom_ext_parse(s, context, - TLSEXT_TYPE_signed_certificate_timestamp, - PACKET_data(pkt), PACKET_remaining(pkt), - x, chainidx)) { + TLSEXT_TYPE_signed_certificate_timestamp, + PACKET_data(pkt), PACKET_remaining(pkt), + x, chainidx)) { /* SSLfatal already called */ return 0; } @@ -1487,7 +1485,6 @@ int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } #endif - #ifndef OPENSSL_NO_NEXTPROTONEG /* * ssl_next_proto_validate validates a Next Protocol Negotiation block. No @@ -1510,7 +1507,7 @@ static int ssl_next_proto_validate(SSL *s, PACKET *pkt) } int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { unsigned char *selected; unsigned char selected_len; @@ -1533,11 +1530,11 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } if (s->ctx->ext.npn_select_cb(s, &selected, &selected_len, - PACKET_data(pkt), - PACKET_remaining(pkt), - s->ctx->ext.npn_select_cb_arg) != - SSL_TLSEXT_ERR_OK - || selected_len == 0) { + PACKET_data(pkt), + PACKET_remaining(pkt), + s->ctx->ext.npn_select_cb_arg) + != SSL_TLSEXT_ERR_OK + || selected_len == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); return 0; } @@ -1563,7 +1560,7 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, #endif int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { size_t len; PACKET confpkt, protpkt; @@ -1622,9 +1619,9 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->s3.alpn_selected_len = len; if (s->session->ext.alpn_selected == NULL - || s->session->ext.alpn_selected_len != len - || memcmp(s->session->ext.alpn_selected, s->s3.alpn_selected, len) - != 0) { + || s->session->ext.alpn_selected_len != len + || memcmp(s->session->ext.alpn_selected, s->s3.alpn_selected, len) + != 0) { /* ALPN not consistent with the old session so cannot use early_data */ s->ext.early_data_ok = 0; } @@ -1637,8 +1634,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } - s->session->ext.alpn_selected = - OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); + s->session->ext.alpn_selected = OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { s->session->ext.alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1652,7 +1648,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, #ifndef OPENSSL_NO_SRTP int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { unsigned int id, ct, mki; int i; @@ -1660,11 +1656,11 @@ int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, SRTP_PROTECTION_PROFILE *prof; if (!PACKET_get_net_2(pkt, &ct) || ct != 2 - || !PACKET_get_net_2(pkt, &id) - || !PACKET_get_1(pkt, &mki) - || PACKET_remaining(pkt) != 0) { + || !PACKET_get_net_2(pkt, &id) + || !PACKET_get_1(pkt, &mki) + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); return 0; } @@ -1695,29 +1691,29 @@ int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); return 0; } #endif int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { /* Ignore if inappropriate ciphersuite */ if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) - && s->s3.tmp.new_cipher->algorithm_mac != SSL_AEAD - && s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4 - && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT - && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12 - && s->s3.tmp.new_cipher->algorithm_enc != SSL_MAGMA - && s->s3.tmp.new_cipher->algorithm_enc != SSL_KUZNYECHIK) + && s->s3.tmp.new_cipher->algorithm_mac != SSL_AEAD + && s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4 + && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT + && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12 + && s->s3.tmp.new_cipher->algorithm_enc != SSL_MAGMA + && s->s3.tmp.new_cipher->algorithm_enc != SSL_KUZNYECHIK) s->ext.use_etm = 1; return 1; } int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) return 1; @@ -1729,12 +1725,12 @@ int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { unsigned int version; if (!PACKET_get_net_2(pkt, &version) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -1745,7 +1741,7 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, */ if (version != TLS1_3_VERSION) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_BAD_PROTOCOL_VERSION_NUMBER); + SSL_R_BAD_PROTOCOL_VERSION_NUMBER); return 0; } @@ -1760,7 +1756,7 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, } int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned int group_id; @@ -1804,9 +1800,9 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, break; } if (i >= num_groups - || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) - || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, - 0, NULL)) { + || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) + || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, + 0, NULL)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); return 0; } @@ -1854,7 +1850,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } if (!PACKET_as_length_prefixed_2(pkt, &encoded_pt) - || PACKET_remaining(&encoded_pt) == 0) { + || PACKET_remaining(&encoded_pt) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -1869,7 +1865,8 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } if (tls13_set_encoded_pub_key(skey, PACKET_data(&encoded_pt), - PACKET_remaining(&encoded_pt)) <= 0) { + PACKET_remaining(&encoded_pt)) + <= 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT); EVP_PKEY_free(skey); return 0; @@ -1898,13 +1895,13 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { PACKET cookie; if (!PACKET_as_length_prefixed_2(pkt, &cookie) - || !PACKET_memdup(&cookie, &s->ext.tls13_cookie, - &s->ext.tls13_cookie_len)) { + || !PACKET_memdup(&cookie, &s->ext.tls13_cookie, + &s->ext.tls13_cookie_len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -1913,13 +1910,13 @@ int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) { unsigned long max_early_data; if (!PACKET_get_net_4(pkt, &max_early_data) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_INVALID_MAX_EARLY_DATA); return 0; } @@ -1935,7 +1932,7 @@ int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, } if (!s->ext.early_data_ok - || !s->hit) { + || !s->hit) { /* * If we get here then we didn't send early data, or we didn't resume * using the first identity, or the SNI/ALPN is not consistent so the @@ -1951,7 +1948,7 @@ int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, } int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned int identity; @@ -1990,9 +1987,9 @@ int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * early_secret across that we generated earlier. */ if ((s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY - && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) - || s->session->ext.max_early_data > 0 - || s->psksession->ext.max_early_data == 0) + && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) + || s->session->ext.max_early_data > 0 + || s->psksession->ext.max_early_data == 0) memcpy(s->early_secret, s->psksession->early_secret, EVP_MAX_MD_SIZE); SSL_SESSION_free(s->session); diff --git a/ssl/statem/extensions_cust.c b/ssl/statem/extensions_cust.c index d75ee7df662b..f8766f90d04e 100644 --- a/ssl/statem/extensions_cust.c +++ b/ssl/statem/extensions_cust.c @@ -29,10 +29,10 @@ typedef struct { * Provide thin wrapper callbacks which convert new style arguments to old style */ static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char **out, - size_t *outlen, X509 *x, size_t chainidx, - int *al, void *add_arg) + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, size_t chainidx, + int *al, void *add_arg) { custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg; @@ -40,12 +40,12 @@ static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type, return 1; return add_cb_wrap->add_cb(s, ext_type, out, outlen, al, - add_cb_wrap->add_arg); + add_cb_wrap->add_arg); } static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char *out, void *add_arg) + unsigned int context, + const unsigned char *out, void *add_arg) { custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg; @@ -56,19 +56,18 @@ static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type, } static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char *in, - size_t inlen, X509 *x, size_t chainidx, - int *al, void *parse_arg) + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, size_t chainidx, + int *al, void *parse_arg) { - custom_ext_parse_cb_wrap *parse_cb_wrap = - (custom_ext_parse_cb_wrap *)parse_arg; + custom_ext_parse_cb_wrap *parse_cb_wrap = (custom_ext_parse_cb_wrap *)parse_arg; if (parse_cb_wrap->parse_cb == NULL) return 1; return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al, - parse_cb_wrap->parse_arg); + parse_cb_wrap->parse_arg); } /* @@ -79,16 +78,16 @@ static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type, * client, or ENDPOINT_BOTH for either */ custom_ext_method *custom_ext_find(const custom_ext_methods *exts, - ENDPOINT role, unsigned int ext_type, - size_t *idx) + ENDPOINT role, unsigned int ext_type, + size_t *idx) { size_t i; custom_ext_method *meth = exts->meths; for (i = 0; i < exts->meths_count; i++, meth++) { if (ext_type == meth->ext_type - && (role == ENDPOINT_BOTH || role == meth->role - || meth->role == ENDPOINT_BOTH)) { + && (role == ENDPOINT_BOTH || role == meth->role + || meth->role == ENDPOINT_BOTH)) { if (idx != NULL) *idx = i; return meth; @@ -111,8 +110,8 @@ void custom_ext_init(custom_ext_methods *exts) /* Pass received custom extension data to the application for parsing. */ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, - const unsigned char *ext_data, size_t ext_size, X509 *x, - size_t chainidx) + const unsigned char *ext_data, size_t ext_size, X509 *x, + size_t chainidx) { int al; custom_ext_methods *exts = &s->cert->custext; @@ -131,9 +130,7 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, if (!extension_is_relevant(s, meth->context, context)) return 1; - if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) { + if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) { /* * If it's ServerHello or EncryptedExtensions we can't have any * extensions not sent in ClientHello. @@ -150,7 +147,7 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, * extensions in the response messages */ if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST)) - != 0) + != 0) meth->ext_flags |= SSL_EXT_FLAG_RECEIVED; /* If no parse function set return success */ @@ -158,7 +155,8 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, return 1; if (meth->parse_cb(s, ext_type, context, ext_data, ext_size, x, chainidx, - &al, meth->parse_arg) <= 0) { + &al, meth->parse_arg) + <= 0) { SSLfatal(s, al, SSL_R_BAD_EXTENSION); return 0; } @@ -171,7 +169,7 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, * buffer. */ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, - int maxversion) + int maxversion) { custom_ext_methods *exts = &s->cert->custext; custom_ext_method *meth; @@ -187,11 +185,7 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, if (!should_add_extension(s, meth->context, context, maxversion)) continue; - if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - | SSL_EXT_TLS1_3_CERTIFICATE - | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) { + if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) { /* Only send extensions present in ClientHello/CertificateRequest */ if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED)) continue; @@ -205,21 +199,21 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, if (meth->add_cb != NULL) { int cb_retval = meth->add_cb(s, meth->ext_type, context, &out, - &outlen, x, chainidx, &al, - meth->add_arg); + &outlen, x, chainidx, &al, + meth->add_arg); if (cb_retval < 0) { SSLfatal(s, al, SSL_R_CALLBACK_FAILED); - return 0; /* error */ + return 0; /* error */ } if (cb_retval == 0) - continue; /* skip this extension */ + continue; /* skip this extension */ } if (!WPACKET_put_bytes_u16(pkt, meth->ext_type) - || !WPACKET_start_sub_packet_u16(pkt) - || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen)) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen)) + || !WPACKET_close(pkt)) { if (meth->free_cb != NULL) meth->free_cb(s, meth->ext_type, context, out, meth->add_arg); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -232,7 +226,7 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) { if (meth->free_cb != NULL) meth->free_cb(s, meth->ext_type, context, out, - meth->add_arg); + meth->add_arg); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -251,14 +245,14 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, /* Copy the flags from src to dst for any extensions that exist in both */ int custom_exts_copy_flags(custom_ext_methods *dst, - const custom_ext_methods *src) + const custom_ext_methods *src) { size_t i; custom_ext_method *methsrc = src->meths; for (i = 0; i < src->meths_count; i++, methsrc++) { custom_ext_method *methdst = custom_ext_find(dst, methsrc->role, - methsrc->ext_type, NULL); + methsrc->ext_type, NULL); if (methdst == NULL) continue; @@ -276,9 +270,8 @@ int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src) int err = 0; if (src->meths_count > 0) { - dst->meths = - OPENSSL_memdup(src->meths, - sizeof(*src->meths) * src->meths_count); + dst->meths = OPENSSL_memdup(src->meths, + sizeof(*src->meths) * src->meths_count); if (dst->meths == NULL) return 0; dst->meths_count = src->meths_count; @@ -302,9 +295,9 @@ int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src) } methdst->add_arg = OPENSSL_memdup(methsrc->add_arg, - sizeof(custom_ext_add_cb_wrap)); + sizeof(custom_ext_add_cb_wrap)); methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg, - sizeof(custom_ext_parse_cb_wrap)); + sizeof(custom_ext_parse_cb_wrap)); if (methdst->add_arg == NULL || methdst->parse_arg == NULL) err = 1; @@ -341,17 +334,18 @@ void custom_exts_free(custom_ext_methods *exts) int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type) { return custom_ext_find(&ctx->cert->custext, ENDPOINT_CLIENT, ext_type, - NULL) != NULL; + NULL) + != NULL; } static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role, - unsigned int ext_type, - unsigned int context, - SSL_custom_ext_add_cb_ex add_cb, - SSL_custom_ext_free_cb_ex free_cb, - void *add_arg, - SSL_custom_ext_parse_cb_ex parse_cb, - void *parse_arg) + unsigned int ext_type, + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, + void *parse_arg) { custom_ext_methods *exts = &ctx->cert->custext; custom_ext_method *meth, *tmp; @@ -370,8 +364,8 @@ static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role, * these two things may not play well together. */ if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp - && (context & SSL_EXT_CLIENT_HELLO) != 0 - && SSL_CTX_ct_is_enabled(ctx)) + && (context & SSL_EXT_CLIENT_HELLO) != 0 + && SSL_CTX_ct_is_enabled(ctx)) return 0; #endif @@ -380,7 +374,7 @@ static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role, * for extension types that previously were not supported, but now are. */ if (SSL_extension_supported(ext_type) - && ext_type != TLSEXT_TYPE_signed_certificate_timestamp) + && ext_type != TLSEXT_TYPE_signed_certificate_timestamp) return 0; /* Extension type must fit in 16 bits */ @@ -390,7 +384,7 @@ static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role, if (custom_ext_find(exts, role, ext_type, NULL)) return 0; tmp = OPENSSL_realloc(exts->meths, - (exts->meths_count + 1) * sizeof(custom_ext_method)); + (exts->meths_count + 1) * sizeof(custom_ext_method)); if (tmp == NULL) return 0; @@ -410,12 +404,12 @@ static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role, } static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role, - unsigned int ext_type, - unsigned int context, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg) + unsigned int ext_type, + unsigned int context, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg) { custom_ext_add_cb_wrap *add_cb_wrap = OPENSSL_malloc(sizeof(*add_cb_wrap)); @@ -436,12 +430,12 @@ static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role, parse_cb_wrap->parse_cb = parse_cb; ret = add_custom_ext_intern(ctx, role, ext_type, - context, - custom_ext_add_old_cb_wrap, - custom_ext_free_old_cb_wrap, - add_cb_wrap, - custom_ext_parse_old_cb_wrap, - parse_cb_wrap); + context, + custom_ext_add_old_cb_wrap, + custom_ext_free_old_cb_wrap, + add_cb_wrap, + custom_ext_parse_old_cb_wrap, + parse_cb_wrap); if (!ret) { OPENSSL_free(add_cb_wrap); @@ -453,42 +447,42 @@ static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role, /* Application level functions to add the old custom extension callbacks */ int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg) + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg) { return add_old_custom_ext(ctx, ENDPOINT_CLIENT, ext_type, - SSL_EXT_TLS1_2_AND_BELOW_ONLY - | SSL_EXT_CLIENT_HELLO - | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_IGNORE_ON_RESUMPTION, - add_cb, free_cb, add_arg, parse_cb, parse_arg); + SSL_EXT_TLS1_2_AND_BELOW_ONLY + | SSL_EXT_CLIENT_HELLO + | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_IGNORE_ON_RESUMPTION, + add_cb, free_cb, add_arg, parse_cb, parse_arg); } int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg) + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg) { return add_old_custom_ext(ctx, ENDPOINT_SERVER, ext_type, - SSL_EXT_TLS1_2_AND_BELOW_ONLY - | SSL_EXT_CLIENT_HELLO - | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_IGNORE_ON_RESUMPTION, - add_cb, free_cb, add_arg, parse_cb, parse_arg); + SSL_EXT_TLS1_2_AND_BELOW_ONLY + | SSL_EXT_CLIENT_HELLO + | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_IGNORE_ON_RESUMPTION, + add_cb, free_cb, add_arg, parse_cb, parse_arg); } int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - unsigned int context, - SSL_custom_ext_add_cb_ex add_cb, - SSL_custom_ext_free_cb_ex free_cb, - void *add_arg, - SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg) + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg) { return add_custom_ext_intern(ctx, ENDPOINT_BOTH, ext_type, context, add_cb, - free_cb, add_arg, parse_cb, parse_arg); + free_cb, add_arg, parse_cb, parse_arg); } int SSL_extension_supported(unsigned int ext_type) diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index b8d55e144cfc..2b586d61a39b 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -12,7 +12,7 @@ #include "statem_local.h" #include "internal/cryptlib.h" -#define COOKIE_STATE_FORMAT_VERSION 1 +#define COOKIE_STATE_FORMAT_VERSION 1 /* * 2 bytes for packet length, 2 bytes for format version, 2 bytes for @@ -22,7 +22,7 @@ * length bytes, SHA256_DIGEST_LENGTH bytes for the HMAC of the whole thing. */ #define MAX_COOKIE_SIZE (2 + 2 + 2 + 2 + 2 + 1 + 8 + 2 + EVP_MAX_MD_SIZE + 1 \ - + SSL_COOKIE_LENGTH + SHA256_DIGEST_LENGTH) + + SSL_COOKIE_LENGTH + SHA256_DIGEST_LENGTH) /* * Message header + 2 bytes for protocol version + number of random bytes + @@ -31,15 +31,15 @@ * + 2 bytes for extension block length + 6 bytes for key_share extension * + 4 bytes for cookie extension header + the number of bytes in the cookie */ -#define MAX_HRR_SIZE (SSL3_HM_HEADER_LENGTH + 2 + SSL3_RANDOM_SIZE + 1 \ - + SSL_MAX_SSL_SESSION_ID_LENGTH + 2 + 1 + 2 + 6 + 4 \ - + MAX_COOKIE_SIZE) +#define MAX_HRR_SIZE (SSL3_HM_HEADER_LENGTH + 2 + SSL3_RANDOM_SIZE + 1 \ + + SSL_MAX_SSL_SESSION_ID_LENGTH + 2 + 1 + 2 + 6 + 4 \ + + MAX_COOKIE_SIZE) /* * Parse the client's renegotiation binding and abort if it's not right */ int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { unsigned int ilen; const unsigned char *data; @@ -58,7 +58,7 @@ int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, } if (memcmp(data, s->s3.previous_client_finished, - s->s3.previous_client_finished_len)) { + s->s3.previous_client_finished_len)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_RENEGOTIATION_MISMATCH); return 0; } @@ -92,7 +92,7 @@ int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, * - On session reconnect, the servername extension may be absent. */ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { unsigned int servname_type; PACKET sni, hostname; @@ -157,14 +157,14 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, */ s->servername_done = (s->session->ext.hostname != NULL) && PACKET_equal(&hostname, s->session->ext.hostname, - strlen(s->session->ext.hostname)); + strlen(s->session->ext.hostname)); } return 1; } int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { unsigned int value; @@ -176,7 +176,7 @@ int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, /* Received |value| should be a valid max-fragment-length code. */ if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } @@ -206,12 +206,12 @@ int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, #ifndef OPENSSL_NO_SRP int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { PACKET srp_I; if (!PACKET_as_length_prefixed_1(pkt, &srp_I) - || PACKET_contains_zero_byte(&srp_I)) { + || PACKET_contains_zero_byte(&srp_I)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -226,7 +226,7 @@ int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, #endif int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { PACKET ec_point_format_list; @@ -238,8 +238,8 @@ int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, if (!s->hit) { if (!PACKET_memdup(&ec_point_format_list, - &s->ext.peer_ecpointformats, - &s->ext.peer_ecpointformats_len)) { + &s->ext.peer_ecpointformats, + &s->ext.peer_ecpointformats_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -249,12 +249,9 @@ int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, } int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { - if (s->ext.session_ticket_cb && - !s->ext.session_ticket_cb(s, PACKET_data(pkt), - PACKET_remaining(pkt), - s->ext.session_ticket_cb_arg)) { + if (s->ext.session_ticket_cb && !s->ext.session_ticket_cb(s, PACKET_data(pkt), PACKET_remaining(pkt), s->ext.session_ticket_cb_arg)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -263,14 +260,14 @@ int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, } int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, - ossl_unused unsigned int context, - ossl_unused X509 *x, - ossl_unused size_t chainidx) + ossl_unused unsigned int context, + ossl_unused X509 *x, + ossl_unused size_t chainidx) { PACKET supported_sig_algs; if (!PACKET_as_length_prefixed_2(pkt, &supported_sig_algs) - || PACKET_remaining(&supported_sig_algs) == 0) { + || PACKET_remaining(&supported_sig_algs) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -281,7 +278,7 @@ int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, * of whether it was a resumption or not. */ if ((!s->server || (s->server && !s->hit)) - && !tls1_save_sigalgs(s, &supported_sig_algs, 1)) { + && !tls1_save_sigalgs(s, &supported_sig_algs, 1)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -290,12 +287,12 @@ int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, } int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { PACKET supported_sig_algs; if (!PACKET_as_length_prefixed_2(pkt, &supported_sig_algs) - || PACKET_remaining(&supported_sig_algs) == 0) { + || PACKET_remaining(&supported_sig_algs) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -306,7 +303,7 @@ int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * of whether it was a resumption or not. */ if ((!s->server || (s->server && !s->hit)) - && !tls1_save_sigalgs(s, &supported_sig_algs, 0)) { + && !tls1_save_sigalgs(s, &supported_sig_algs, 0)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -316,7 +313,7 @@ int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x, #ifndef OPENSSL_NO_OCSP int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { PACKET responder_id_list, exts; @@ -341,7 +338,7 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, return 1; } - if (!PACKET_get_length_prefixed_2 (pkt, &responder_id_list)) { + if (!PACKET_get_length_prefixed_2(pkt, &responder_id_list)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -367,14 +364,14 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, const unsigned char *id_data; if (!PACKET_get_length_prefixed_2(&responder_id_list, &responder_id) - || PACKET_remaining(&responder_id) == 0) { + || PACKET_remaining(&responder_id) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } id_data = PACKET_data(&responder_id); id = d2i_OCSP_RESPID(NULL, &id_data, - (int)PACKET_remaining(&responder_id)); + (int)PACKET_remaining(&responder_id)); if (id == NULL) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; @@ -405,9 +402,8 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, const unsigned char *ext_data = PACKET_data(&exts); sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, - X509_EXTENSION_free); - s->ext.ocsp.exts = - d2i_X509_EXTENSIONS(NULL, &ext_data, (int)PACKET_remaining(&exts)); + X509_EXTENSION_free); + s->ext.ocsp.exts = d2i_X509_EXTENSIONS(NULL, &ext_data, (int)PACKET_remaining(&exts)); if (s->ext.ocsp.exts == NULL || ext_data != PACKET_end(&exts)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; @@ -420,7 +416,7 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, #ifndef OPENSSL_NO_NEXTPROTONEG int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { /* * We shouldn't accept this extension on a @@ -438,7 +434,7 @@ int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * extension, not including type and length. Returns: 1 on success, 0 on error. */ int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { PACKET protocol_list, save_protocol_list, protocol; @@ -455,7 +451,7 @@ int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, do { /* Protocol names can't be empty. */ if (!PACKET_get_length_prefixed_1(&protocol_list, &protocol) - || PACKET_remaining(&protocol) == 0) { + || PACKET_remaining(&protocol) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -465,7 +461,7 @@ int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->s3.alpn_proposed = NULL; s->s3.alpn_proposed_len = 0; if (!PACKET_memdup(&save_protocol_list, - &s->s3.alpn_proposed, &s->s3.alpn_proposed_len)) { + &s->s3.alpn_proposed, &s->s3.alpn_proposed_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -475,7 +471,7 @@ int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, #ifndef OPENSSL_NO_SRTP int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { STACK_OF(SRTP_PROTECTION_PROFILE) *srvr; unsigned int ct, mki_len, id; @@ -488,9 +484,9 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Pull off the length of the cipher suite list and check it is even */ if (!PACKET_get_net_2(pkt, &ct) || (ct & 1) != 0 - || !PACKET_get_sub_packet(pkt, &subpkt, ct)) { + || !PACKET_get_sub_packet(pkt, &subpkt, ct)) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); return 0; } @@ -502,7 +498,7 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, while (PACKET_remaining(&subpkt)) { if (!PACKET_get_net_2(&subpkt, &id)) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); return 0; } @@ -513,8 +509,7 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * does nothing. */ for (i = 0; i < srtp_pref; i++) { - SRTP_PROTECTION_PROFILE *sprof = - sk_SRTP_PROTECTION_PROFILE_value(srvr, i); + SRTP_PROTECTION_PROFILE *sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i); if (sprof->id == id) { s->srtp_profile = sprof; @@ -527,7 +522,7 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Now extract the MKI value as a sanity check, but discard it for now */ if (!PACKET_get_1(pkt, &mki_len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); return 0; } @@ -542,7 +537,7 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, #endif int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)) s->ext.use_etm = 1; @@ -555,14 +550,14 @@ int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * the raw PACKET data for the extension. Returns 1 on success or 0 on failure. */ int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 PACKET psk_kex_modes; unsigned int mode; if (!PACKET_as_length_prefixed_1(pkt, &psk_kex_modes) - || PACKET_remaining(&psk_kex_modes) == 0) { + || PACKET_remaining(&psk_kex_modes) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -571,7 +566,7 @@ int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context, if (mode == TLSEXT_KEX_MODE_KE_DHE) s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE_DHE; else if (mode == TLSEXT_KEX_MODE_KE - && (s->options & SSL_OP_ALLOW_NO_DHE_KEX) != 0) + && (s->options & SSL_OP_ALLOW_NO_DHE_KEX) != 0) s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE; } #endif @@ -584,7 +579,7 @@ int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context, * the raw PACKET data for the extension. Returns 1 on success or 0 on failure. */ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned int group_id; @@ -618,7 +613,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * extension. */ SSLfatal(s, SSL_AD_MISSING_EXTENSION, - SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION); + SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION); return 0; } @@ -634,8 +629,8 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, while (PACKET_remaining(&key_share_list) > 0) { if (!PACKET_get_net_2(&key_share_list, &group_id) - || !PACKET_get_length_prefixed_2(&key_share_list, &encoded_pt) - || PACKET_remaining(&encoded_pt) == 0) { + || !PACKET_get_length_prefixed_2(&key_share_list, &encoded_pt) + || PACKET_remaining(&encoded_pt) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -652,8 +647,8 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * we requested, and must be the only key_share sent. */ if (s->s3.group_id != 0 - && (group_id != s->s3.group_id - || PACKET_remaining(&key_share_list) != 0)) { + && (group_id != s->s3.group_id + || PACKET_remaining(&key_share_list) != 0)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); return 0; } @@ -666,20 +661,20 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Check if this share is for a group we can use */ if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1) - || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) - /* - * We tolerate but ignore a group id that we don't think is - * suitable for TLSv1.3 - */ - || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, - 0, NULL)) { + || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) + /* + * We tolerate but ignore a group id that we don't think is + * suitable for TLSv1.3 + */ + || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, + 0, NULL)) { /* Share not suitable */ continue; } if ((s->s3.peer_tmp = ssl_generate_param_group(s, group_id)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); + SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); return 0; } @@ -688,8 +683,9 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->session->kex_group = group_id; if (tls13_set_encoded_pub_key(s->s3.peer_tmp, - PACKET_data(&encoded_pt), - PACKET_remaining(&encoded_pt)) <= 0) { + PACKET_data(&encoded_pt), + PACKET_remaining(&encoded_pt)) + <= 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT); return 0; } @@ -702,7 +698,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned int format, version, key_share, group_id; @@ -718,7 +714,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Ignore any cookie if we're not set up to verify it */ if (s->ctx->verify_stateless_cookie_cb == NULL - || (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) + || (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) return 1; if (!PACKET_as_length_prefixed_2(pkt, &cookie)) { @@ -730,7 +726,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, data = PACKET_data(&raw); rawlen = PACKET_remaining(&raw); if (rawlen < SHA256_DIGEST_LENGTH - || !PACKET_forward(&raw, rawlen - SHA256_DIGEST_LENGTH)) { + || !PACKET_forward(&raw, rawlen - SHA256_DIGEST_LENGTH)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -739,9 +735,9 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Verify the HMAC of the cookie */ hctx = EVP_MD_CTX_create(); pkey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", - s->ctx->propq, - s->session_ctx->ext.cookie_hmac_key, - sizeof(s->session_ctx->ext.cookie_hmac_key)); + s->ctx->propq, + s->session_ctx->ext.cookie_hmac_key, + sizeof(s->session_ctx->ext.cookie_hmac_key)); if (hctx == NULL || pkey == NULL) { EVP_MD_CTX_free(hctx); EVP_PKEY_free(pkey); @@ -751,10 +747,12 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, hmaclen = SHA256_DIGEST_LENGTH; if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx, - s->ctx->propq, pkey, NULL) <= 0 - || EVP_DigestSign(hctx, hmac, &hmaclen, data, - rawlen - SHA256_DIGEST_LENGTH) <= 0 - || hmaclen != SHA256_DIGEST_LENGTH) { + s->ctx->propq, pkey, NULL) + <= 0 + || EVP_DigestSign(hctx, hmac, &hmaclen, data, + rawlen - SHA256_DIGEST_LENGTH) + <= 0 + || hmaclen != SHA256_DIGEST_LENGTH) { EVP_MD_CTX_free(hctx); EVP_PKEY_free(pkey); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -789,7 +787,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } if (version != TLS1_3_VERSION) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_BAD_PROTOCOL_VERSION_NUMBER); + SSL_R_BAD_PROTOCOL_VERSION_NUMBER); return 0; } @@ -804,8 +802,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } if (group_id != s->s3.group_id - || s->s3.tmp.new_cipher - != ssl_get_cipher_by_char(s, ciphdata, 0)) { + || s->s3.tmp.new_cipher + != ssl_get_cipher_by_char(s, ciphdata, 0)) { /* * We chose a different cipher or group id this time around to what is * in the cookie. Something must have changed. @@ -815,10 +813,10 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } if (!PACKET_get_1(&cookie, &key_share) - || !PACKET_get_net_8(&cookie, &tm) - || !PACKET_get_length_prefixed_2(&cookie, &chhash) - || !PACKET_get_length_prefixed_1(&cookie, &appcookie) - || PACKET_remaining(&cookie) != SHA256_DIGEST_LENGTH) { + || !PACKET_get_net_8(&cookie, &tm) + || !PACKET_get_length_prefixed_2(&cookie, &chhash) + || !PACKET_get_length_prefixed_1(&cookie, &appcookie) + || PACKET_remaining(&cookie) != SHA256_DIGEST_LENGTH) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -832,7 +830,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Verify the app cookie */ if (s->ctx->verify_stateless_cookie_cb(s, PACKET_data(&appcookie), - PACKET_remaining(&appcookie)) == 0) { + PACKET_remaining(&appcookie)) + == 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_COOKIE_MISMATCH); return 0; } @@ -847,45 +846,45 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } if (!WPACKET_put_bytes_u8(&hrrpkt, SSL3_MT_SERVER_HELLO) - || !WPACKET_start_sub_packet_u24(&hrrpkt) - || !WPACKET_put_bytes_u16(&hrrpkt, TLS1_2_VERSION) - || !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE) - || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id, - s->tmp_session_id_len) - || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, &hrrpkt, - &ciphlen) - || !WPACKET_put_bytes_u8(&hrrpkt, 0) - || !WPACKET_start_sub_packet_u16(&hrrpkt)) { + || !WPACKET_start_sub_packet_u24(&hrrpkt) + || !WPACKET_put_bytes_u16(&hrrpkt, TLS1_2_VERSION) + || !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE) + || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id, + s->tmp_session_id_len) + || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, &hrrpkt, + &ciphlen) + || !WPACKET_put_bytes_u8(&hrrpkt, 0) + || !WPACKET_start_sub_packet_u16(&hrrpkt)) { WPACKET_cleanup(&hrrpkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions) - || !WPACKET_start_sub_packet_u16(&hrrpkt) - || !WPACKET_put_bytes_u16(&hrrpkt, s->version) - || !WPACKET_close(&hrrpkt)) { + || !WPACKET_start_sub_packet_u16(&hrrpkt) + || !WPACKET_put_bytes_u16(&hrrpkt, s->version) + || !WPACKET_close(&hrrpkt)) { WPACKET_cleanup(&hrrpkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } if (key_share) { if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_key_share) - || !WPACKET_start_sub_packet_u16(&hrrpkt) - || !WPACKET_put_bytes_u16(&hrrpkt, s->s3.group_id) - || !WPACKET_close(&hrrpkt)) { + || !WPACKET_start_sub_packet_u16(&hrrpkt) + || !WPACKET_put_bytes_u16(&hrrpkt, s->s3.group_id) + || !WPACKET_close(&hrrpkt)) { WPACKET_cleanup(&hrrpkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } } if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_cookie) - || !WPACKET_start_sub_packet_u16(&hrrpkt) - || !WPACKET_sub_memcpy_u16(&hrrpkt, data, rawlen) - || !WPACKET_close(&hrrpkt) /* cookie extension */ - || !WPACKET_close(&hrrpkt) /* extension block */ - || !WPACKET_close(&hrrpkt) /* message */ - || !WPACKET_get_total_written(&hrrpkt, &hrrlen) - || !WPACKET_finish(&hrrpkt)) { + || !WPACKET_start_sub_packet_u16(&hrrpkt) + || !WPACKET_sub_memcpy_u16(&hrrpkt, data, rawlen) + || !WPACKET_close(&hrrpkt) /* cookie extension */ + || !WPACKET_close(&hrrpkt) /* extension block */ + || !WPACKET_close(&hrrpkt) /* message */ + || !WPACKET_get_total_written(&hrrpkt, &hrrlen) + || !WPACKET_finish(&hrrpkt)) { WPACKET_cleanup(&hrrpkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -893,8 +892,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Reconstruct the transcript hash */ if (!create_synthetic_message_hash(s, PACKET_data(&chhash), - PACKET_remaining(&chhash), hrr, - hrrlen)) { + PACKET_remaining(&chhash), hrr, + hrrlen)) { /* SSLfatal() already called */ return 0; } @@ -909,14 +908,14 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { PACKET supported_groups_list; /* Each group is 2 bytes and we must have at least 1. */ if (!PACKET_as_length_prefixed_2(pkt, &supported_groups_list) - || PACKET_remaining(&supported_groups_list) == 0 - || (PACKET_remaining(&supported_groups_list) % 2) != 0) { + || PACKET_remaining(&supported_groups_list) == 0 + || (PACKET_remaining(&supported_groups_list) % 2) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -926,8 +925,8 @@ int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, s->ext.peer_supportedgroups = NULL; s->ext.peer_supportedgroups_len = 0; if (!tls1_save_u16(&supported_groups_list, - &s->ext.peer_supportedgroups, - &s->ext.peer_supportedgroups_len)) { + &s->ext.peer_supportedgroups, + &s->ext.peer_supportedgroups_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -937,7 +936,7 @@ int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, } int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { /* The extension must always be empty */ if (PACKET_remaining(pkt) != 0) { @@ -953,9 +952,8 @@ int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 1; } - int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); @@ -971,25 +969,25 @@ int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, } static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick, - SSL_SESSION **sess) + SSL_SESSION **sess) { SSL_SESSION *tmpsess = NULL; s->ext.ticket_expected = 1; switch (PACKET_remaining(tick)) { - case 0: - return SSL_TICKET_EMPTY; + case 0: + return SSL_TICKET_EMPTY; - case SSL_MAX_SSL_SESSION_ID_LENGTH: - break; + case SSL_MAX_SSL_SESSION_ID_LENGTH: + break; - default: - return SSL_TICKET_NO_DECRYPT; + default: + return SSL_TICKET_NO_DECRYPT; } tmpsess = lookup_sess_in_cache(s, PACKET_data(tick), - SSL_MAX_SSL_SESSION_ID_LENGTH); + SSL_MAX_SSL_SESSION_ID_LENGTH); if (tmpsess == NULL) return SSL_TICKET_NO_DECRYPT; @@ -999,7 +997,7 @@ static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick, } int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) + size_t chainidx) { PACKET identities, binders, binder; size_t binderoffset, hashsize; @@ -1012,7 +1010,8 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * ignore this extension */ if ((s->ext.psk_kex_mode - & (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) == 0) + & (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) + == 0) return 1; if (!PACKET_get_length_prefixed_2(pkt, &identities)) { @@ -1027,23 +1026,23 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t idlen; if (!PACKET_get_length_prefixed_2(&identities, &identity) - || !PACKET_get_net_4(&identities, &ticket_agel)) { + || !PACKET_get_net_4(&identities, &ticket_agel)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } idlen = PACKET_remaining(&identity); if (s->psk_find_session_cb != NULL - && !s->psk_find_session_cb(s, PACKET_data(&identity), idlen, - &sess)) { + && !s->psk_find_session_cb(s, PACKET_data(&identity), idlen, + &sess)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_EXTENSION); return 0; } #ifndef OPENSSL_NO_PSK - if(sess == NULL - && s->psk_server_callback != NULL - && idlen <= PSK_MAX_IDENTITY_LEN) { + if (sess == NULL + && s->psk_server_callback != NULL + && idlen <= PSK_MAX_IDENTITY_LEN) { char *pskid = NULL; unsigned char pskdata[PSK_MAX_PSK_LEN]; unsigned int pskdatalen; @@ -1053,7 +1052,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } pskdatalen = s->psk_server_callback(s, pskid, pskdata, - sizeof(pskdata)); + sizeof(pskdata)); OPENSSL_free(pskid); if (pskdatalen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1075,11 +1074,11 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, sess = SSL_SESSION_new(); if (sess == NULL - || !SSL_SESSION_set1_master_key(sess, pskdata, - pskdatalen) - || !SSL_SESSION_set_cipher(sess, cipher) - || !SSL_SESSION_set_protocol_version(sess, - TLS1_3_VERSION)) { + || !SSL_SESSION_set1_master_key(sess, pskdata, + pskdatalen) + || !SSL_SESSION_set_cipher(sess, cipher) + || !SSL_SESSION_set_protocol_version(sess, + TLS1_3_VERSION)) { OPENSSL_cleanse(pskdata, pskdatalen); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -1120,13 +1119,13 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * is no point in using full stateless tickets. */ if ((s->options & SSL_OP_NO_TICKET) != 0 - || (s->max_early_data > 0 - && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)) + || (s->max_early_data > 0 + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)) ret = tls_get_stateful_ticket(s, &identity, &sess); else ret = tls_decrypt_ticket(s, PACKET_data(&identity), - PACKET_remaining(&identity), NULL, 0, - &sess); + PACKET_remaining(&identity), NULL, 0, + &sess); if (ret == SSL_TICKET_EMPTY) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); @@ -1134,7 +1133,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } if (ret == SSL_TICKET_FATAL_ERR_MALLOC - || ret == SSL_TICKET_FATAL_ERR_OTHER) { + || ret == SSL_TICKET_FATAL_ERR_OTHER) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1143,8 +1142,8 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Check for replay */ if (s->max_early_data > 0 - && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0 - && !SSL_CTX_remove_session(s->session_ctx, sess)) { + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0 + && !SSL_CTX_remove_session(s->session_ctx, sess)) { SSL_SESSION_free(sess); sess = NULL; continue; @@ -1164,10 +1163,10 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * rounding errors. */ if (id == 0 - && sess->timeout >= (long)agesec - && agems / (uint32_t)1000 == agesec - && ticket_age <= agems + 1000 - && ticket_age + TICKET_AGE_ALLOWANCE >= agems + 1000) { + && sess->timeout >= (long)agesec + && agems / (uint32_t)1000 == agesec + && ticket_age <= agems + 1000 + && ticket_age + TICKET_AGE_ALLOWANCE >= agems + 1000) { /* * Ticket age is within tolerance and not expired. We allow it * for early data @@ -1183,7 +1182,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } if (!EVP_MD_is_a(md, EVP_MD_get0_name(ssl_md(s->ctx, - s->s3.tmp.new_cipher->algorithm2)))) { + s->s3.tmp.new_cipher->algorithm2)))) { /* The ciphersuite is not compatible with this session. */ SSL_SESSION_free(sess); sess = NULL; @@ -1217,8 +1216,9 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, goto err; } if (tls_psk_do_binder(s, md, (const unsigned char *)s->init_buf->data, - binderoffset, PACKET_data(&binder), NULL, sess, 0, - ext) != 1) { + binderoffset, PACKET_data(&binder), NULL, sess, 0, + ext) + != 1) { /* SSLfatal() already called */ goto err; } @@ -1234,13 +1234,13 @@ err: } int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt, - ossl_unused unsigned int context, - ossl_unused X509 *x, - ossl_unused size_t chainidx) + ossl_unused unsigned int context, + ossl_unused X509 *x, + ossl_unused size_t chainidx) { if (PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR); + SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR); return 0; } @@ -1253,22 +1253,22 @@ int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt, * Add the server's renegotiation binding */ EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (!s->s3.send_connection_binding) return EXT_RETURN_NOT_SENT; /* Still add this even if SSL_OP_NO_RENEGOTIATION is set */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u8(pkt) - || !WPACKET_memcpy(pkt, s->s3.previous_client_finished, - s->s3.previous_client_finished_len) - || !WPACKET_memcpy(pkt, s->s3.previous_server_finished, - s->s3.previous_server_finished_len) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt) + || !WPACKET_memcpy(pkt, s->s3.previous_client_finished, + s->s3.previous_client_finished_len) + || !WPACKET_memcpy(pkt, s->s3.previous_server_finished, + s->s3.previous_server_finished_len) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1277,8 +1277,8 @@ EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (s->servername_done != 1) return EXT_RETURN_NOT_SENT; @@ -1291,7 +1291,7 @@ EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1301,8 +1301,8 @@ EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, /* Add/include the server's max fragment len extension into ServerHello */ EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (!USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) return EXT_RETURN_NOT_SENT; @@ -1323,13 +1323,13 @@ EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; unsigned long alg_a = s->s3.tmp.new_cipher->algorithm_auth; int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) - && (s->ext.peer_ecpointformats != NULL); + && (s->ext.peer_ecpointformats != NULL); const unsigned char *plist; size_t plistlen; @@ -1338,9 +1338,9 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, tls1_get_formatlist(s, &plist, &plistlen); if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, plist, plistlen) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, plist, plistlen) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1349,8 +1349,8 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { const uint16_t *groups; size_t numgroups, i, first = 1; @@ -1373,7 +1373,7 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, uint16_t group = groups[i]; if (tls_valid_group(s, group, version, version, 0, NULL) - && tls_group_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) { + && tls_group_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) { if (first) { /* * Check if the client is already using our preferred group. If @@ -1384,9 +1384,9 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, /* Add extension header */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups) - /* Sub-packet for supported_groups extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt)) { + /* Sub-packet for supported_groups extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1394,9 +1394,9 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, first = 0; } if (!WPACKET_put_bytes_u16(pkt, group)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } } } @@ -1409,8 +1409,8 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (!s->ext.ticket_expected || !tls_use_ticket(s)) { s->ext.ticket_expected = 0; @@ -1418,7 +1418,7 @@ EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1428,8 +1428,8 @@ EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, #ifndef OPENSSL_NO_OCSP EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { /* We don't currently support this extension inside a CertificateRequest */ if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) @@ -1442,7 +1442,7 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request) - || !WPACKET_start_sub_packet_u16(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1453,8 +1453,8 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, * separate message */ if (SSL_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt)) { - /* SSLfatal() already called */ - return EXT_RETURN_FAIL; + /* SSLfatal() already called */ + return EXT_RETURN_FAIL; } if (!WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1467,8 +1467,8 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, #ifndef OPENSSL_NO_NEXTPROTONEG EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { const unsigned char *npa; unsigned int npalen; @@ -1480,10 +1480,10 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; ret = s->ctx->ext.npn_advertised_cb(s, &npa, &npalen, - s->ctx->ext.npn_advertised_cb_arg); + s->ctx->ext.npn_advertised_cb_arg); if (ret == SSL_TLSEXT_ERR_OK) { if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg) - || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) { + || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1496,19 +1496,19 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, #endif EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (s->s3.alpn_selected == NULL) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, - TLSEXT_TYPE_application_layer_protocol_negotiation) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, s->s3.alpn_selected, - s->s3.alpn_selected_len) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + TLSEXT_TYPE_application_layer_protocol_negotiation) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, s->s3.alpn_selected, + s->s3.alpn_selected_len) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1518,18 +1518,18 @@ EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, #ifndef OPENSSL_NO_SRTP EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (s->srtp_profile == NULL) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, 2) - || !WPACKET_put_bytes_u16(pkt, s->srtp_profile->id) - || !WPACKET_put_bytes_u8(pkt, 0) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, 2) + || !WPACKET_put_bytes_u16(pkt, s->srtp_profile->id) + || !WPACKET_put_bytes_u8(pkt, 0) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1539,7 +1539,7 @@ EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, #endif EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (!s->ext.use_etm) return EXT_RETURN_NOT_SENT; @@ -1559,7 +1559,7 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1568,13 +1568,13 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, } EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1583,8 +1583,8 @@ EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, } EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (!ossl_assert(SSL_IS_TLS13(s))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1592,9 +1592,9 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->version) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->version) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1603,8 +1603,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned char *encodedPoint; @@ -1618,9 +1618,9 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1645,8 +1645,8 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->s3.group_id)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->s3.group_id)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1673,7 +1673,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, } if (!WPACKET_sub_memcpy_u16(pkt, encodedPoint, encoded_pt_len) - || !WPACKET_close(pkt)) { + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); EVP_PKEY_free(skey); OPENSSL_free(encodedPoint); @@ -1712,7 +1712,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, } if (!WPACKET_sub_memcpy_u16(pkt, ct, ctlen) - || !WPACKET_close(pkt)) { + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); OPENSSL_free(ct); return EXT_RETURN_FAIL; @@ -1735,7 +1735,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned char *hashval1, *hashval2, *appcookie1, *appcookie2, *cookie; @@ -1754,20 +1754,20 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_get_total_written(pkt, &startlen) - || !WPACKET_reserve_bytes(pkt, MAX_COOKIE_SIZE, &cookie) - || !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION) - || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION) - || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) - || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, - &ciphlen) - /* Is there a key_share extension present in this HRR? */ - || !WPACKET_put_bytes_u8(pkt, s->s3.peer_tmp == NULL) - || !WPACKET_put_bytes_u64(pkt, time(NULL)) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &hashval1)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_get_total_written(pkt, &startlen) + || !WPACKET_reserve_bytes(pkt, MAX_COOKIE_SIZE, &cookie) + || !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION) + || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION) + || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) + || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, + &ciphlen) + /* Is there a key_share extension present in this HRR? */ + || !WPACKET_put_bytes_u8(pkt, s->s3.peer_tmp == NULL) + || !WPACKET_put_bytes_u64(pkt, time(NULL)) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &hashval1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1778,16 +1778,16 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, * subsequently allocate them (below) */ if (!ssl3_digest_cached_records(s, 0) - || !ssl_handshake_hash(s, hashval1, EVP_MAX_MD_SIZE, &hashlen)) { + || !ssl_handshake_hash(s, hashval1, EVP_MAX_MD_SIZE, &hashlen)) { /* SSLfatal() already called */ return EXT_RETURN_FAIL; } if (!WPACKET_allocate_bytes(pkt, hashlen, &hashval2) - || !ossl_assert(hashval1 == hashval2) - || !WPACKET_close(pkt) - || !WPACKET_start_sub_packet_u8(pkt) - || !WPACKET_reserve_bytes(pkt, SSL_COOKIE_LENGTH, &appcookie1)) { + || !ossl_assert(hashval1 == hashval2) + || !WPACKET_close(pkt) + || !WPACKET_start_sub_packet_u8(pkt) + || !WPACKET_reserve_bytes(pkt, SSL_COOKIE_LENGTH, &appcookie1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1799,10 +1799,10 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, } if (!WPACKET_allocate_bytes(pkt, appcookielen, &appcookie2) - || !ossl_assert(appcookie1 == appcookie2) - || !WPACKET_close(pkt) - || !WPACKET_get_total_written(pkt, &totcookielen) - || !WPACKET_reserve_bytes(pkt, SHA256_DIGEST_LENGTH, &hmac)) { + || !ossl_assert(appcookie1 == appcookie2) + || !WPACKET_close(pkt) + || !WPACKET_get_total_written(pkt, &totcookielen) + || !WPACKET_reserve_bytes(pkt, SHA256_DIGEST_LENGTH, &hmac)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1817,18 +1817,20 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, /* HMAC the cookie */ hctx = EVP_MD_CTX_create(); pkey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", - s->ctx->propq, - s->session_ctx->ext.cookie_hmac_key, - sizeof(s->session_ctx->ext.cookie_hmac_key)); + s->ctx->propq, + s->session_ctx->ext.cookie_hmac_key, + sizeof(s->session_ctx->ext.cookie_hmac_key)); if (hctx == NULL || pkey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; } if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx, - s->ctx->propq, pkey, NULL) <= 0 - || EVP_DigestSign(hctx, hmac, &hmaclen, cookie, - totcookielen) <= 0) { + s->ctx->propq, pkey, NULL) + <= 0 + || EVP_DigestSign(hctx, hmac, &hmaclen, cookie, + totcookielen) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1839,17 +1841,17 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, } if (!WPACKET_allocate_bytes(pkt, hmaclen, &hmac2) - || !ossl_assert(hmac == hmac2) - || !ossl_assert(cookie == hmac - totcookielen) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + || !ossl_assert(hmac == hmac2) + || !ossl_assert(cookie == hmac - totcookielen) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } ret = EXT_RETURN_SENT; - err: +err: EVP_MD_CTX_free(hctx); EVP_PKEY_free(pkey); return ret; @@ -1859,12 +1861,12 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, } EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { const unsigned char cryptopro_ext[36] = { - 0xfd, 0xe8, /* 65000 */ - 0x00, 0x20, /* 32 bytes length */ + 0xfd, 0xe8, /* 65000 */ + 0x00, 0x20, /* 32 bytes length */ 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, @@ -1872,8 +1874,8 @@ EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, }; if (((s->s3.tmp.new_cipher->id & 0xFFFF) != 0x80 - && (s->s3.tmp.new_cipher->id & 0xFFFF) != 0x81) - || (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0) + && (s->s3.tmp.new_cipher->id & 0xFFFF) != 0x81) + || (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0) return EXT_RETURN_NOT_SENT; if (!WPACKET_memcpy(pkt, cryptopro_ext, sizeof(cryptopro_ext))) { @@ -1885,17 +1887,17 @@ EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) { if (s->max_early_data == 0) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u32(pkt, s->max_early_data) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u32(pkt, s->max_early_data) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1907,8 +1909,8 @@ EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1917,15 +1919,15 @@ EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (!s->hit) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->ext.tick_identity) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->ext.tick_identity) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 553546d93a41..31a974eab4da 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -8,8 +8,8 @@ */ #if defined(__TANDEM) && defined(_SPT_MODEL_) -# include <spthread.h> -# include <spt_extensions.h> /* timeval */ +#include <spthread.h> +#include <spt_extensions.h> /* timeval */ #endif #include "internal/cryptlib.h" @@ -120,11 +120,11 @@ void ossl_statem_send_fatal(SSL *s, int al) { /* We shouldn't call SSLfatal() twice. Once is enough */ if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR) - return; + return; s->statem.in_init = 1; s->statem.state = MSG_FLOW_ERROR; if (al != SSL_AD_NO_ALERT - && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID) + && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID) ssl3_send_alert(s, SSL3_AL_FATAL, al); } @@ -150,10 +150,10 @@ void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...) * a fatal error state. We verify that we are, and set it if not (this would * indicate a bug). */ -#define check_fatal(s) \ - do { \ - if (!ossl_assert((s)->statem.in_init \ - && (s)->statem.state == MSG_FLOW_ERROR)) \ +#define check_fatal(s) \ + do { \ + if (!ossl_assert((s)->statem.in_init \ + && (s)->statem.state == MSG_FLOW_ERROR)) \ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_FATAL); \ } while (0) @@ -197,8 +197,8 @@ int ossl_statem_skip_early_data(SSL *s) return 0; if (!s->server - || s->statem.hand_state != TLS_ST_EARLY_DATA - || s->hello_retry_request == SSL_HRR_COMPLETE) + || s->statem.hand_state != TLS_ST_EARLY_DATA + || s->hello_retry_request == SSL_HRR_COMPLETE) return 0; return 1; @@ -216,7 +216,7 @@ void ossl_statem_check_finish_init(SSL *s, int sending) { if (sending == -1) { if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END - || s->statem.hand_state == TLS_ST_EARLY_DATA) { + || s->statem.hand_state == TLS_ST_EARLY_DATA) { ossl_statem_set_in_init(s, 1); if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { /* @@ -227,10 +227,9 @@ void ossl_statem_check_finish_init(SSL *s, int sending) } } } else if (!s->server) { - if ((sending && (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END - || s->statem.hand_state == TLS_ST_EARLY_DATA) - && s->early_data_state != SSL_EARLY_DATA_WRITING) - || (!sending && s->statem.hand_state == TLS_ST_EARLY_DATA)) { + if ((sending && (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END || s->statem.hand_state == TLS_ST_EARLY_DATA) + && s->early_data_state != SSL_EARLY_DATA_WRITING) + || (!sending && s->statem.hand_state == TLS_ST_EARLY_DATA)) { ossl_statem_set_in_init(s, 1); /* * SSL_write() has been called directly. We don't allow any more @@ -241,7 +240,7 @@ void ossl_statem_check_finish_init(SSL *s, int sending) } } else { if (s->early_data_state == SSL_EARLY_DATA_FINISHED_READING - && s->statem.hand_state == TLS_ST_EARLY_DATA) + && s->statem.hand_state == TLS_ST_EARLY_DATA) ossl_statem_set_in_init(s, 1); } } @@ -270,7 +269,7 @@ int ossl_statem_accept(SSL *s) return state_machine(s, 1); } -typedef void (*info_cb) (const SSL *, int, int); +typedef void (*info_cb)(const SSL *, int, int); static info_cb get_callback(SSL *s) { @@ -313,7 +312,7 @@ static info_cb get_callback(SSL *s) static int state_machine(SSL *s, int server) { BUF_MEM *buf = NULL; - void (*cb) (const SSL *ssl, int type, int val) = NULL; + void (*cb)(const SSL *ssl, int type, int val) = NULL; OSSL_STATEM *st = &s->statem; int ret = -1; int ssret; @@ -344,13 +343,13 @@ static int state_machine(SSL *s, int server) * identifier other than 0. */ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, - st->in_handshake, NULL); + st->in_handshake, NULL); } #endif /* Initialise state machine */ if (st->state == MSG_FLOW_UNINITED - || st->state == MSG_FLOW_FINISHED) { + || st->state == MSG_FLOW_FINISHED) { if (st->state == MSG_FLOW_UNINITED) { st->hand_state = TLS_ST_BEFORE; st->request_state = TLS_ST_BEFORE; @@ -369,8 +368,7 @@ static int state_machine(SSL *s, int server) */ if (SSL_IS_DTLS(s)) { - if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) && - (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) { + if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) && (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) { SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); goto end; } @@ -423,7 +421,7 @@ static int state_machine(SSL *s, int server) } if ((SSL_in_before(s)) - || s->renegotiate) { + || s->renegotiate) { if (!tls_setup_handshake(s)) { /* SSLfatal() already called */ goto end; @@ -468,7 +466,7 @@ static int state_machine(SSL *s, int server) ret = 1; - end: +end: st->in_handshake--; #ifndef OPENSSL_NO_SCTP @@ -478,7 +476,7 @@ static int state_machine(SSL *s, int server) * identifier other than 0. */ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, - st->in_handshake, NULL); + st->in_handshake, NULL); } #endif @@ -502,7 +500,8 @@ static void init_read_state_machine(SSL *s) st->read_state = READ_STATE_HEADER; } -static int grow_init_buf(SSL *s, size_t size) { +static int grow_init_buf(SSL *s, size_t size) +{ size_t msg_offset = (char *)s->init_msg - s->init_buf->data; @@ -548,12 +547,12 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) OSSL_STATEM *st = &s->statem; int ret, mt; size_t len = 0; - int (*transition) (SSL *s, int mt); + int (*transition)(SSL *s, int mt); PACKET pkt; - MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt); - WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst); - size_t (*max_message_size) (SSL *s); - void (*cb) (const SSL *ssl, int type, int val) = NULL; + MSG_PROCESS_RETURN (*process_message)(SSL *s, PACKET *pkt); + WORK_STATE (*post_process_message)(SSL *s, WORK_STATE wst); + size_t (*max_message_size)(SSL *s); + void (*cb)(const SSL *ssl, int type, int val) = NULL; cb = get_callback(s); @@ -608,15 +607,14 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) if (s->s3.tmp.message_size > max_message_size(s)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_EXCESSIVE_MESSAGE_SIZE); + SSL_R_EXCESSIVE_MESSAGE_SIZE); return SUB_STATE_ERROR; } /* dtls_get_message already did this */ if (!SSL_IS_DTLS(s) - && s->s3.tmp.message_size > 0 - && !grow_init_buf(s, s->s3.tmp.message_size - + SSL3_HM_HEADER_LENGTH)) { + && s->s3.tmp.message_size > 0 + && !grow_init_buf(s, s->s3.tmp.message_size + SSL3_HM_HEADER_LENGTH)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BUF_LIB); return SUB_STATE_ERROR; } @@ -765,14 +763,14 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) { OSSL_STATEM *st = &s->statem; int ret; - WRITE_TRAN(*transition) (SSL *s); - WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst); - WORK_STATE(*post_work) (SSL *s, WORK_STATE wst); - int (*get_construct_message_f) (SSL *s, WPACKET *pkt, - int (**confunc) (SSL *s, WPACKET *pkt), - int *mt); - void (*cb) (const SSL *ssl, int type, int val) = NULL; - int (*confunc) (SSL *s, WPACKET *pkt); + WRITE_TRAN (*transition)(SSL *s); + WORK_STATE (*pre_work)(SSL *s, WORK_STATE wst); + WORK_STATE (*post_work)(SSL *s, WORK_STATE wst); + int (*get_construct_message_f)(SSL *s, WPACKET *pkt, + int (**confunc)(SSL *s, WPACKET *pkt), + int *mt); + void (*cb)(const SSL *ssl, int type, int val) = NULL; + int (*confunc)(SSL *s, WPACKET *pkt); int mt; WPACKET pkt; @@ -844,7 +842,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) break; } if (!WPACKET_init(&pkt, s->init_buf) - || !ssl_set_handshake_header(s, &pkt, mt)) { + || !ssl_set_handshake_header(s, &pkt, mt)) { WPACKET_cleanup(&pkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return SUB_STATE_ERROR; @@ -869,7 +867,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) } /* else success */ } if (!ssl_close_construct_packet(s, &pkt, mt) - || !WPACKET_finish(&pkt)) { + || !WPACKET_finish(&pkt)) { WPACKET_cleanup(&pkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return SUB_STATE_ERROR; @@ -974,7 +972,7 @@ int ossl_statem_app_data_allowed(SSL *s) int ossl_statem_export_allowed(SSL *s) { return s->s3.previous_server_finished_len != 0 - && s->statem.hand_state != TLS_ST_SW_FINISHED; + && s->statem.hand_state != TLS_ST_SW_FINISHED; } /* @@ -989,5 +987,5 @@ int ossl_statem_export_early_allowed(SSL *s) * as we have sent early_data. */ return s->ext.early_data == SSL_EARLY_DATA_ACCEPTED - || (!s->server && s->ext.early_data != SSL_EARLY_DATA_NOT_SENT); + || (!s->server && s->ext.early_data != SSL_EARLY_DATA_NOT_SENT); } diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h index 5db31b63585d..03ef753d5285 100644 --- a/ssl/statem/statem.h +++ b/ssl/statem/statem.h @@ -134,13 +134,13 @@ void ossl_statem_clear(SSL *s); void ossl_statem_set_renegotiate(SSL *s); void ossl_statem_send_fatal(SSL *s, int al); void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...); -# define SSL_AD_NO_ALERT -1 -# define SSLfatal_alert(s, al) ossl_statem_send_fatal((s), (al)) -# define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL) -# define SSLfatal_data \ - (ERR_new(), \ - ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \ - ossl_statem_fatal) +#define SSL_AD_NO_ALERT -1 +#define SSLfatal_alert(s, al) ossl_statem_send_fatal((s), (al)) +#define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL) +#define SSLfatal_data \ + (ERR_new(), \ + ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \ + ossl_statem_fatal) int ossl_statem_in_error(const SSL *s); void ossl_statem_set_in_init(SSL *s, int init); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 3cd1ee2d3dfe..4b5f966e5e26 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -34,7 +34,7 @@ static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt); static ossl_inline int cert_req_allowed(SSL *s); static int key_exchange_expected(SSL *s); static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, - WPACKET *pkt); + WPACKET *pkt); /* * Is a CertificateRequest message allowed at the moment or not? @@ -47,7 +47,7 @@ static ossl_inline int cert_req_allowed(SSL *s) { /* TLS does not like anon-DH with client cert */ if ((s->version > SSL3_VERSION - && (s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL)) + && (s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL)) || (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK))) return 0; @@ -69,8 +69,7 @@ static int key_exchange_expected(SSL *s) * Can't skip server key exchange if this is an ephemeral * ciphersuite or for SRP */ - if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK - | SSL_kSRP)) { + if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK | SSL_kSRP)) { return 1; } @@ -169,7 +168,7 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) if (mt == SSL3_MT_CERTIFICATE_REQUEST) { #if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION /* Restore digest for PHA before adding message.*/ -# error Internal DTLS version error +#error Internal DTLS version error #endif if (!SSL_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT) { s->post_handshake_auth = SSL_PHA_REQUESTED; @@ -264,9 +263,9 @@ int ossl_statem_client_read_transition(SSL *s, int mt) st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST; return 1; } else if (s->version >= TLS1_VERSION - && s->ext.session_secret_cb != NULL - && s->session->ext.tick != NULL - && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { + && s->ext.session_secret_cb != NULL + && s->session->ext.tick != NULL + && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { /* * Normally, we can tell if the server is resuming the session * from the session ID. EAP-FAST (RFC 4851), however, relies on @@ -277,7 +276,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) st->hand_state = TLS_ST_CR_CHANGE; return 1; } else if (!(s->s3.tmp.new_cipher->algorithm_auth - & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { + & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { if (mt == SSL3_MT_CERTIFICATE) { st->hand_state = TLS_ST_CR_CERT; return 1; @@ -293,7 +292,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) return 1; } } else if (mt == SSL3_MT_CERTIFICATE_REQUEST - && cert_req_allowed(s)) { + && cert_req_allowed(s)) { st->hand_state = TLS_ST_CR_CERT_REQ; return 1; } else if (mt == SSL3_MT_SERVER_DONE) { @@ -318,8 +317,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) case TLS_ST_CR_CERT_STATUS: ske_expected = key_exchange_expected(s); /* SKE is optional for some PSK ciphersuites */ - if (ske_expected || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) - && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) { + if (ske_expected || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) { if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) { st->hand_state = TLS_ST_CR_KEY_EXCH; return 1; @@ -379,7 +377,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) break; } - err: +err: /* No valid transition found */ if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { BIO *rbio; @@ -438,14 +436,14 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) case TLS_ST_CR_FINISHED: if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY - || s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING) + || s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING) st->hand_state = TLS_ST_PENDING_EARLY_DATA_END; else if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 - && s->hello_retry_request == SSL_HRR_NONE) + && s->hello_retry_request == SSL_HRR_NONE) st->hand_state = TLS_ST_CW_CHANGE; else st->hand_state = (s->s3.tmp.cert_req != 0) ? TLS_ST_CW_CERT - : TLS_ST_CW_FINISHED; + : TLS_ST_CW_FINISHED; return WRITE_TRAN_CONTINUE; case TLS_ST_PENDING_EARLY_DATA_END: @@ -458,13 +456,13 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) case TLS_ST_CW_END_OF_EARLY_DATA: case TLS_ST_CW_CHANGE: st->hand_state = (s->s3.tmp.cert_req != 0) ? TLS_ST_CW_CERT - : TLS_ST_CW_FINISHED; + : TLS_ST_CW_FINISHED; return WRITE_TRAN_CONTINUE; case TLS_ST_CW_CERT: /* If a non-empty Certificate we also send CertificateVerify */ st->hand_state = (s->s3.tmp.cert_req == 1) ? TLS_ST_CW_CERT_VRFY - : TLS_ST_CW_FINISHED; + : TLS_ST_CW_FINISHED; return WRITE_TRAN_CONTINUE; case TLS_ST_CW_CERT_VRFY: @@ -550,7 +548,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) * because we did early data. */ if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 - && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) + && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) st->hand_state = TLS_ST_CW_CHANGE; else st->hand_state = TLS_ST_CW_CLNT_HELLO; @@ -706,7 +704,7 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst) * on with the handshake. Otherwise we pause here. */ if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING - || s->early_data_state == SSL_EARLY_DATA_NONE) + || s->early_data_state == SSL_EARLY_DATA_NONE) return WORK_FINISHED_CONTINUE; /* Fall through */ @@ -738,7 +736,7 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) case TLS_ST_CW_CLNT_HELLO: if (s->early_data_state == SSL_EARLY_DATA_CONNECTING - && s->max_early_data > 0) { + && s->max_early_data > 0) { /* * We haven't selected TLSv1.3 yet so we don't call the change * cipher state function associated with the SSL_METHOD. Instead @@ -746,7 +744,7 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) */ if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0) { if (!tls13_change_cipher_state(s, - SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { + SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { /* SSLfatal() already called */ return WORK_ERROR; } @@ -782,14 +780,14 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) if (SSL_IS_TLS13(s) || s->hello_retry_request == SSL_HRR_PENDING) break; if (s->early_data_state == SSL_EARLY_DATA_CONNECTING - && s->max_early_data > 0) { + && s->max_early_data > 0) { /* * We haven't selected TLSv1.3 yet so we don't call the change * cipher state function associated with the SSL_METHOD. Instead * we call tls13_change_cipher_state() directly. */ if (!tls13_change_cipher_state(s, - SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) + SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) return WORK_ERROR; break; } @@ -808,7 +806,7 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) } if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { + SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { /* SSLfatal() already called */ return WORK_ERROR; } @@ -821,7 +819,7 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) * no SCTP used. */ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, - 0, NULL); + 0, NULL); } #endif @@ -837,7 +835,7 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) * no SCTP used. */ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, - 0, NULL); + 0, NULL); } #endif if (statem_flush(s) != 1) @@ -880,7 +878,7 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) * 0: Error */ int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt, - confunc_f *confunc, int *mt) + confunc_f *confunc, int *mt) { OSSL_STATEM *st = &s->statem; @@ -1109,10 +1107,10 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) } if (sess == NULL - || !ssl_version_supported(s, sess->ssl_version, NULL) - || !SSL_SESSION_is_resumable(sess)) { + || !ssl_version_supported(s, sess->ssl_version, NULL) + || !SSL_SESSION_is_resumable(sess)) { if (s->hello_retry_request == SSL_HRR_NONE - && !ssl_get_new_session(s, 0)) { + && !ssl_get_new_session(s, 0)) { /* SSLfatal() already called */ return 0; } @@ -1138,8 +1136,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) i = (s->hello_retry_request == SSL_HRR_NONE); } - if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3.client_random), - DOWNGRADE_NONE) <= 0) { + if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3.client_random), DOWNGRADE_NONE) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1178,7 +1175,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) * supported_versions extension for the real supported versions. */ if (!WPACKET_put_bytes_u16(pkt, s->client_version) - || !WPACKET_memcpy(pkt, s->s3.client_random, SSL3_RANDOM_SIZE)) { + || !WPACKET_memcpy(pkt, s->s3.client_random, SSL3_RANDOM_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1187,13 +1184,14 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) session_id = s->session->session_id; if (s->new_session || s->session->ssl_version == TLS1_3_VERSION) { if (s->version == TLS1_3_VERSION - && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) { + && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) { sess_id_len = sizeof(s->tmp_session_id); s->tmp_session_id_len = sess_id_len; session_id = s->tmp_session_id; if (s->hello_retry_request == SSL_HRR_NONE - && RAND_bytes_ex(s->ctx->libctx, s->tmp_session_id, - sess_id_len, 0) <= 0) { + && RAND_bytes_ex(s->ctx->libctx, s->tmp_session_id, + sess_id_len, 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1209,9 +1207,8 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) } } if (!WPACKET_start_sub_packet_u8(pkt) - || (sess_id_len != 0 && !WPACKET_memcpy(pkt, session_id, - sess_id_len)) - || !WPACKET_close(pkt)) { + || (sess_id_len != 0 && !WPACKET_memcpy(pkt, session_id, sess_id_len)) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1219,8 +1216,8 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) /* cookie stuff for DTLS */ if (SSL_IS_DTLS(s)) { if (s->d1->cookie_len > sizeof(s->d1->cookie) - || !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie, - s->d1->cookie_len)) { + || !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie, + s->d1->cookie_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1248,8 +1245,8 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) } #ifndef OPENSSL_NO_COMP if (ssl_allow_compression(s) - && s->ctx->comp_methods - && (SSL_IS_DTLS(s) || s->s3.tmp.max_ver < TLS1_3_VERSION)) { + && s->ctx->comp_methods + && (SSL_IS_DTLS(s) || s->s3.tmp.max_ver < TLS1_3_VERSION)) { int compnum = sk_SSL_COMP_num(s->ctx->comp_methods); for (i = 0; i < compnum; i++) { comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); @@ -1331,7 +1328,7 @@ static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars) } if (SSL_IS_TLS13(s) && s->s3.tmp.new_cipher != NULL - && s->s3.tmp.new_cipher->id != c->id) { + && s->s3.tmp.new_cipher->id != c->id) { /* ServerHello selected a different ciphersuite to that in the HRR */ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_CIPHER_RETURNED); return 0; @@ -1353,9 +1350,9 @@ static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars) * ciphersuite as long as the hash is the same. */ if (md == NULL - || md != ssl_md(s->ctx, s->session->cipher->algorithm2)) { + || md != ssl_md(s->ctx, s->session->cipher->algorithm2)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED); + SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED); return 0; } } else { @@ -1364,7 +1361,7 @@ static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars) * ciphersuite. */ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); + SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); return 0; } } @@ -1394,9 +1391,9 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) /* load the server random */ if (s->version == TLS1_3_VERSION - && sversion == TLS1_2_VERSION - && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE - && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) { + && sversion == TLS1_2_VERSION + && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE + && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) { if (s->hello_retry_request != SSL_HRR_NONE) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto err; @@ -1440,16 +1437,16 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) if (PACKET_remaining(pkt) == 0 && !hrr) { PACKET_null_init(&extpkt); } else if (!PACKET_as_length_prefixed_2(pkt, &extpkt) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_LENGTH); goto err; } if (!hrr) { if (!tls_collect_extensions(s, &extpkt, - SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_SERVER_HELLO, - &extensions, NULL, 1)) { + SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_SERVER_HELLO, + &extensions, NULL, 1)) { /* SSLfatal() already called */ goto err; } @@ -1463,13 +1460,14 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) if (SSL_IS_TLS13(s) || hrr) { if (compression != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INVALID_COMPRESSION_ALGORITHM); + SSL_R_INVALID_COMPRESSION_ALGORITHM); goto err; } if (session_id_len != s->tmp_session_id_len - || memcmp(PACKET_data(&session_id), s->tmp_session_id, - session_id_len) != 0) { + || memcmp(PACKET_data(&session_id), s->tmp_session_id, + session_id_len) + != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INVALID_SESSION_ID); goto err; } @@ -1504,14 +1502,14 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) */ if (RECORD_LAYER_processed_read_pending(&s->rlayer)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_NOT_ON_RECORD_BOUNDARY); + SSL_R_NOT_ON_RECORD_BOUNDARY); goto err; } /* This will set s->hit if we are resuming */ if (!tls_parse_extension(s, TLSEXT_IDX_psk, - SSL_EXT_TLS1_3_SERVER_HELLO, - extensions, NULL, 0)) { + SSL_EXT_TLS1_3_SERVER_HELLO, + extensions, NULL, 0)) { /* SSLfatal() already called */ goto err; } @@ -1529,7 +1527,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) * message to see if the server wants to resume. */ if (s->version >= TLS1_VERSION - && s->ext.session_secret_cb != NULL && s->session->ext.tick) { + && s->ext.session_secret_cb != NULL && s->session->ext.tick) { const SSL_CIPHER *pref_cipher = NULL; /* * s->session->master_key_length is a size_t, but this is an int for @@ -1538,13 +1536,12 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) int master_key_length; master_key_length = sizeof(s->session->master_key); if (s->ext.session_secret_cb(s, s->session->master_key, - &master_key_length, - NULL, &pref_cipher, - s->ext.session_secret_cb_arg) - && master_key_length > 0) { + &master_key_length, + NULL, &pref_cipher, + s->ext.session_secret_cb_arg) + && master_key_length > 0) { s->session->master_key_length = master_key_length; - s->session->cipher = pref_cipher ? - pref_cipher : ssl_get_cipher_by_char(s, cipherchars, 0); + s->session->cipher = pref_cipher ? pref_cipher : ssl_get_cipher_by_char(s, cipherchars, 0); } else { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -1552,18 +1549,19 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) } if (session_id_len != 0 - && session_id_len == s->session->session_id_length - && memcmp(PACKET_data(&session_id), s->session->session_id, - session_id_len) == 0) + && session_id_len == s->session->session_id_length + && memcmp(PACKET_data(&session_id), s->session->session_id, + session_id_len) + == 0) s->hit = 1; } if (s->hit) { if (s->sid_ctx_length != s->session->sid_ctx_length - || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { + || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { /* actually a client application bug */ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto err; } } else { @@ -1594,14 +1592,14 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) /* session_id_len could be 0 */ if (session_id_len > 0) memcpy(s->session->session_id, PACKET_data(&session_id), - session_id_len); + session_id_len); } } /* Session version and negotiated protocol version should match */ if (s->version != s->session->ssl_version) { SSLfatal(s, SSL_AD_PROTOCOL_VERSION, - SSL_R_SSL_SESSION_VERSION_MISMATCH); + SSL_R_SSL_SESSION_VERSION_MISMATCH); goto err; } /* @@ -1619,7 +1617,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) #ifdef OPENSSL_NO_COMP if (compression != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); goto err; } /* @@ -1633,7 +1631,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) #else if (s->hit && compression != s->session->compress_meth) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); + SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); goto err; } if (compression == 0) @@ -1647,7 +1645,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) if (compression != 0 && comp == NULL) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); goto err; } else { s->s3.tmp.new_compression = comp; @@ -1670,7 +1668,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) * no SCTP used. */ memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, - sizeof(DTLS1_SCTP_AUTH_LABEL)); + sizeof(DTLS1_SCTP_AUTH_LABEL)); /* Don't include the terminating zero. */ labellen = sizeof(labelbuffer) - 1; @@ -1678,16 +1676,17 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) labellen += 1; if (SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), - labelbuffer, - labellen, NULL, 0, 0) <= 0) { + sizeof(sctpauthkey), + labelbuffer, + labellen, NULL, 0, 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); + BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, + sizeof(sctpauthkey), sctpauthkey); } #endif @@ -1696,22 +1695,22 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) * we're done with this message */ if (SSL_IS_TLS13(s) - && (!s->method->ssl3_enc->setup_key_block(s) - || !s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_READ))) { + && (!s->method->ssl3_enc->setup_key_block(s) + || !s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_READ))) { /* SSLfatal() already called */ goto err; } OPENSSL_free(extensions); return MSG_PROCESS_CONTINUE_READING; - err: +err: OPENSSL_free(extensions); return MSG_PROCESS_ERROR; } static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, - PACKET *extpkt) + PACKET *extpkt) { RAW_EXTENSION *extensions = NULL; @@ -1723,9 +1722,9 @@ static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, s->enc_write_ctx = NULL; if (!tls_collect_extensions(s, extpkt, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, - &extensions, NULL, 1) - || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, - extensions, NULL, 0, 1)) { + &extensions, NULL, 1) + || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, + extensions, NULL, 0, 1)) { /* SSLfatal() already called */ goto err; } @@ -1758,13 +1757,13 @@ static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, * for HRR messages. */ if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, - s->init_num + SSL3_HM_HEADER_LENGTH)) { + s->init_num + SSL3_HM_HEADER_LENGTH)) { /* SSLfatal() already called */ goto err; } return MSG_PROCESS_FINISHED_READING; - err: +err: OPENSSL_free(extensions); return MSG_PROCESS_ERROR; } @@ -1784,10 +1783,10 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) } if ((SSL_IS_TLS13(s) && !PACKET_get_1(pkt, &context)) - || context != 0 - || !PACKET_get_net_3(pkt, &cert_list_len) - || PACKET_remaining(pkt) != cert_list_len - || PACKET_remaining(pkt) == 0) { + || context != 0 + || !PACKET_get_net_3(pkt, &cert_list_len) + || PACKET_remaining(pkt) != cert_list_len + || PACKET_remaining(pkt) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } @@ -1806,7 +1805,8 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) goto err; } if (d2i_X509(&x, (const unsigned char **)&certbytes, - cert_len) == NULL) { + cert_len) + == NULL) { SSLfatal(s, SSL_AD_BAD_CERTIFICATE, ERR_R_ASN1_LIB); goto err; } @@ -1825,11 +1825,11 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) goto err; } if (!tls_collect_extensions(s, &extensions, - SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, - NULL, chainidx == 0) + SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, + NULL, chainidx == 0) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE, - rawexts, x, chainidx, - PACKET_remaining(pkt) == 0)) { + rawexts, x, chainidx, + PACKET_remaining(pkt) == 0)) { OPENSSL_free(rawexts); /* SSLfatal already called */ goto err; @@ -1845,7 +1845,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) } return MSG_PROCESS_CONTINUE_PROCESSING; - err: +err: X509_free(x); sk_X509_pop_free(s->session->peer_chain, X509_free); s->session->peer_chain = NULL; @@ -1887,10 +1887,10 @@ WORK_STATE tls_post_process_server_certificate(SSL *s, WORK_STATE wst) */ if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) { SSLfatal(s, ssl_x509err2alert(s->verify_result), - SSL_R_CERTIFICATE_VERIFY_FAILED); + SSL_R_CERTIFICATE_VERIFY_FAILED); return WORK_ERROR; } - ERR_clear_error(); /* but we keep s->verify_result */ + ERR_clear_error(); /* but we keep s->verify_result */ /* * Inconsistency alert: cert_chain does include the peer's certificate, @@ -1902,7 +1902,7 @@ WORK_STATE tls_post_process_server_certificate(SSL *s, WORK_STATE wst) if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); + SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); return WORK_ERROR; } @@ -1929,9 +1929,9 @@ WORK_STATE tls_post_process_server_certificate(SSL *s, WORK_STATE wst) /* Save the current hash state for when we receive the CertificateVerify */ if (SSL_IS_TLS13(s) - && !ssl_handshake_hash(s, s->cert_verify_hash, - sizeof(s->cert_verify_hash), - &s->cert_verify_hash_len)) { + && !ssl_handshake_hash(s, s->cert_verify_hash, + sizeof(s->cert_verify_hash), + &s->cert_verify_hash_len)) { /* SSLfatal() already called */; return WORK_ERROR; } @@ -1965,7 +1965,7 @@ static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt) OPENSSL_free(s->session->psk_identity_hint); s->session->psk_identity_hint = NULL; } else if (!PACKET_strndup(&psk_identity_hint, - &s->session->psk_identity_hint)) { + &s->session->psk_identity_hint)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1990,18 +1990,18 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey) return 0; } - if ((s->srp_ctx.N = - BN_bin2bn(PACKET_data(&prime), - (int)PACKET_remaining(&prime), NULL)) == NULL - || (s->srp_ctx.g = - BN_bin2bn(PACKET_data(&generator), - (int)PACKET_remaining(&generator), NULL)) == NULL - || (s->srp_ctx.s = - BN_bin2bn(PACKET_data(&salt), - (int)PACKET_remaining(&salt), NULL)) == NULL - || (s->srp_ctx.B = - BN_bin2bn(PACKET_data(&server_pub), - (int)PACKET_remaining(&server_pub), NULL)) == NULL) { + if ((s->srp_ctx.N = BN_bin2bn(PACKET_data(&prime), + (int)PACKET_remaining(&prime), NULL)) + == NULL + || (s->srp_ctx.g = BN_bin2bn(PACKET_data(&generator), + (int)PACKET_remaining(&generator), NULL)) + == NULL + || (s->srp_ctx.s = BN_bin2bn(PACKET_data(&salt), + (int)PACKET_remaining(&salt), NULL)) + == NULL + || (s->srp_ctx.B = BN_bin2bn(PACKET_data(&server_pub), + (int)PACKET_remaining(&server_pub), NULL)) + == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BN_LIB); return 0; } @@ -2041,9 +2041,9 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) p = BN_bin2bn(PACKET_data(&prime), (int)PACKET_remaining(&prime), NULL); g = BN_bin2bn(PACKET_data(&generator), (int)PACKET_remaining(&generator), - NULL); + NULL); bnpub_key = BN_bin2bn(PACKET_data(&pub_key), - (int)PACKET_remaining(&pub_key), NULL); + (int)PACKET_remaining(&pub_key), NULL); if (p == NULL || g == NULL || bnpub_key == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BN_LIB); goto err; @@ -2051,11 +2051,11 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) tmpl = OSSL_PARAM_BLD_new(); if (tmpl == NULL - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, - bnpub_key) - || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p) + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g) + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, + bnpub_key) + || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2066,7 +2066,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) goto err; } if (EVP_PKEY_fromdata_init(pctx) <= 0 - || EVP_PKEY_fromdata(pctx, &peer_tmp, EVP_PKEY_KEYPAIR, params) <= 0) { + || EVP_PKEY_fromdata(pctx, &peer_tmp, EVP_PKEY_KEYPAIR, params) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_DH_VALUE); goto err; } @@ -2074,21 +2074,21 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) EVP_PKEY_CTX_free(pctx); pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, peer_tmp, s->ctx->propq); if (pctx == NULL - /* - * EVP_PKEY_param_check() will verify that the DH params are using - * a safe prime. In this context, because we're using ephemeral DH, - * we're ok with it not being a safe prime. - * EVP_PKEY_param_check_quick() skips the safe prime check. - */ - || EVP_PKEY_param_check_quick(pctx) != 1 - || EVP_PKEY_public_check(pctx) != 1) { + /* + * EVP_PKEY_param_check() will verify that the DH params are using + * a safe prime. In this context, because we're using ephemeral DH, + * we're ok with it not being a safe prime. + * EVP_PKEY_param_check_quick() skips the safe prime check. + */ + || EVP_PKEY_param_check_quick(pctx) != 1 + || EVP_PKEY_public_check(pctx) != 1) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_DH_VALUE); goto err; } if (!ssl_security(s, SSL_SECOP_TMP_DH, - EVP_PKEY_get_security_bits(peer_tmp), - 0, peer_tmp)) { + EVP_PKEY_get_security_bits(peer_tmp), + 0, peer_tmp)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_DH_KEY_TOO_SMALL); goto err; } @@ -2106,7 +2106,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) ret = 1; - err: +err: OSSL_PARAM_BLD_free(tmpl); OSSL_PARAM_free(params); EVP_PKEY_free(peer_tmp); @@ -2137,14 +2137,14 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) * server has sent an invalid curve. */ if (curve_type != NAMED_CURVE_TYPE - || !tls1_check_group_id(s, curve_id, 1)) { + || !tls1_check_group_id(s, curve_id, 1)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_CURVE); return 0; } if ((s->s3.peer_tmp = ssl_generate_param_group(s, curve_id)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); + SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); return 0; } @@ -2154,8 +2154,9 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) } if (EVP_PKEY_set1_encoded_public_key(s->s3.peer_tmp, - PACKET_data(&encoded_pt), - PACKET_remaining(&encoded_pt)) <= 0) { + PACKET_data(&encoded_pt), + PACKET_remaining(&encoded_pt)) + <= 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT); return 0; } @@ -2233,8 +2234,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) * equals the length of the parameters. */ if (!PACKET_get_sub_packet(&save_param_start, ¶ms, - PACKET_remaining(&save_param_start) - - PACKET_remaining(pkt))) { + PACKET_remaining(&save_param_start) - PACKET_remaining(pkt))) { SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2246,24 +2246,24 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_TOO_SHORT); goto err; } - if (tls12_check_peer_sigalg(s, sigalg, pkey) <=0) { + if (tls12_check_peer_sigalg(s, sigalg, pkey) <= 0) { /* SSLfatal() already called */ goto err; } } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED); + SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED); goto err; } if (!tls1_lookup_md(s->ctx, s->s3.tmp.peer_sigalg, &md)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_NO_SUITABLE_DIGEST_ALGORITHM); + SSL_R_NO_SUITABLE_DIGEST_ALGORITHM); goto err; } if (SSL_USE_SIGALGS(s)) OSSL_TRACE1(TLS, "USING TLSv1.2 HASH %s\n", - md == NULL ? "n/a" : EVP_MD_get0_name(md)); + md == NULL ? "n/a" : EVP_MD_get0_name(md)); if (!PACKET_get_length_prefixed_2(pkt, &signature) || PACKET_remaining(pkt) != 0) { @@ -2278,29 +2278,31 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) } if (EVP_DigestVerifyInit_ex(md_ctx, &pctx, - md == NULL ? NULL : EVP_MD_get0_name(md), - s->ctx->libctx, s->ctx->propq, pkey, - NULL) <= 0) { + md == NULL ? NULL : EVP_MD_get0_name(md), + s->ctx->libctx, s->ctx->propq, pkey, + NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } if (SSL_USE_PSS(s)) { if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, - RSA_PSS_SALTLEN_DIGEST) <= 0) { + RSA_PSS_SALTLEN_DIGEST) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } } tbslen = construct_key_exchange_tbs(s, &tbs, PACKET_data(¶ms), - PACKET_remaining(¶ms)); + PACKET_remaining(¶ms)); if (tbslen == 0) { /* SSLfatal() already called */ goto err; } rv = EVP_DigestVerify(md_ctx, PACKET_data(&signature), - PACKET_remaining(&signature), tbs, tbslen); + PACKET_remaining(&signature), tbs, tbslen); OPENSSL_free(tbs); if (rv <= 0) { SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BAD_SIGNATURE); @@ -2327,7 +2329,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) } return MSG_PROCESS_CONTINUE_READING; - err: +err: EVP_MD_CTX_free(md_ctx); return MSG_PROCESS_ERROR; } @@ -2361,8 +2363,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) s->pha_context = NULL; s->pha_context_len = 0; - if (!PACKET_get_length_prefixed_1(pkt, &reqctx) || - !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) { + if (!PACKET_get_length_prefixed_1(pkt, &reqctx) || !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return MSG_PROCESS_ERROR; } @@ -2372,10 +2373,10 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } if (!tls_collect_extensions(s, &extensions, - SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, - &rawexts, NULL, 1) + SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, + &rawexts, NULL, 1) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, - rawexts, NULL, 0, 1)) { + rawexts, NULL, 0, 1)) { /* SSLfatal() already called */ OPENSSL_free(rawexts); return MSG_PROCESS_ERROR; @@ -2413,7 +2414,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) */ if (!tls1_save_sigalgs(s, &sigalgs, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_SIGNATURE_ALGORITHMS_ERROR); + SSL_R_SIGNATURE_ALGORITHMS_ERROR); return MSG_PROCESS_ERROR; } if (!tls1_process_sigalgs(s)) { @@ -2502,7 +2503,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) } if ((s->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) != 0 - && !SSL_IS_TLS13(s)) { + && !SSL_IS_TLS13(s)) { /* * In TLSv1.2 and below the arrival of a new tickets signals that * any old ticket we were using is now out of date, so we remove the @@ -2540,17 +2541,17 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) PACKET extpkt; if (!PACKET_as_length_prefixed_2(pkt, &extpkt) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } if (!tls_collect_extensions(s, &extpkt, - SSL_EXT_TLS1_3_NEW_SESSION_TICKET, &exts, - NULL, 1) - || !tls_parse_all_extensions(s, - SSL_EXT_TLS1_3_NEW_SESSION_TICKET, - exts, NULL, 0, 1)) { + SSL_EXT_TLS1_3_NEW_SESSION_TICKET, &exts, + NULL, 1) + || !tls_parse_all_extensions(s, + SSL_EXT_TLS1_3_NEW_SESSION_TICKET, + exts, NULL, 0, 1)) { /* SSLfatal() already called */ goto err; } @@ -2578,8 +2579,8 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) * but s->session->session_id_length is a size_t */ if (!EVP_Digest(s->session->ext.tick, ticklen, - s->session->session_id, &sess_len, - sha256, NULL)) { + s->session->session_id, &sess_len, + sha256, NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -2593,7 +2594,9 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) const EVP_MD *md = ssl_handshake_md(s); int hashleni = EVP_MD_get_size(md); size_t hashlen; - static const unsigned char nonce_label[] = "resumption"; + /* ASCII: "resumption", in hex for EBCDIC compatibility */ + static const unsigned char nonce_label[] = { 0x72, 0x65, 0x73, 0x75, 0x6D, + 0x70, 0x74, 0x69, 0x6F, 0x6E }; /* Ensure cast to size_t is safe */ if (!ossl_assert(hashleni >= 0)) { @@ -2603,12 +2606,12 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) hashlen = (size_t)hashleni; if (!tls13_hkdf_expand(s, md, s->resumption_master_secret, - nonce_label, - sizeof(nonce_label) - 1, - PACKET_data(&nonce), - PACKET_remaining(&nonce), - s->session->master_key, - hashlen, 1)) { + nonce_label, + sizeof(nonce_label), + PACKET_data(&nonce), + PACKET_remaining(&nonce), + s->session->master_key, + hashlen, 1)) { /* SSLfatal() already called */ goto err; } @@ -2620,7 +2623,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) } return MSG_PROCESS_CONTINUE_READING; - err: +err: EVP_MD_free(sha256); OPENSSL_free(exts); return MSG_PROCESS_ERROR; @@ -2660,7 +2663,6 @@ int tls_process_cert_status_body(SSL *s, PACKET *pkt) return 1; } - MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt) { if (!tls_process_cert_status_body(s, pkt)) { @@ -2694,17 +2696,17 @@ int tls_process_initial_server_flight(SSL *s) * message, or NULL and -1 otherwise */ if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing - && s->ctx->ext.status_cb != NULL) { + && s->ctx->ext.status_cb != NULL) { int ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg); if (ret == 0) { SSLfatal(s, SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE, - SSL_R_INVALID_STATUS_RESPONSE); + SSL_R_INVALID_STATUS_RESPONSE); return 0; } if (ret < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_OCSP_CALLBACK_FAILURE); + SSL_R_OCSP_CALLBACK_FAILURE); return 0; } } @@ -2769,12 +2771,12 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt) memset(identity, 0, sizeof(identity)); psklen = s->psk_client_callback(s, s->session->psk_identity_hint, - identity, sizeof(identity) - 1, - psk, sizeof(psk)); + identity, sizeof(identity) - 1, + psk, sizeof(psk)); if (psklen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_INTERNAL_ERROR); - psklen = PSK_MAX_PSK_LEN; /* Avoid overrunning the array on cleanse */ + psklen = PSK_MAX_PSK_LEN; /* Avoid overrunning the array on cleanse */ goto err; } else if (psklen == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_PSK_IDENTITY_NOT_FOUND); @@ -2802,14 +2804,14 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt) s->session->psk_identity = tmpidentity; tmpidentity = NULL; - if (!WPACKET_sub_memcpy_u16(pkt, identity, identitylen)) { + if (!WPACKET_sub_memcpy_u16(pkt, identity, identitylen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } ret = 1; - err: +err: OPENSSL_cleanse(psk, psklen); OPENSSL_cleanse(identity, sizeof(identity)); OPENSSL_clear_free(tmppsk, psklen); @@ -2872,7 +2874,7 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) goto err; } if (!WPACKET_allocate_bytes(pkt, enclen, &encdata) - || EVP_PKEY_encrypt(pctx, encdata, &enclen, pms, pmslen) <= 0) { + || EVP_PKEY_encrypt(pctx, encdata, &enclen, pms, pmslen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_RSA_ENCRYPT); goto err; } @@ -2895,7 +2897,7 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) s->s3.tmp.pmslen = pmslen; return 1; - err: +err: OPENSSL_clear_free(pms, pmslen); EVP_PKEY_CTX_free(pctx); @@ -2959,7 +2961,7 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt) } ret = 1; - err: +err: OPENSSL_free(encoded_pub); EVP_PKEY_free(ckey); return ret; @@ -3003,7 +3005,7 @@ static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt) } ret = 1; - err: +err: OPENSSL_free(encodedPoint); EVP_PKEY_free(ckey); return ret; @@ -3032,13 +3034,13 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) peer_cert = s->session->peer; if (peer_cert == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); + SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); return 0; } pkey_ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, - X509_get0_pubkey(peer_cert), - s->ctx->propq); + X509_get0_pubkey(peer_cert), + s->ctx->propq); if (pkey_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); return 0; @@ -3072,9 +3074,11 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) if (ukm_hash == NULL || EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0 || EVP_DigestUpdate(ukm_hash, s->s3.client_random, - SSL3_RANDOM_SIZE) <= 0 + SSL3_RANDOM_SIZE) + <= 0 || EVP_DigestUpdate(ukm_hash, s->s3.server_random, - SSL3_RANDOM_SIZE) <= 0 + SSL3_RANDOM_SIZE) + <= 0 || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -3082,7 +3086,8 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) EVP_MD_CTX_free(ukm_hash); ukm_hash = NULL; if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) <= 0) { + EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } @@ -3097,8 +3102,8 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) } if (!WPACKET_put_bytes_u8(pkt, V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) - || (msglen >= 0x80 && !WPACKET_put_bytes_u8(pkt, 0x81)) - || !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) { + || (msglen >= 0x80 && !WPACKET_put_bytes_u8(pkt, 0x81)) + || !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -3108,7 +3113,7 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) s->s3.tmp.pmslen = pmslen; return 1; - err: +err: EVP_PKEY_CTX_free(pkey_ctx); OPENSSL_clear_free(pms, pmslen); EVP_MD_CTX_free(ukm_hash); @@ -3132,7 +3137,7 @@ int ossl_gost18_cke_cipher_nid(const SSL *s) int ossl_gost_ukm(const SSL *s, unsigned char *dgst_buf) { - EVP_MD_CTX * hash = NULL; + EVP_MD_CTX *hash = NULL; unsigned int md_len; const EVP_MD *md = ssl_evp_md_fetch(s->ctx->libctx, NID_id_GostR3411_2012_256, s->ctx->propq); @@ -3191,36 +3196,38 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt) goto err; } - /* Get server certificate PKEY and create ctx from it */ + /* Get server certificate PKEY and create ctx from it */ peer_cert = s->session->peer; if (peer_cert == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); + SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); goto err; } pkey_ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, - X509_get0_pubkey(peer_cert), - s->ctx->propq); + X509_get0_pubkey(peer_cert), + s->ctx->propq); if (pkey_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; } - if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0 ) { + if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; }; /* Reuse EVP_PKEY_CTRL_SET_IV, make choice in engine code */ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) <= 0) { + EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) <= 0) { + EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } @@ -3231,7 +3238,7 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt) } if (!WPACKET_allocate_bytes(pkt, msglen, &encdata) - || EVP_PKEY_encrypt(pkey_ctx, encdata, &msglen, pms, pmslen) <= 0) { + || EVP_PKEY_encrypt(pkey_ctx, encdata, &msglen, pms, pmslen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -3242,7 +3249,7 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt) s->s3.tmp.pmslen = pmslen; return 1; - err: +err: EVP_PKEY_CTX_free(pkey_ctx); OPENSSL_clear_free(pms, pmslen); return 0; @@ -3258,8 +3265,8 @@ static int tls_construct_cke_srp(SSL *s, WPACKET *pkt) unsigned char *abytes = NULL; if (s->srp_ctx.A == NULL - || !WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(s->srp_ctx.A), - &abytes)) { + || !WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(s->srp_ctx.A), + &abytes)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -3317,7 +3324,7 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt) } return 1; - err: +err: OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen); s->s3.tmp.pms = NULL; s->s3.tmp.pmslen = 0; @@ -3373,7 +3380,7 @@ int tls_client_key_exchange_post_work(SSL *s) * used. */ memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, - sizeof(DTLS1_SCTP_AUTH_LABEL)); + sizeof(DTLS1_SCTP_AUTH_LABEL)); /* Don't include the terminating zero. */ labellen = sizeof(labelbuffer) - 1; @@ -3381,19 +3388,20 @@ int tls_client_key_exchange_post_work(SSL *s) labellen += 1; if (SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - labellen, NULL, 0, 0) <= 0) { + sizeof(sctpauthkey), labelbuffer, + labellen, NULL, 0, 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); + sizeof(sctpauthkey), sctpauthkey); } #endif return 1; - err: +err: OPENSSL_clear_free(pms, pmslen); s->s3.tmp.pms = NULL; s->s3.tmp.pmslen = 0; @@ -3414,8 +3422,7 @@ static int ssl3_check_client_certificate(SSL *s) * If strict mode check suitability of chain before using it. This also * adjusts suite B digest if necessary. */ - if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT && - !tls1_check_chain(s, NULL, NULL, NULL, -2)) + if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT && !tls1_check_chain(s, NULL, NULL, NULL, -2)) return 0; return 1; } @@ -3514,16 +3521,16 @@ int tls_construct_client_certificate(SSL *s, WPACKET *pkt) } } if (!ssl3_output_cert_chain(s, pkt, - (s->s3.tmp.cert_req == 2) ? NULL - : s->cert->key)) { + (s->s3.tmp.cert_req == 2) ? NULL + : s->cert->key)) { /* SSLfatal() already called */ return 0; } if (SSL_IS_TLS13(s) - && SSL_IS_FIRST_HANDSHAKE(s) - && (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) { + && SSL_IS_FIRST_HANDSHAKE(s) + && (!s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) { /* * This is a fatal error, which leaves enc_write_ctx in an inconsistent * state and thus ssl3_send_alert may crash. @@ -3566,7 +3573,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && idx != SSL_PKEY_RSA) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_MISSING_RSA_ENCRYPTING_CERT); + SSL_R_MISSING_RSA_ENCRYPTING_CERT); return 0; } @@ -3588,7 +3595,7 @@ int tls_construct_next_proto(SSL *s, WPACKET *pkt) padding_len = 32 - ((len + 2) % 32); if (!WPACKET_sub_memcpy_u8(pkt, s->ext.npn, len) - || !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) { + || !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -3633,16 +3640,16 @@ static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt) RAW_EXTENSION *rawexts = NULL; if (!PACKET_as_length_prefixed_2(pkt, &extensions) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } if (!tls_collect_extensions(s, &extensions, - SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, &rawexts, - NULL, 1) - || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, - rawexts, NULL, 0, 1)) { + SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, &rawexts, + NULL, 1) + || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + rawexts, NULL, 0, 1)) { /* SSLfatal() already called */ goto err; } @@ -3650,7 +3657,7 @@ static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt) OPENSSL_free(rawexts); return MSG_PROCESS_CONTINUE_READING; - err: +err: OPENSSL_free(rawexts); return MSG_PROCESS_ERROR; } @@ -3688,9 +3695,9 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt) } #ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH -# if OPENSSL_MAX_TLS1_2_CIPHER_LENGTH < 6 -# error Max cipher length too short -# endif +#if OPENSSL_MAX_TLS1_2_CIPHER_LENGTH < 6 +#error Max cipher length too short +#endif /* * Some servers hang if client hello > 256 bytes as hack workaround * chop number of supported ciphers to keep it well below this if we @@ -3725,11 +3732,11 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt) if (!maxverok) { if (SSL_IS_DTLS(s)) { if (DTLS_VERSION_GE(c->max_dtls, s->s3.tmp.max_ver) - && DTLS_VERSION_LE(c->min_dtls, s->s3.tmp.max_ver)) + && DTLS_VERSION_LE(c->min_dtls, s->s3.tmp.max_ver)) maxverok = 1; } else { if (c->max_tls >= s->s3.tmp.max_ver - && c->min_tls <= s->s3.tmp.max_ver) + && c->min_tls <= s->s3.tmp.max_ver) maxverok = 1; } } @@ -3738,13 +3745,12 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt) } if (totlen == 0 || !maxverok) { - const char *maxvertext = - !maxverok + const char *maxvertext = !maxverok ? "No ciphers enabled for max supported SSL/TLS version" : NULL; SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_CIPHERS_AVAILABLE, - maxvertext); + maxvertext); return 0; } @@ -3775,7 +3781,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt) int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt) { if (s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY - && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) { + && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 040c23035c99..b4d27ada8c80 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -20,37 +20,46 @@ #define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) -#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \ - if ((end) - (start) <= 8) { \ - long ii; \ - for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ - } else { \ - long ii; \ - bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ - for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \ - bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ - } } +#define RSMBLY_BITMASK_MARK(bitmask, start, end) \ + { \ + if ((end) - (start) <= 8) { \ + long ii; \ + for (ii = (start); ii < (end); ii++) \ + bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ + } else { \ + long ii; \ + bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ + for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) \ + bitmask[ii] = 0xff; \ + bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ + } \ + } -#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \ - long ii; \ - is_complete = 1; \ - if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \ - if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ - if (bitmask[ii] != 0xff) { is_complete = 0; break; } } +#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) \ + { \ + long ii; \ + is_complete = 1; \ + if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) \ + is_complete = 0; \ + if (is_complete) \ + for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0; ii--) \ + if (bitmask[ii] != 0xff) { \ + is_complete = 0; \ + break; \ + } \ + } -static unsigned char bitmask_start_values[] = - { 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 }; -static unsigned char bitmask_end_values[] = - { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f }; +static unsigned char bitmask_start_values[] = { 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 }; +static unsigned char bitmask_end_values[] = { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f }; static void dtls1_fix_message_header(SSL *s, size_t frag_off, - size_t frag_len); + size_t frag_len); static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p); static void dtls1_set_message_header_int(SSL *s, unsigned char mt, - size_t len, - unsigned short seq_num, - size_t frag_off, - size_t frag_len); + size_t len, + unsigned short seq_num, + size_t frag_off, + size_t frag_len); static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len); static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly) @@ -121,23 +130,20 @@ int dtls1_do_write(SSL *s, int type) return -1; if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) { - if (!ossl_assert(s->init_num == - s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH)) + if (!ossl_assert(s->init_num == s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH)) return -1; } if (s->write_hash) { if (s->enc_write_ctx - && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) & - EVP_CIPH_FLAG_AEAD_CIPHER) != 0) + && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) mac_size = 0; else mac_size = EVP_MD_CTX_get_size(s->write_hash); } else mac_size = 0; - if (s->enc_write_ctx && - (EVP_CIPHER_CTX_get_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE)) + if (s->enc_write_ctx && (EVP_CIPHER_CTX_get_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE)) blocksize = 2 * EVP_CIPHER_CTX_get_block_size(s->enc_write_ctx); else blocksize = 0; @@ -231,12 +237,11 @@ int dtls1_do_write(SSL *s, int type) dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH); dtls1_write_message_header(s, - (unsigned char *)&s->init_buf-> - data[s->init_off]); + (unsigned char *)&s->init_buf->data[s->init_off]); } ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len, - &written); + &written); if (ret <= 0) { /* * might need to update MTU here, but we don't know which @@ -244,8 +249,7 @@ int dtls1_do_write(SSL *s, int type) * retransmit anything. continue as if everything is fine and * wait for an alert to handle the retransmit */ - if (retry && BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) { + if (retry && BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) { if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { if (!dtls1_query_mtu(s)) return -1; @@ -270,8 +274,7 @@ int dtls1_do_write(SSL *s, int type) * should not be done for 'Hello Request's, but in that case * we'll ignore the result anyway */ - unsigned char *p = - (unsigned char *)&s->init_buf->data[s->init_off]; + unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; size_t xlen; @@ -299,8 +302,8 @@ int dtls1_do_write(SSL *s, int type) if (written == s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, - (size_t)(s->init_off + s->init_num), s, - s->msg_callback_arg); + (size_t)(s->init_off + s->init_num), s, + s->msg_callback_arg); s->init_off = 0; /* done writing this message */ s->init_num = 0; @@ -335,10 +338,10 @@ int dtls_get_message(SSL *s, int *mt) msg_hdr = &s->d1->r_msg_hdr; memset(msg_hdr, 0, sizeof(*msg_hdr)); - again: +again: if (!dtls_get_reassembled_message(s, &errtype, &tmplen)) { if (errtype == DTLS1_HM_BAD_FRAGMENT - || errtype == DTLS1_HM_FRAGMENT_RETRY) { + || errtype == DTLS1_HM_FRAGMENT_RETRY) { /* bad fragment received */ goto again; } @@ -352,7 +355,7 @@ int dtls_get_message(SSL *s, int *mt) if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) { if (s->msg_callback) { s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, - p, 1, s, s->msg_callback_arg); + p, 1, s, s->msg_callback_arg); } /* * This isn't a real handshake message so skip the processing below. @@ -411,10 +414,10 @@ int dtls_get_message_body(SSL *s, size_t *len) if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - s->init_buf->data, s->init_num + DTLS1_HM_HEADER_LENGTH, - s, s->msg_callback_arg); + s->init_buf->data, s->init_num + DTLS1_HM_HEADER_LENGTH, + s, s->msg_callback_arg); - end: +end: *len = s->init_num; return 1; } @@ -442,7 +445,7 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr) /* sanity checking */ if ((frag_off + frag_len) > msg_len - || msg_len > dtls1_max_handshake_message_len(s)) { + || msg_len > dtls1_max_handshake_message_len(s)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_EXCESSIVE_MESSAGE_SIZE); return 0; } @@ -505,9 +508,9 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, size_t *len) hm_fragment *nextfrag; if (!s->server - || frag->msg_header.seq != 0 - || s->d1->handshake_read_seq != 1 - || s->statem.hand_state != DTLS_ST_SW_HELLO_VERIFY_REQUEST) { + || frag->msg_header.seq != 0 + || s->d1->handshake_read_seq != 1 + || s->statem.hand_state != DTLS_ST_SW_HELLO_VERIFY_REQUEST) { /* * This is a stale message that has been buffered so clear it. * It is safe to pop this message from the queue even though @@ -530,9 +533,9 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, size_t *len) nextfrag = (hm_fragment *)next->data; if (nextfrag->msg_header.seq == s->d1->handshake_read_seq) { /* - * We have fragments for both a ClientHello without - * cookie and one with. Ditch the one without. - */ + * We have fragments for both a ClientHello without + * cookie and one with. Ditch the one without. + */ pqueue_pop(s->d1->buffered_messages); dtls1_hm_fragment_free(frag); pitem_free(item); @@ -560,10 +563,9 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, size_t *len) ret = dtls1_preprocess_fragment(s, &frag->msg_header); if (ret && frag->msg_header.frag_len > 0) { - unsigned char *p = - (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; memcpy(&p[frag->msg_header.frag_off], frag->fragment, - frag->msg_header.frag_len); + frag->msg_header.frag_len); } dtls1_hm_fragment_free(frag); @@ -602,8 +604,7 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr) size_t frag_len = msg_hdr->frag_len; size_t readbytes; - if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || - msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) + if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) goto err; if (frag_len == 0) { @@ -642,10 +643,8 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr) while (frag_len) { i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - devnull, - frag_len > - sizeof(devnull) ? sizeof(devnull) : - frag_len, 0, &readbytes); + devnull, + frag_len > sizeof(devnull) ? sizeof(devnull) : frag_len, 0, &readbytes); if (i <= 0) goto err; frag_len -= readbytes; @@ -655,20 +654,20 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr) /* read the body of the fragment (header has already been read */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - frag->fragment + msg_hdr->frag_off, - frag_len, 0, &readbytes); + frag->fragment + msg_hdr->frag_off, + frag_len, 0, &readbytes); if (i <= 0 || readbytes != frag_len) i = -1; if (i <= 0) goto err; RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, - (long)(msg_hdr->frag_off + frag_len)); + (long)(msg_hdr->frag_off + frag_len)); if (!ossl_assert(msg_hdr->msg_len > 0)) goto err; RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, - is_complete); + is_complete); if (is_complete) { OPENSSL_free(frag->reassembly); @@ -695,7 +694,7 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr) return DTLS1_HM_FRAGMENT_RETRY; - err: +err: if (item == NULL) dtls1_hm_fragment_free(frag); return -1; @@ -732,17 +731,13 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr) * in the future, already in the queue or if we received a FINISHED * before the SERVER_HELLO, which then must be a stale retransmit. */ - if (msg_hdr->seq <= s->d1->handshake_read_seq || - msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || - (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { + if (msg_hdr->seq <= s->d1->handshake_read_seq || msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { unsigned char devnull[256]; while (frag_len) { i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - devnull, - frag_len > - sizeof(devnull) ? sizeof(devnull) : - frag_len, 0, &readbytes); + devnull, + frag_len > sizeof(devnull) ? sizeof(devnull) : frag_len, 0, &readbytes); if (i <= 0) goto err; frag_len -= readbytes; @@ -766,9 +761,9 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr) * read the body of the fragment (header has already been read */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - frag->fragment, frag_len, 0, - &readbytes); - if (i<=0 || readbytes != frag_len) + frag->fragment, frag_len, 0, + &readbytes); + if (i <= 0 || readbytes != frag_len) i = -1; if (i <= 0) goto err; @@ -793,7 +788,7 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr) return DTLS1_HM_FRAGMENT_RETRY; - err: +err: if (item == NULL) dtls1_hm_fragment_free(frag); return 0; @@ -810,7 +805,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) *errtype = 0; - redo: +redo: /* see if we have the required fragment already */ ret = dtls1_retrieve_buffered_fragment(s, &frag_len); if (ret < 0) { @@ -825,8 +820,8 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) /* read handshake message header */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire, - DTLS1_HM_HEADER_LENGTH, 0, &readbytes); - if (i <= 0) { /* nbio, or an error */ + DTLS1_HM_HEADER_LENGTH, 0, &readbytes); + if (i <= 0) { /* nbio, or an error */ s->rwstate = SSL_READING; *len = 0; return 0; @@ -834,7 +829,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) { if (wire[0] != SSL3_MT_CCS) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_BAD_CHANGE_CIPHER_SPEC); + SSL_R_BAD_CHANGE_CIPHER_SPEC); goto f_err; } @@ -877,10 +872,10 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) */ if (msg_hdr.seq != s->d1->handshake_read_seq) { if (!s->server - || msg_hdr.seq != 0 - || s->d1->handshake_read_seq != 1 - || wire[0] != SSL3_MT_CLIENT_HELLO - || s->statem.hand_state != DTLS_ST_SW_HELLO_VERIFY_REQUEST) { + || msg_hdr.seq != 0 + || s->d1->handshake_read_seq != 1 + || wire[0] != SSL3_MT_CLIENT_HELLO + || s->statem.hand_state != DTLS_ST_SW_HELLO_VERIFY_REQUEST) { *errtype = dtls1_process_out_of_seq_message(s, &msg_hdr); return 0; } @@ -898,9 +893,9 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) } if (!s->server - && s->d1->r_msg_hdr.frag_off == 0 - && s->statem.hand_state != TLS_ST_OK - && wire[0] == SSL3_MT_HELLO_REQUEST) { + && s->d1->r_msg_hdr.frag_off == 0 + && s->statem.hand_state != TLS_ST_OK + && wire[0] == SSL3_MT_HELLO_REQUEST) { /* * The server may always send 'Hello Request' messages -- we are * doing a handshake anyway now, so ignore them if their format is @@ -909,12 +904,12 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) { if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - wire, DTLS1_HM_HEADER_LENGTH, s, - s->msg_callback_arg); + wire, DTLS1_HM_HEADER_LENGTH, s, + s->msg_callback_arg); s->init_num = 0; goto redo; - } else { /* Incorrectly formatted Hello request */ + } else { /* Incorrectly formatted Hello request */ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto f_err; @@ -927,11 +922,10 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) } if (frag_len > 0) { - unsigned char *p = - (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - &p[frag_off], frag_len, 0, &readbytes); + &p[frag_off], frag_len, 0, &readbytes); /* * This shouldn't ever fail due to NBIO because we already checked @@ -975,7 +969,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) *len = s->init_num = frag_len; return 1; - f_err: +f_err: s->init_num = 0; *len = 0; return 0; @@ -1059,8 +1053,7 @@ int dtls1_read_failed(SSL *s, int code) return code; } /* done, no need to send a retransmit */ - if (!SSL_in_init(s)) - { + if (!SSL_in_init(s)) { BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); return code; } @@ -1095,10 +1088,7 @@ int dtls1_retransmit_buffered_messages(SSL *s) for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) { frag = (hm_fragment *)item->data; - if (dtls1_retransmit_message(s, (unsigned short) - dtls1_get_queue_priority - (frag->msg_header.seq, - frag->msg_header.is_ccs), &found) <= 0) + if (dtls1_retransmit_message(s, (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs), &found) <= 0) return -1; } @@ -1126,16 +1116,13 @@ int dtls1_buffer_message(SSL *s, int is_ccs) if (is_ccs) { /* For DTLS1_BAD_VER the header length is non-standard */ - if (!ossl_assert(s->d1->w_msg_hdr.msg_len + - ((s->version == - DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH) - == (unsigned int)s->init_num)) { + if (!ossl_assert(s->d1->w_msg_hdr.msg_len + ((s->version == DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH) + == (unsigned int)s->init_num)) { dtls1_hm_fragment_free(frag); return 0; } } else { - if (!ossl_assert(s->d1->w_msg_hdr.msg_len + - DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num)) { + if (!ossl_assert(s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num)) { dtls1_hm_fragment_free(frag); return 0; } @@ -1153,18 +1140,14 @@ int dtls1_buffer_message(SSL *s, int is_ccs) frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; frag->msg_header.saved_retransmit_state.compress = s->compress; frag->msg_header.saved_retransmit_state.session = s->session; - frag->msg_header.saved_retransmit_state.epoch = - DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer); + frag->msg_header.saved_retransmit_state.epoch = DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer); memset(seq64be, 0, sizeof(seq64be)); - seq64be[6] = - (unsigned - char)(dtls1_get_queue_priority(frag->msg_header.seq, - frag->msg_header.is_ccs) >> 8); - seq64be[7] = - (unsigned - char)(dtls1_get_queue_priority(frag->msg_header.seq, - frag->msg_header.is_ccs)); + seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, + frag->msg_header.is_ccs) + >> 8); + seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, + frag->msg_header.is_ccs)); item = pitem_new(seq64be, frag); if (item == NULL) { @@ -1207,13 +1190,13 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found) header_length = DTLS1_HM_HEADER_LENGTH; memcpy(s->init_buf->data, frag->fragment, - frag->msg_header.msg_len + header_length); + frag->msg_header.msg_len + header_length); s->init_num = frag->msg_header.msg_len + header_length; dtls1_set_message_header_int(s, frag->msg_header.type, - frag->msg_header.msg_len, - frag->msg_header.seq, 0, - frag->msg_header.frag_len); + frag->msg_header.msg_len, + frag->msg_header.seq, 0, + frag->msg_header.frag_len); /* save current state */ saved_state.enc_write_ctx = s->enc_write_ctx; @@ -1230,11 +1213,9 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found) s->compress = frag->msg_header.saved_retransmit_state.compress; s->session = frag->msg_header.saved_retransmit_state.session; DTLS_RECORD_LAYER_set_saved_w_epoch(&s->rlayer, - frag->msg_header. - saved_retransmit_state.epoch); + frag->msg_header.saved_retransmit_state.epoch); - ret = dtls1_do_write(s, frag->msg_header.is_ccs ? - SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); + ret = dtls1_do_write(s, frag->msg_header.is_ccs ? SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); /* restore current state */ s->enc_write_ctx = saved_state.enc_write_ctx; @@ -1250,8 +1231,8 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found) } void dtls1_set_message_header(SSL *s, - unsigned char mt, size_t len, - size_t frag_off, size_t frag_len) + unsigned char mt, size_t len, + size_t frag_off, size_t frag_len) { if (frag_off == 0) { s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; @@ -1259,14 +1240,14 @@ void dtls1_set_message_header(SSL *s, } dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, - frag_off, frag_len); + frag_off, frag_len); } /* don't actually do the writing, wait till the MTU has been retrieved */ static void dtls1_set_message_header_int(SSL *s, unsigned char mt, - size_t len, unsigned short seq_num, - size_t frag_off, size_t frag_len) + size_t len, unsigned short seq_num, + size_t frag_off, size_t frag_len) { struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; @@ -1318,7 +1299,7 @@ int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype) if (htype == SSL3_MT_CHANGE_CIPHER_SPEC) { s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, - s->d1->handshake_write_seq, 0, 0); + s->d1->handshake_write_seq, 0, 0); if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) return 0; } else { @@ -1328,7 +1309,7 @@ int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype) * filled in later */ if (!WPACKET_allocate_bytes(pkt, DTLS1_HM_HEADER_LENGTH, &header) - || !WPACKET_start_sub_packet(pkt)) + || !WPACKET_start_sub_packet(pkt)) return 0; } @@ -1340,8 +1321,8 @@ int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype) size_t msglen; if ((htype != SSL3_MT_CHANGE_CIPHER_SPEC && !WPACKET_close(pkt)) - || !WPACKET_get_length(pkt, &msglen) - || msglen > INT_MAX) + || !WPACKET_get_length(pkt, &msglen) + || msglen > INT_MAX) return 0; if (htype != SSL3_MT_CHANGE_CIPHER_SPEC) { @@ -1353,8 +1334,7 @@ int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype) if (htype != DTLS1_MT_HELLO_VERIFY_REQUEST) { /* Buffer the message to handle re-xmits */ - if (!dtls1_buffer_message(s, htype == SSL3_MT_CHANGE_CIPHER_SPEC - ? 1 : 0)) + if (!dtls1_buffer_message(s, htype == SSL3_MT_CHANGE_CIPHER_SPEC ? 1 : 0)) return 0; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 422d0428d465..0d32162d5c58 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -46,7 +46,7 @@ int ssl3_do_write(SSL *s, int type) size_t written = 0; ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], - s->init_num, &written); + s->init_num, &written); if (ret <= 0) return -1; if (type == SSL3_RT_HANDSHAKE) @@ -55,18 +55,16 @@ int ssl3_do_write(SSL *s, int type) * ignore the result anyway * TLS1.3 KeyUpdate and NewSessionTicket do not need to be added */ - if (!SSL_IS_TLS13(s) || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET - && s->statem.hand_state != TLS_ST_CW_KEY_UPDATE - && s->statem.hand_state != TLS_ST_SW_KEY_UPDATE)) + if (!SSL_IS_TLS13(s) || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET && s->statem.hand_state != TLS_ST_CW_KEY_UPDATE && s->statem.hand_state != TLS_ST_SW_KEY_UPDATE)) if (!ssl3_finish_mac(s, - (unsigned char *)&s->init_buf->data[s->init_off], - written)) + (unsigned char *)&s->init_buf->data[s->init_off], + written)) return -1; if (written == s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, - (size_t)(s->init_off + s->init_num), s, - s->msg_callback_arg); + (size_t)(s->init_off + s->init_num), s, + s->msg_callback_arg); return 1; } s->init_off += written; @@ -79,8 +77,8 @@ int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype) size_t msglen; if ((htype != SSL3_MT_CHANGE_CIPHER_SPEC && !WPACKET_close(pkt)) - || !WPACKET_get_length(pkt, &msglen) - || msglen > INT_MAX) + || !WPACKET_get_length(pkt, &msglen) + || msglen > INT_MAX) return 0; s->init_num = (int)msglen; s->init_off = 0; @@ -119,11 +117,11 @@ int tls_setup_handshake(SSL *s) } if (md5sha1_needed) { SSLfatal_data(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SUITABLE_DIGEST_ALGORITHM, - "The max supported SSL/TLS version needs the" - " MD5-SHA1 digest but it is not available" - " in the loaded providers. Use (D)TLSv1.2 or" - " above, or load different providers"); + SSL_R_NO_SUITABLE_DIGEST_ALGORITHM, + "The max supported SSL/TLS version needs the" + " MD5-SHA1 digest but it is not available" + " in the loaded providers. Use (D)TLSv1.2 or" + " above, or load different providers"); return 0; } @@ -157,8 +155,7 @@ int tls_setup_handshake(SSL *s) const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i); if (SSL_IS_DTLS(s)) { - if (DTLS_VERSION_GE(ver_max, c->min_dtls) && - DTLS_VERSION_LE(ver_max, c->max_dtls)) + if (DTLS_VERSION_GE(ver_max, c->min_dtls) && DTLS_VERSION_LE(ver_max, c->max_dtls)) ok = 1; } else if (ver_max >= c->min_tls && ver_max <= c->max_tls) { ok = 1; @@ -168,9 +165,9 @@ int tls_setup_handshake(SSL *s) } if (!ok) { SSLfatal_data(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_CIPHERS_AVAILABLE, - "No ciphers enabled for max supported " - "SSL/TLS version"); + SSL_R_NO_CIPHERS_AVAILABLE, + "No ciphers enabled for max supported " + "SSL/TLS version"); return 0; } if (SSL_IS_FIRST_HANDSHAKE(s)) { @@ -187,7 +184,7 @@ int tls_setup_handshake(SSL *s) ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_connect); else ssl_tsan_counter(s->session_ctx, - &s->session_ctx->stats.sess_connect_renegotiate); + &s->session_ctx->stats.sess_connect_renegotiate); /* mark client_random uninitialized */ memset(s->s3.client_random, 0, sizeof(s->s3.client_random)); @@ -206,21 +203,21 @@ int tls_setup_handshake(SSL *s) * Size of the to-be-signed TLS13 data, without the hash size itself: * 64 bytes of value 32, 33 context bytes, 1 byte separator */ -#define TLS13_TBS_START_SIZE 64 -#define TLS13_TBS_PREAMBLE_SIZE (TLS13_TBS_START_SIZE + 33 + 1) +#define TLS13_TBS_START_SIZE 64 +#define TLS13_TBS_PREAMBLE_SIZE (TLS13_TBS_START_SIZE + 33 + 1) static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, - void **hdata, size_t *hdatalen) + void **hdata, size_t *hdatalen) { #ifdef CHARSET_EBCDIC static const char servercontext[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, - 0x33, 0x2c, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, - 0x69, 0x66, 0x79, 0x00 }; + 0x33, 0x2c, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, + 0x69, 0x66, 0x79, 0x00 }; static const char clientcontext[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, - 0x33, 0x2c, 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, - 0x69, 0x66, 0x79, 0x00 }; + 0x33, 0x2c, 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, + 0x69, 0x66, 0x79, 0x00 }; #else static const char servercontext[] = "TLS 1.3, server CertificateVerify"; static const char clientcontext[] = "TLS 1.3, client CertificateVerify"; @@ -232,7 +229,7 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, memset(tls13tbs, 32, TLS13_TBS_START_SIZE); /* This copies the 33 bytes of context plus the 0 separator byte */ if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY - || s->statem.hand_state == TLS_ST_SW_CERT_VRFY) + || s->statem.hand_state == TLS_ST_SW_CERT_VRFY) strcpy((char *)tls13tbs + TLS13_TBS_START_SIZE, servercontext); else strcpy((char *)tls13tbs + TLS13_TBS_START_SIZE, clientcontext); @@ -243,12 +240,12 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, * that includes the CertVerify itself. */ if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY - || s->statem.hand_state == TLS_ST_SR_CERT_VRFY) { + || s->statem.hand_state == TLS_ST_SR_CERT_VRFY) { memcpy(tls13tbs + TLS13_TBS_PREAMBLE_SIZE, s->cert_verify_hash, - s->cert_verify_hash_len); + s->cert_verify_hash_len); hashlen = s->cert_verify_hash_len; } else if (!ssl_handshake_hash(s, tls13tbs + TLS13_TBS_PREAMBLE_SIZE, - EVP_MAX_MD_SIZE, &hashlen)) { + EVP_MAX_MD_SIZE, &hashlen)) { /* SSLfatal() already called */ return 0; } @@ -311,9 +308,10 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) } if (EVP_DigestSignInit_ex(mctx, &pctx, - md == NULL ? NULL : EVP_MD_get0_name(md), - s->ctx->libctx, s->ctx->propq, pkey, - NULL) <= 0) { + md == NULL ? NULL : EVP_MD_get0_name(md), + s->ctx->libctx, s->ctx->propq, pkey, + NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -321,7 +319,8 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) if (lu->sig == EVP_PKEY_RSA_PSS) { if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, - RSA_PSS_SALTLEN_DIGEST) <= 0) { + RSA_PSS_SALTLEN_DIGEST) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -333,8 +332,9 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) */ if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0 || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, - (int)s->session->master_key_length, - s->session->master_key) <= 0 + (int)s->session->master_key_length, + s->session->master_key) + <= 0 || EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); @@ -342,7 +342,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) } sig = OPENSSL_malloc(siglen); if (sig == NULL - || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) { + || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -357,7 +357,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) } sig = OPENSSL_malloc(siglen); if (sig == NULL - || EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) { + || EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -388,7 +388,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) OPENSSL_free(sig); EVP_MD_CTX_free(mctx); return 1; - err: +err: OPENSSL_free(sig); EVP_MD_CTX_free(mctx); return 0; @@ -426,7 +426,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) if (ssl_cert_lookup_by_pkey(pkey, NULL) == NULL) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); + SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); goto err; } @@ -442,9 +442,9 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) goto err; } } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED); - goto err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED); + goto err; } if (!tls1_lookup_md(s->ctx, s->s3.tmp.peer_sigalg, &md)) { @@ -454,7 +454,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) if (SSL_USE_SIGALGS(s)) OSSL_TRACE1(TLS, "USING TLSv1.2 HASH %s\n", - md == NULL ? "n/a" : EVP_MD_get0_name(md)); + md == NULL ? "n/a" : EVP_MD_get0_name(md)); /* Check for broken implementations of GOST ciphersuites */ /* @@ -464,14 +464,14 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) #ifndef OPENSSL_NO_GOST if (!SSL_USE_SIGALGS(s) && ((PACKET_remaining(pkt) == 64 - && (EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2001 - || EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_256)) + && (EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2001 + || EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_256)) || (PACKET_remaining(pkt) == 128 && EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_512))) { len = PACKET_remaining(pkt); } else #endif - if (!PACKET_get_net_2(pkt, &len)) { + if (!PACKET_get_net_2(pkt, &len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } @@ -491,12 +491,13 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) } OSSL_TRACE1(TLS, "Using client verify alg %s\n", - md == NULL ? "n/a" : EVP_MD_get0_name(md)); + md == NULL ? "n/a" : EVP_MD_get0_name(md)); if (EVP_DigestVerifyInit_ex(mctx, &pctx, - md == NULL ? NULL : EVP_MD_get0_name(md), - s->ctx->libctx, s->ctx->propq, pkey, - NULL) <= 0) { + md == NULL ? NULL : EVP_MD_get0_name(md), + s->ctx->libctx, s->ctx->propq, pkey, + NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -519,16 +520,18 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) if (SSL_USE_PSS(s)) { if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, - RSA_PSS_SALTLEN_DIGEST) <= 0) { + RSA_PSS_SALTLEN_DIGEST) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } } if (s->version == SSL3_VERSION) { if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0 - || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, - (int)s->session->master_key_length, - s->session->master_key) <= 0) { + || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, + (int)s->session->master_key_length, + s->session->master_key) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -556,7 +559,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) ret = MSG_PROCESS_CONTINUE_PROCESSING; else ret = MSG_PROCESS_CONTINUE_READING; - err: +err: BIO_free(s->s3.handshake_buffer); s->s3.handshake_buffer = NULL; EVP_MD_CTX_free(mctx); @@ -581,10 +584,11 @@ int tls_construct_finished(SSL *s, WPACKET *pkt) * client certificate */ if (SSL_IS_TLS13(s) - && !s->server - && s->s3.tmp.cert_req == 0 - && (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {; + && !s->server + && s->s3.tmp.cert_req == 0 + && (!s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) { + ; /* SSLfatal() already called */ return 0; } @@ -598,8 +602,8 @@ int tls_construct_finished(SSL *s, WPACKET *pkt) } finish_md_len = s->method->ssl3_enc->final_finish_mac(s, - sender, slen, - s->s3.tmp.finish_md); + sender, slen, + s->s3.tmp.finish_md); if (finish_md_len == 0) { /* SSLfatal() already called */ return 0; @@ -616,9 +620,7 @@ int tls_construct_finished(SSL *s, WPACKET *pkt) * Log the master secret, if logging is enabled. We don't log it for * TLSv1.3: there's a different key schedule for that. */ - if (!SSL_IS_TLS13(s) && !ssl_log_secret(s, MASTER_SECRET_LABEL, - s->session->master_key, - s->session->master_key_length)) { + if (!SSL_IS_TLS13(s) && !ssl_log_secret(s, MASTER_SECRET_LABEL, s->session->master_key, s->session->master_key_length)) { /* SSLfatal() already called */ return 0; } @@ -632,11 +634,11 @@ int tls_construct_finished(SSL *s, WPACKET *pkt) } if (!s->server) { memcpy(s->s3.previous_client_finished, s->s3.tmp.finish_md, - finish_md_len); + finish_md_len); s->s3.previous_client_finished_len = finish_md_len; } else { memcpy(s->s3.previous_server_finished, s->s3.tmp.finish_md, - finish_md_len); + finish_md_len); s->s3.previous_server_finished_len = finish_md_len; } @@ -668,7 +670,7 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt) } if (!PACKET_get_1(pkt, &updatetype) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_KEY_UPDATE); return MSG_PROCESS_ERROR; } @@ -678,7 +680,7 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt) * didn't recognise. */ if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED - && updatetype != SSL_KEY_UPDATE_REQUESTED) { + && updatetype != SSL_KEY_UPDATE_REQUESTED) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_UPDATE); return MSG_PROCESS_ERROR; } @@ -716,9 +718,8 @@ int ssl3_take_mac(SSL *s) slen = s->method->ssl3_enc->client_finished_label_len; } - s->s3.tmp.peer_finish_md_len = - s->method->ssl3_enc->final_finish_mac(s, sender, slen, - s->s3.tmp.peer_finish_md); + s->s3.tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, sender, slen, + s->s3.tmp.peer_finish_md); if (s->s3.tmp.peer_finish_md_len == 0) { /* SSLfatal() already called */ @@ -740,7 +741,7 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt) */ if (SSL_IS_DTLS(s)) { if ((s->version == DTLS1_BAD_VER - && remain != DTLS1_CCS_HEADER_LENGTH + 1) + && remain != DTLS1_CCS_HEADER_LENGTH + 1) || (s->version != DTLS1_BAD_VER && remain != DTLS1_CCS_HEADER_LENGTH - 1)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_CHANGE_CIPHER_SPEC); @@ -788,20 +789,19 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) { size_t md_len; - /* This is a real handshake so make sure we clean it up at the end */ if (s->server) { /* - * To get this far we must have read encrypted data from the client. We - * no longer tolerate unencrypted alerts. This value is ignored if less - * than TLSv1.3 - */ + * To get this far we must have read encrypted data from the client. We + * no longer tolerate unencrypted alerts. This value is ignored if less + * than TLSv1.3 + */ s->statem.enc_read_state = ENC_READ_STATE_VALID; if (s->post_handshake_auth != SSL_PHA_REQUESTED) s->statem.cleanuphand = 1; if (SSL_IS_TLS13(s) && !tls13_save_handshake_digest_for_pha(s)) { - /* SSLfatal() already called */ - return MSG_PROCESS_ERROR; + /* SSLfatal() already called */ + return MSG_PROCESS_ERROR; } } @@ -829,7 +829,8 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) } if (CRYPTO_memcmp(PACKET_data(pkt), s->s3.tmp.peer_finish_md, - md_len) != 0) { + md_len) + != 0) { SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_DIGEST_CHECK_FAILED); return MSG_PROCESS_ERROR; } @@ -843,11 +844,11 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) } if (s->server) { memcpy(s->s3.previous_client_finished, s->s3.tmp.peer_finish_md, - md_len); + md_len); s->s3.previous_client_finished_len = md_len; } else { memcpy(s->s3.previous_server_finished, s->s3.tmp.peer_finish_md, - md_len); + md_len); s->s3.previous_server_finished_len = md_len; } @@ -857,9 +858,7 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) */ if (SSL_IS_TLS13(s)) { if (s->server) { - if (s->post_handshake_auth != SSL_PHA_REQUESTED && - !s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) { + if (s->post_handshake_auth != SSL_PHA_REQUESTED && !s->method->ssl3_enc->change_cipher_state(s, SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) { /* SSLfatal() already called */ return MSG_PROCESS_ERROR; } @@ -909,14 +908,14 @@ static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain) return 0; } if (!WPACKET_sub_allocate_bytes_u24(pkt, len, &outbytes) - || i2d_X509(x, &outbytes) != len) { + || i2d_X509(x, &outbytes) != len) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } if (SSL_IS_TLS13(s) - && !tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_CERTIFICATE, x, - chain)) { + && !tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_CERTIFICATE, x, + chain)) { /* SSLfatal() already called */ return 0; } @@ -955,7 +954,7 @@ static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) if (chain_store != NULL) { X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new_ex(s->ctx->libctx, - s->ctx->propq); + s->ctx->propq); if (xs_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); @@ -1044,9 +1043,9 @@ unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) * freed up as well. */ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst, - int clearbufs, int stop) + int clearbufs, int stop) { - void (*cb) (const SSL *ssl, int type, int val) = NULL; + void (*cb)(const SSL *ssl, int type, int val) = NULL; int cleanuphand = s->statem.cleanuphand; if (clearbufs) { @@ -1060,7 +1059,7 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst, */ || BIO_dgram_is_sctp(SSL_get_wbio(s)) #endif - ) { + ) { /* * We don't do this in DTLS over UDP because we may still need the init_buf * in case there are any unexpected retransmits @@ -1077,7 +1076,7 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst, } if (SSL_IS_TLS13(s) && !s->server - && s->post_handshake_auth == SSL_PHA_REQUESTED) + && s->post_handshake_auth == SSL_PHA_REQUESTED) s->post_handshake_auth = SSL_PHA_EXT_SENT; /* @@ -1111,7 +1110,8 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst, * so we remove this one from the cache. */ if ((s->session_ctx->session_cache_mode - & SSL_SESS_CACHE_CLIENT) != 0) + & SSL_SESS_CACHE_CLIENT) + != 0) SSL_CTX_remove_session(s->session_ctx, s->session); } else { /* @@ -1122,11 +1122,11 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst, } if (s->hit) ssl_tsan_counter(s->session_ctx, - &s->session_ctx->stats.sess_hit); + &s->session_ctx->stats.sess_hit); s->handshake_func = ossl_statem_connect; ssl_tsan_counter(s->session_ctx, - &s->session_ctx->stats.sess_connect_good); + &s->session_ctx->stats.sess_connect_good); } if (SSL_IS_DTLS(s)) { @@ -1148,8 +1148,8 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst, if (cb != NULL) { if (cleanuphand - || !SSL_IS_TLS13(s) - || SSL_IS_FIRST_HANDSHAKE(s)) + || !SSL_IS_TLS13(s) + || SSL_IS_FIRST_HANDSHAKE(s)) cb(s, SSL_CB_HANDSHAKE_DONE, 1); } @@ -1174,9 +1174,9 @@ int tls_get_message_header(SSL *s, int *mt) do { while (s->init_num < SSL3_HM_HEADER_LENGTH) { i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, - &p[s->init_num], - SSL3_HM_HEADER_LENGTH - s->init_num, - 0, &readbytes); + &p[s->init_num], + SSL3_HM_HEADER_LENGTH - s->init_num, + 0, &readbytes); if (i <= 0) { s->rwstate = SSL_READING; return 0; @@ -1188,11 +1188,11 @@ int tls_get_message_header(SSL *s, int *mt) */ if (s->init_num != 0 || readbytes != 1 || p[0] != SSL3_MT_CCS) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_BAD_CHANGE_CIPHER_SPEC); + SSL_R_BAD_CHANGE_CIPHER_SPEC); return 0; } if (s->statem.hand_state == TLS_ST_BEFORE - && (s->s3.flags & TLS1_FLAGS_STATELESS) != 0) { + && (s->s3.flags & TLS1_FLAGS_STATELESS) != 0) { /* * We are stateless and we received a CCS. Probably this is * from a client between the first and second ClientHellos. @@ -1209,7 +1209,7 @@ int tls_get_message_header(SSL *s, int *mt) return 1; } else if (recvd_type != SSL3_RT_HANDSHAKE) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_CCS_RECEIVED_EARLY); + SSL_R_CCS_RECEIVED_EARLY); return 0; } s->init_num += readbytes; @@ -1218,7 +1218,7 @@ int tls_get_message_header(SSL *s, int *mt) skip_message = 0; if (!s->server) if (s->statem.hand_state != TLS_ST_OK - && p[0] == SSL3_MT_HELLO_REQUEST) + && p[0] == SSL3_MT_HELLO_REQUEST) /* * The server may always send 'Hello Request' messages -- * we are doing a handshake anyway now, so ignore them if @@ -1231,8 +1231,8 @@ int tls_get_message_header(SSL *s, int *mt) if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - p, SSL3_HM_HEADER_LENGTH, s, - s->msg_callback_arg); + p, SSL3_HM_HEADER_LENGTH, s, + s->msg_callback_arg); } } while (skip_message); /* s->init_num == SSL3_HM_HEADER_LENGTH */ @@ -1259,7 +1259,7 @@ int tls_get_message_header(SSL *s, int *mt) /* BUF_MEM_grow takes an 'int' parameter */ if (l > (INT_MAX - SSL3_HM_HEADER_LENGTH)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_EXCESSIVE_MESSAGE_SIZE); + SSL_R_EXCESSIVE_MESSAGE_SIZE); return 0; } s->s3.tmp.message_size = l; @@ -1287,7 +1287,7 @@ int tls_get_message_body(SSL *s, size_t *len) n = s->s3.tmp.message_size - s->init_num; while (n > 0) { i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - &p[s->init_num], n, 0, &readbytes); + &p[s->init_num], n, 0, &readbytes); if (i <= 0) { s->rwstate = SSL_READING; *len = 0; @@ -1310,14 +1310,14 @@ int tls_get_message_body(SSL *s, size_t *len) /* Feed this message into MAC computation. */ if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) { if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, - s->init_num)) { + s->init_num)) { /* SSLfatal() already called */ *len = 0; return 0; } if (s->msg_callback) s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data, - (size_t)s->init_num, s, s->msg_callback_arg); + (size_t)s->init_num, s, s->msg_callback_arg); } else { /* * We defer feeding in the HRR until later. We'll do it as part of @@ -1325,17 +1325,17 @@ int tls_get_message_body(SSL *s, size_t *len) * The TLsv1.3 handshake transcript stops at the ClientFinished * message. */ -#define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2) +#define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2) /* KeyUpdate and NewSessionTicket do not need to be added */ - if (!SSL_IS_TLS13(s) || (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET - && s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) { + if (!SSL_IS_TLS13(s) || (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET && s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) { if (s->s3.tmp.message_type != SSL3_MT_SERVER_HELLO - || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE - || memcmp(hrrrandom, - s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET, - SSL3_RANDOM_SIZE) != 0) { + || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE + || memcmp(hrrrandom, + s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET, + SSL3_RANDOM_SIZE) + != 0) { if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, - s->init_num + SSL3_HM_HEADER_LENGTH)) { + s->init_num + SSL3_HM_HEADER_LENGTH)) { /* SSLfatal() already called */ *len = 0; return 0; @@ -1344,8 +1344,8 @@ int tls_get_message_body(SSL *s, size_t *len) } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, - (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s, - s->msg_callback_arg); + (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s, + s->msg_callback_arg); } *len = s->init_num; @@ -1353,49 +1353,49 @@ int tls_get_message_body(SSL *s, size_t *len) } static const X509ERR2ALERT x509table[] = { - {X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE}, - {X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_EC_KEY_EXPLICIT_PARAMS, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED}, - {X509_V_ERR_CERT_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CERT_REJECTED, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CERT_REVOKED, SSL_AD_CERTIFICATE_REVOKED}, - {X509_V_ERR_CERT_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR}, - {X509_V_ERR_CERT_UNTRUSTED, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CRL_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED}, - {X509_V_ERR_CRL_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CRL_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR}, - {X509_V_ERR_DANE_NO_MATCH, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_EE_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_EMAIL_MISMATCH, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_HOSTNAME_MISMATCH, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_INVALID_CA, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_INVALID_CALL, SSL_AD_INTERNAL_ERROR}, - {X509_V_ERR_INVALID_PURPOSE, SSL_AD_UNSUPPORTED_CERTIFICATE}, - {X509_V_ERR_IP_ADDRESS_MISMATCH, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_OUT_OF_MEM, SSL_AD_INTERNAL_ERROR}, - {X509_V_ERR_PATH_LENGTH_EXCEEDED, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_STORE_LOOKUP, SSL_AD_INTERNAL_ERROR}, - {X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_UNABLE_TO_GET_CRL, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_UNSPECIFIED, SSL_AD_INTERNAL_ERROR}, + { X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE }, + { X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_EC_KEY_EXPLICIT_PARAMS, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED }, + { X509_V_ERR_CERT_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CERT_REJECTED, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CERT_REVOKED, SSL_AD_CERTIFICATE_REVOKED }, + { X509_V_ERR_CERT_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR }, + { X509_V_ERR_CERT_UNTRUSTED, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CRL_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED }, + { X509_V_ERR_CRL_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CRL_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR }, + { X509_V_ERR_DANE_NO_MATCH, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_EE_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_EMAIL_MISMATCH, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_HOSTNAME_MISMATCH, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_INVALID_CA, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_INVALID_CALL, SSL_AD_INTERNAL_ERROR }, + { X509_V_ERR_INVALID_PURPOSE, SSL_AD_UNSUPPORTED_CERTIFICATE }, + { X509_V_ERR_IP_ADDRESS_MISMATCH, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_OUT_OF_MEM, SSL_AD_INTERNAL_ERROR }, + { X509_V_ERR_PATH_LENGTH_EXCEEDED, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_STORE_LOOKUP, SSL_AD_INTERNAL_ERROR }, + { X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_UNABLE_TO_GET_CRL, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_UNSPECIFIED, SSL_AD_INTERNAL_ERROR }, /* Last entry; return this if we don't find the value above. */ - {X509_V_OK, SSL_AD_CERTIFICATE_UNKNOWN} + { X509_V_OK, SSL_AD_CERTIFICATE_UNKNOWN } }; int ssl_x509err2alert(int x509err) @@ -1428,63 +1428,63 @@ static int version_cmp(const SSL *s, int a, int b) typedef struct { int version; - const SSL_METHOD *(*cmeth) (void); - const SSL_METHOD *(*smeth) (void); + const SSL_METHOD *(*cmeth)(void); + const SSL_METHOD *(*smeth)(void); } version_info; #if TLS_MAX_VERSION_INTERNAL != TLS1_3_VERSION -# error Code needs update for TLS_method() support beyond TLS1_3_VERSION. +#error Code needs update for TLS_method() support beyond TLS1_3_VERSION. #endif /* Must be in order high to low */ static const version_info tls_version_table[] = { #ifndef OPENSSL_NO_TLS1_3 - {TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method}, + { TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method }, #else - {TLS1_3_VERSION, NULL, NULL}, + { TLS1_3_VERSION, NULL, NULL }, #endif #ifndef OPENSSL_NO_TLS1_2 - {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method}, + { TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method }, #else - {TLS1_2_VERSION, NULL, NULL}, + { TLS1_2_VERSION, NULL, NULL }, #endif #ifndef OPENSSL_NO_TLS1_1 - {TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method}, + { TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method }, #else - {TLS1_1_VERSION, NULL, NULL}, + { TLS1_1_VERSION, NULL, NULL }, #endif #ifndef OPENSSL_NO_TLS1 - {TLS1_VERSION, tlsv1_client_method, tlsv1_server_method}, + { TLS1_VERSION, tlsv1_client_method, tlsv1_server_method }, #else - {TLS1_VERSION, NULL, NULL}, + { TLS1_VERSION, NULL, NULL }, #endif #ifndef OPENSSL_NO_SSL3 - {SSL3_VERSION, sslv3_client_method, sslv3_server_method}, + { SSL3_VERSION, sslv3_client_method, sslv3_server_method }, #else - {SSL3_VERSION, NULL, NULL}, + { SSL3_VERSION, NULL, NULL }, #endif - {0, NULL, NULL}, + { 0, NULL, NULL }, }; #if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION -# error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION. +#error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION. #endif /* Must be in order high to low */ static const version_info dtls_version_table[] = { #ifndef OPENSSL_NO_DTLS1_2 - {DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method}, + { DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method }, #else - {DTLS1_2_VERSION, NULL, NULL}, + { DTLS1_2_VERSION, NULL, NULL }, #endif #ifndef OPENSSL_NO_DTLS1 - {DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method}, - {DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL}, + { DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method }, + { DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL }, #else - {DTLS1_VERSION, NULL, NULL}, - {DTLS1_BAD_VER, NULL, NULL}, + { DTLS1_VERSION, NULL, NULL }, + { DTLS1_BAD_VER, NULL, NULL }, #endif - {0, NULL, NULL}, + { 0, NULL, NULL }, }; /* @@ -1499,13 +1499,10 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method) { int version = method->version; - if ((s->min_proto_version != 0 && - version_cmp(s, version, s->min_proto_version) < 0) || - ssl_security(s, SSL_SECOP_VERSION, 0, version, NULL) == 0) + if ((s->min_proto_version != 0 && version_cmp(s, version, s->min_proto_version) < 0) || ssl_security(s, SSL_SECOP_VERSION, 0, version, NULL) == 0) return SSL_R_VERSION_TOO_LOW; - if (s->max_proto_version != 0 && - version_cmp(s, version, s->max_proto_version) > 0) + if (s->max_proto_version != 0 && version_cmp(s, version, s->max_proto_version) > 0) return SSL_R_VERSION_TOO_HIGH; if ((s->options & method->mask) != 0) @@ -1534,7 +1531,7 @@ static int is_tls13_capable(const SSL *s) * cb is set then we just assume TLSv1.3 will be ok */ if (s->ctx->ext.servername_cb != NULL - || s->session_ctx->ext.servername_cb != NULL) + || s->session_ctx->ext.servername_cb != NULL) return 1; #ifndef OPENSSL_NO_PSK @@ -1600,14 +1597,14 @@ int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth) } for (vent = table; - vent->version != 0 && version_cmp(s, version, vent->version) <= 0; - ++vent) { + vent->version != 0 && version_cmp(s, version, vent->version) <= 0; + ++vent) { if (vent->cmeth != NULL - && version_cmp(s, version, vent->version) == 0 - && ssl_method_error(s, vent->cmeth()) == 0 - && (!s->server - || version != TLS1_3_VERSION - || is_tls13_capable(s))) { + && version_cmp(s, version, vent->version) == 0 + && ssl_method_error(s, vent->cmeth()) == 0 + && (!s->server + || version != TLS1_3_VERSION + || is_tls13_capable(s))) { if (meth != NULL) *meth = vent->cmeth(); return 1; @@ -1681,9 +1678,7 @@ int ssl_set_version_bound(int method_version, int version, int *bound) } valid_tls = version >= SSL3_VERSION && version <= TLS_MAX_VERSION_INTERNAL; - valid_dtls = - DTLS_VERSION_LE(version, DTLS_MAX_VERSION_INTERNAL) && - DTLS_VERSION_GE(version, DTLS1_BAD_VER); + valid_dtls = DTLS_VERSION_LE(version, DTLS_MAX_VERSION_INTERNAL) && DTLS_VERSION_GE(version, DTLS1_BAD_VER); if (!valid_tls && !valid_dtls) return 0; @@ -1722,18 +1717,18 @@ int ssl_set_version_bound(int method_version, int version, int *bound) static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd) { if (vers == TLS1_2_VERSION - && ssl_version_supported(s, TLS1_3_VERSION, NULL)) { + && ssl_version_supported(s, TLS1_3_VERSION, NULL)) { *dgrd = DOWNGRADE_TO_1_2; } else if (!SSL_IS_DTLS(s) - && vers < TLS1_2_VERSION - /* - * We need to ensure that a server that disables TLSv1.2 - * (creating a hole between TLSv1.3 and TLSv1.1) can still - * complete handshakes with clients that support TLSv1.2 and - * below. Therefore we do not enable the sentinel if TLSv1.3 is - * enabled and TLSv1.2 is not. - */ - && ssl_version_supported(s, TLS1_2_VERSION, NULL)) { + && vers < TLS1_2_VERSION + /* + * We need to ensure that a server that disables TLSv1.2 + * (creating a hole between TLSv1.3 and TLSv1.1) can still + * complete handshakes with clients that support TLSv1.2 and + * below. Therefore we do not enable the sentinel if TLSv1.3 is + * enabled and TLSv1.2 is not. + */ + && ssl_version_supported(s, TLS1_2_VERSION, NULL)) { *dgrd = DOWNGRADE_TO_1_1; } else { *dgrd = DOWNGRADE_NONE; @@ -1871,8 +1866,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) for (vent = table; vent->version != 0; ++vent) { const SSL_METHOD *method; - if (vent->smeth == NULL || - version_cmp(s, client_version, vent->version) < 0) + if (vent->smeth == NULL || version_cmp(s, client_version, vent->version) < 0) continue; method = vent->smeth(); if (ssl_method_error(s, method) == 0) { @@ -1908,15 +1902,16 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) /* This will overwrite s->version if the extension is present */ if (!tls_parse_extension(s, TLSEXT_IDX_supported_versions, - SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_SERVER_HELLO, extensions, - NULL, 0)) { + SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_SERVER_HELLO, + extensions, + NULL, 0)) { s->version = origv; return 0; } if (s->hello_retry_request != SSL_HRR_NONE - && s->version != TLS1_3_VERSION) { + && s->version != TLS1_3_VERSION) { s->version = origv; SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_WRONG_SSL_VERSION); return 0; @@ -1970,24 +1965,26 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) if (!SSL_IS_DTLS(s) && real_max > s->version) { /* Signal applies to all versions */ if (memcmp(tls11downgrade, - s->s3.server_random + SSL3_RANDOM_SIZE - - sizeof(tls11downgrade), - sizeof(tls11downgrade)) == 0) { + s->s3.server_random + SSL3_RANDOM_SIZE + - sizeof(tls11downgrade), + sizeof(tls11downgrade)) + == 0) { s->version = origv; SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INAPPROPRIATE_FALLBACK); + SSL_R_INAPPROPRIATE_FALLBACK); return 0; } /* Only when accepting TLS1.3 */ if (real_max == TLS1_3_VERSION && memcmp(tls12downgrade, - s->s3.server_random + SSL3_RANDOM_SIZE - - sizeof(tls12downgrade), - sizeof(tls12downgrade)) == 0) { + s->s3.server_random + SSL3_RANDOM_SIZE + - sizeof(tls12downgrade), + sizeof(tls12downgrade)) + == 0) { s->version = origv; SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INAPPROPRIATE_FALLBACK); + SSL_R_INAPPROPRIATE_FALLBACK); return 0; } } @@ -2028,7 +2025,7 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) * min_version and max_version will also be set to 0. */ int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version, - int *real_max) + int *real_max) { int version, tmp_real_max; int hole; @@ -2167,7 +2164,7 @@ int ssl_set_client_hello_version(SSL *s) * 1) or 0 otherwise. */ int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, - size_t num_groups, int checkallow) + size_t num_groups, int checkallow) { size_t i; @@ -2178,8 +2175,8 @@ int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, uint16_t group = groups[i]; if (group_id == group - && (!checkallow - || tls_group_allowed(s, group, SSL_SECOP_CURVE_CHECK))) { + && (!checkallow + || tls_group_allowed(s, group, SSL_SECOP_CURVE_CHECK))) { return 1; } } @@ -2189,8 +2186,8 @@ int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, /* Replace ClientHello1 in the transcript hash with a synthetic message */ int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, - size_t hashlen, const unsigned char *hrr, - size_t hrrlen) + size_t hashlen, const unsigned char *hrr, + size_t hrrlen) { unsigned char hashvaltmp[EVP_MAX_MD_SIZE]; unsigned char msghdr[SSL3_HM_HEADER_LENGTH]; @@ -2202,8 +2199,8 @@ int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, hashlen = 0; /* Get the hash of the initial ClientHello */ if (!ssl3_digest_cached_records(s, 0) - || !ssl_handshake_hash(s, hashvaltmp, sizeof(hashvaltmp), - &hashlen)) { + || !ssl_handshake_hash(s, hashvaltmp, sizeof(hashvaltmp), + &hashlen)) { /* SSLfatal() already called */ return 0; } @@ -2219,7 +2216,7 @@ int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, msghdr[0] = SSL3_MT_MESSAGE_HASH; msghdr[SSL3_HM_HEADER_LENGTH - 1] = (unsigned char)hashlen; if (!ssl3_finish_mac(s, msghdr, SSL3_HM_HEADER_LENGTH) - || !ssl3_finish_mac(s, hashval, hashlen)) { + || !ssl3_finish_mac(s, hashval, hashlen)) { /* SSLfatal() already called */ return 0; } @@ -2230,10 +2227,10 @@ int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, * receiving a ClientHello2 with a cookie. */ if (hrr != NULL - && (!ssl3_finish_mac(s, hrr, hrrlen) - || !ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, - s->s3.tmp.message_size - + SSL3_HM_HEADER_LENGTH))) { + && (!ssl3_finish_mac(s, hrr, hrrlen) + || !ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, + s->s3.tmp.message_size + + SSL3_HM_HEADER_LENGTH))) { /* SSLfatal() already called */ return 0; } @@ -2294,7 +2291,7 @@ int parse_ca_names(SSL *s, PACKET *pkt) return 1; - err: +err: sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); X509_NAME_free(xn); return 0; @@ -2302,7 +2299,8 @@ int parse_ca_names(SSL *s, PACKET *pkt) const STACK_OF(X509_NAME) *get_ca_names(SSL *s) { - const STACK_OF(X509_NAME) *ca_sk = NULL;; + const STACK_OF(X509_NAME) *ca_sk = NULL; + ; if (s->server) { ca_sk = SSL_get_client_CA_list(s); @@ -2333,10 +2331,10 @@ int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt) int namelen; if (name == NULL - || (namelen = i2d_X509_NAME(name, NULL)) < 0 - || !WPACKET_sub_allocate_bytes_u16(pkt, namelen, - &namebytes) - || i2d_X509_NAME(name, &namebytes) != namelen) { + || (namelen = i2d_X509_NAME(name, NULL)) < 0 + || !WPACKET_sub_allocate_bytes_u16(pkt, namelen, + &namebytes) + || i2d_X509_NAME(name, &namebytes) != namelen) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -2353,7 +2351,7 @@ int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt) /* Create a buffer containing data to be signed for server key exchange */ size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs, - const void *param, size_t paramlen) + const void *param, size_t paramlen) { size_t tbslen = 2 * SSL3_RANDOM_SIZE + paramlen; unsigned char *tbs = OPENSSL_malloc(tbslen); @@ -2388,7 +2386,7 @@ int tls13_save_handshake_digest_for_pha(SSL *s) return 0; } if (!EVP_MD_CTX_copy_ex(s->pha_dgst, - s->s3.handshake_dgst)) { + s->s3.handshake_dgst)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); EVP_MD_CTX_free(s->pha_dgst); s->pha_dgst = NULL; @@ -2409,7 +2407,7 @@ int tls13_restore_handshake_digest_for_pha(SSL *s) return 0; } if (!EVP_MD_CTX_copy_ex(s->s3.handshake_dgst, - s->pha_dgst)) { + s->pha_dgst)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h index ad4d93b1e279..60f9c92e5345 100644 --- a/ssl/statem/statem_local.h +++ b/ssl/statem/statem_local.h @@ -18,28 +18,28 @@ /* The spec allows for a longer length than this, but we limit it */ #define HELLO_VERIFY_REQUEST_MAX_LENGTH 258 -#define END_OF_EARLY_DATA_MAX_LENGTH 0 -#define HELLO_RETRY_REQUEST_MAX_LENGTH 20000 +#define END_OF_EARLY_DATA_MAX_LENGTH 0 +#define HELLO_RETRY_REQUEST_MAX_LENGTH 20000 #define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000 #define SESSION_TICKET_MAX_LENGTH_TLS13 131338 #define SESSION_TICKET_MAX_LENGTH_TLS12 65541 -#define SERVER_KEY_EXCH_MAX_LENGTH 102400 -#define SERVER_HELLO_DONE_MAX_LENGTH 0 -#define KEY_UPDATE_MAX_LENGTH 1 -#define CCS_MAX_LENGTH 1 +#define SERVER_KEY_EXCH_MAX_LENGTH 102400 +#define SERVER_HELLO_DONE_MAX_LENGTH 0 +#define KEY_UPDATE_MAX_LENGTH 1 +#define CCS_MAX_LENGTH 1 /* Max ServerHello size permitted by RFC 8446 */ -#define SERVER_HELLO_MAX_LENGTH 65607 +#define SERVER_HELLO_MAX_LENGTH 65607 /* Max should actually be 36 but we are generous */ -#define FINISHED_MAX_LENGTH 64 +#define FINISHED_MAX_LENGTH 64 /* Dummy message type */ -#define SSL3_MT_DUMMY -1 +#define SSL3_MT_DUMMY -1 /* Invalid extension ID for non-supported extensions */ -#define TLSEXT_TYPE_invalid 0x10000 -#define TLSEXT_TYPE_out_of_range 0x10001 +#define TLSEXT_TYPE_invalid 0x10000 +#define TLSEXT_TYPE_out_of_range 0x10001 unsigned int ossl_get_extension_type(size_t idx); extern const unsigned char hrrrandom[]; @@ -59,19 +59,19 @@ typedef enum { MSG_PROCESS_CONTINUE_READING } MSG_PROCESS_RETURN; -typedef int (*confunc_f) (SSL *s, WPACKET *pkt); +typedef int (*confunc_f)(SSL *s, WPACKET *pkt); int ssl3_take_mac(SSL *s); int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, - size_t num_groups, int checkallow); + size_t num_groups, int checkallow); int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, - size_t hashlen, const unsigned char *hrr, - size_t hrrlen); + size_t hashlen, const unsigned char *hrr, + size_t hrrlen); int parse_ca_names(SSL *s, PACKET *pkt); const STACK_OF(X509_NAME) *get_ca_names(SSL *s); int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt); size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs, - const void *param, size_t paramlen); + const void *param, size_t paramlen); /* * TLS/DTLS client state machine functions @@ -81,7 +81,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s); WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst); WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst); int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt, - confunc_f *confunc, int *mt); + confunc_f *confunc, int *mt); size_t ossl_statem_client_max_message_size(SSL *s); MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt); WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst); @@ -94,7 +94,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s); WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst); WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst); int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, - confunc_f *confunc,int *mt); + confunc_f *confunc, int *mt); size_t ossl_statem_server_max_message_size(SSL *s); MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt); WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst); @@ -116,7 +116,7 @@ __owur int tls_construct_finished(SSL *s, WPACKET *pkt); __owur int tls_construct_key_update(SSL *s, WPACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt); __owur WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, - int stop); + int stop); __owur WORK_STATE dtls_wait_for_dry(SSL *s); /* some client-only functions */ @@ -180,249 +180,249 @@ typedef enum ext_return_en { } EXT_RETURN; __owur int tls_validate_all_contexts(SSL *s, unsigned int thisctx, - RAW_EXTENSION *exts); + RAW_EXTENSION *exts); __owur int extension_is_relevant(SSL *s, unsigned int extctx, - unsigned int thisctx); + unsigned int thisctx); __owur int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, - RAW_EXTENSION **res, size_t *len, int init); + RAW_EXTENSION **res, size_t *len, int init); __owur int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, - RAW_EXTENSION *exts, X509 *x, size_t chainidx); + RAW_EXTENSION *exts, X509 *x, size_t chainidx); __owur int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, - X509 *x, size_t chainidx, int fin); + X509 *x, size_t chainidx, int fin); __owur int should_add_extension(SSL *s, unsigned int extctx, - unsigned int thisctx, int max_version); + unsigned int thisctx, int max_version); __owur int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); __owur int tls_psk_do_binder(SSL *s, const EVP_MD *md, - const unsigned char *msgstart, - size_t binderoffset, const unsigned char *binderin, - unsigned char *binderout, - SSL_SESSION *sess, int sign, int external); + const unsigned char *msgstart, + size_t binderoffset, const unsigned char *binderin, + unsigned char *binderout, + SSL_SESSION *sess, int sign, int external); /* Server Extension processing */ int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRP int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #endif int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidxl); + X509 *x, size_t chainidxl); int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #ifndef OPENSSL_NO_OCSP int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #endif #ifndef OPENSSL_NO_NEXTPROTONEG int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #endif int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #ifndef OPENSSL_NO_SRTP int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #endif int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_ctos_post_handshake_auth(SSL *, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #ifndef OPENSSL_NO_OCSP EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #endif #ifndef OPENSSL_NO_NEXTPROTONEG EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #endif EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRTP EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #endif EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); /* * Not in public headers as this is not an official extension. Only used when * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. */ -#define TLSEXT_TYPE_cryptopro_bug 0xfde8 +#define TLSEXT_TYPE_cryptopro_bug 0xfde8 EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); /* Client Extension processing */ EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRP EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #endif EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #ifndef OPENSSL_NO_OCSP EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #endif #ifndef OPENSSL_NO_NEXTPROTONEG EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #endif EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRTP EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #endif EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_CT EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #endif EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_OCSP int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #endif #ifndef OPENSSL_NO_CT int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #endif #ifndef OPENSSL_NO_NEXTPROTONEG int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #endif int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #ifndef OPENSSL_NO_SRTP int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); #endif int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); + size_t chainidx); int tls_handle_alpn(SSL *s); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 7d7c198bd63f..86eb69562b44 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -27,18 +27,18 @@ #include <openssl/core_names.h> #include <openssl/asn1t.h> -#define TICKET_NONCE_SIZE 8 +#define TICKET_NONCE_SIZE 8 typedef struct { - ASN1_TYPE *kxBlob; - ASN1_TYPE *opaqueBlob; + ASN1_TYPE *kxBlob; + ASN1_TYPE *opaqueBlob; } GOST_KX_MESSAGE; DECLARE_ASN1_FUNCTIONS(GOST_KX_MESSAGE) ASN1_SEQUENCE(GOST_KX_MESSAGE) = { - ASN1_SIMPLE(GOST_KX_MESSAGE, kxBlob, ASN1_ANY), - ASN1_OPT(GOST_KX_MESSAGE, opaqueBlob, ASN1_ANY), + ASN1_SIMPLE(GOST_KX_MESSAGE, kxBlob, ASN1_ANY), + ASN1_OPT(GOST_KX_MESSAGE, opaqueBlob, ASN1_ANY), } ASN1_SEQUENCE_END(GOST_KX_MESSAGE) IMPLEMENT_ASN1_FUNCTIONS(GOST_KX_MESSAGE) @@ -128,7 +128,7 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt) break; if (mt == SSL3_MT_CERTIFICATE - && s->post_handshake_auth == SSL_PHA_REQUESTED) { + && s->post_handshake_auth == SSL_PHA_REQUESTED) { st->hand_state = TLS_ST_SR_CERT; return 1; } @@ -198,7 +198,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) * cert. */ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); + SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); return 0; } st->hand_state = TLS_ST_SR_KEY_EXCH; @@ -293,7 +293,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) break; } - err: +err: /* No valid transition found */ if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { BIO *rbio; @@ -333,10 +333,10 @@ static int send_server_key_exchange(SSL *s) * key exchange. */ if (alg_k & (SSL_kDHE | SSL_kECDHE) - /* - * PSK: send ServerKeyExchange if PSK identity hint if - * provided - */ + /* + * PSK: send ServerKeyExchange if PSK identity hint if + * provided + */ #ifndef OPENSSL_NO_PSK /* Only send SKE if we have identity hint for plain PSK */ || ((alg_k & (SSL_kPSK | SSL_kRSAPSK)) @@ -348,7 +348,7 @@ static int send_server_key_exchange(SSL *s) /* SRP: send ServerKeyExchange */ || (alg_k & SSL_kSRP) #endif - ) { + ) { return 1; } @@ -365,39 +365,38 @@ static int send_server_key_exchange(SSL *s) int send_certificate_request(SSL *s) { if ( - /* don't request cert unless asked for it: */ - s->verify_mode & SSL_VERIFY_PEER - /* - * don't request if post-handshake-only unless doing - * post-handshake in TLSv1.3: - */ - && (!SSL_IS_TLS13(s) || !(s->verify_mode & SSL_VERIFY_POST_HANDSHAKE) - || s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) - /* - * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert - * a second time: - */ - && (s->certreqs_sent < 1 || - !(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) - /* - * never request cert in anonymous ciphersuites (see - * section "Certificate request" in SSL 3 drafts and in - * RFC 2246): - */ - && (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL) - /* - * ... except when the application insists on - * verification (against the specs, but statem_clnt.c accepts - * this for SSL 3) - */ - || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) - /* don't request certificate for SRP auth */ - && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aSRP) - /* - * With normal PSK Certificates and Certificate Requests - * are omitted - */ - && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aPSK)) { + /* don't request cert unless asked for it: */ + s->verify_mode & SSL_VERIFY_PEER + /* + * don't request if post-handshake-only unless doing + * post-handshake in TLSv1.3: + */ + && (!SSL_IS_TLS13(s) || !(s->verify_mode & SSL_VERIFY_POST_HANDSHAKE) + || s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) + /* + * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert + * a second time: + */ + && (s->certreqs_sent < 1 || !(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) + /* + * never request cert in anonymous ciphersuites (see + * section "Certificate request" in SSL 3 drafts and in + * RFC 2246): + */ + && (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL) + /* + * ... except when the application insists on + * verification (against the specs, but statem_clnt.c accepts + * this for SSL 3) + */ + || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) + /* don't request certificate for SRP auth */ + && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aSRP) + /* + * With normal PSK Certificates and Certificate Requests + * are omitted + */ + && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aPSK)) { return 1; } @@ -446,7 +445,7 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) case TLS_ST_SW_SRVR_HELLO: if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 - && s->hello_retry_request != SSL_HRR_COMPLETE) + && s->hello_retry_request != SSL_HRR_COMPLETE) st->hand_state = TLS_ST_SW_CHANGE; else if (s->hello_retry_request == SSL_HRR_PENDING) st->hand_state = TLS_ST_EARLY_DATA; @@ -606,8 +605,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) } else { /* Check if it is anon DH or anon ECDH, */ /* normal PSK or SRP */ - if (!(s->s3.tmp.new_cipher->algorithm_auth & - (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { + if (!(s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { st->hand_state = TLS_ST_SW_CERT; } else if (send_server_key_exchange(s)) { st->hand_state = TLS_ST_SW_KEY_EXCH; @@ -724,7 +722,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) case TLS_ST_SW_SESSION_TICKET: if (SSL_IS_TLS13(s) && s->sent_tickets == 0 - && s->ext.extra_tickets_expected == 0) { + && s->ext.extra_tickets_expected == 0) { /* * Actually this is the end of the handshake, but we're going * straight into writing the session ticket out. So we finish off @@ -770,7 +768,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) case TLS_ST_EARLY_DATA: if (s->early_data_state != SSL_EARLY_DATA_ACCEPTING - && (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) + && (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) return WORK_FINISHED_CONTINUE; /* Fall through */ @@ -844,7 +842,7 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) case TLS_ST_SW_SRVR_HELLO: if (SSL_IS_TLS13(s) && s->hello_retry_request == SSL_HRR_PENDING) { if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0 - && statem_flush(s) != 1) + && statem_flush(s) != 1) return WORK_MORE_A; break; } @@ -859,7 +857,7 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) * SCTP used. */ memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, - sizeof(DTLS1_SCTP_AUTH_LABEL)); + sizeof(DTLS1_SCTP_AUTH_LABEL)); /* Don't include the terminating zero. */ labellen = sizeof(labelbuffer) - 1; @@ -867,20 +865,21 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) labellen += 1; if (SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - labellen, NULL, 0, - 0) <= 0) { + sizeof(sctpauthkey), labelbuffer, + labellen, NULL, 0, + 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return WORK_ERROR; } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); + sizeof(sctpauthkey), sctpauthkey); } #endif if (!SSL_IS_TLS13(s) - || ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 - && s->hello_retry_request != SSL_HRR_COMPLETE)) + || ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 + && s->hello_retry_request != SSL_HRR_COMPLETE)) break; /* Fall through */ @@ -894,14 +893,14 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) if (SSL_IS_TLS13(s)) { if (!s->method->ssl3_enc->setup_key_block(s) || !s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_WRITE)) { + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_WRITE)) { /* SSLfatal() already called */ return WORK_ERROR; } if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED && !s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE |SSL3_CHANGE_CIPHER_SERVER_READ)) { + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) { /* SSLfatal() already called */ return WORK_ERROR; } @@ -921,12 +920,11 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) * no SCTP used. */ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, - 0, NULL); + 0, NULL); } #endif if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_SERVER_WRITE)) - { + SSL3_CHANGE_CIPHER_SERVER_WRITE)) { /* SSLfatal() already called */ return WORK_ERROR; } @@ -950,19 +948,19 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) * no SCTP used. */ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, - 0, NULL); + 0, NULL); } #endif if (SSL_IS_TLS13(s)) { /* TLS 1.3 gets the secret size from the handshake md */ size_t dummy; if (!s->method->ssl3_enc->generate_master_secret(s, - s->master_secret, s->handshake_secret, 0, - &dummy) + s->master_secret, s->handshake_secret, 0, + &dummy) || !s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE)) - /* SSLfatal() already called */ - return WORK_ERROR; + SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE)) + /* SSLfatal() already called */ + return WORK_ERROR; } break; @@ -986,7 +984,7 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) clear_sys_error(); if (SSL_IS_TLS13(s) && statem_flush(s) != 1) { if (SSL_get_error(s, 0) == SSL_ERROR_SYSCALL - && conn_is_closed()) { + && conn_is_closed()) { /* * We ignore connection closed errors in TLSv1.3 when sending a * NewSessionTicket and behave as if we were successful. This is @@ -1015,7 +1013,7 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) * 0: Error */ int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, - confunc_f *confunc, int *mt) + confunc_f *confunc, int *mt) { OSSL_STATEM *st = &s->statem; @@ -1059,7 +1057,6 @@ int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, *mt = SSL3_MT_CERTIFICATE_VERIFY; break; - case TLS_ST_SW_KEY_EXCH: *confunc = tls_construct_server_key_exchange; *mt = SSL3_MT_SERVER_KEY_EXCHANGE; @@ -1124,10 +1121,10 @@ int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, * 2 + # length of extensions * 2^16-1 # maximum length of extensions */ -#define CLIENT_HELLO_MAX_LENGTH 131396 +#define CLIENT_HELLO_MAX_LENGTH 131396 -#define CLIENT_KEY_EXCH_MAX_LENGTH 2048 -#define NEXT_PROTO_MAX_LENGTH 514 +#define CLIENT_KEY_EXCH_MAX_LENGTH 2048 +#define NEXT_PROTO_MAX_LENGTH 514 /* * Returns the maximum allowed length for the current message that we are @@ -1214,7 +1211,6 @@ MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt) case TLS_ST_SR_KEY_UPDATE: return tls_process_key_update(s, pkt); - } } @@ -1247,15 +1243,14 @@ static int ssl_check_srp_ext_ClientHello(SSL *s) int ret; int al = SSL_AD_UNRECOGNIZED_NAME; - if ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_kSRP) && - (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) { + if ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_kSRP) && (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) { if (s->srp_ctx.login == NULL) { /* * RFC 5054 says SHOULD reject, we do so if There is no srp * login name */ SSLfatal(s, SSL_AD_UNKNOWN_PSK_IDENTITY, - SSL_R_PSK_IDENTITY_NOT_FOUND); + SSL_R_PSK_IDENTITY_NOT_FOUND); return -1; } else { ret = ssl_srp_server_param_with_username_intern(s, &al); @@ -1263,9 +1258,9 @@ static int ssl_check_srp_ext_ClientHello(SSL *s) return 0; if (ret == SSL3_AL_FATAL) { SSLfatal(s, al, - al == SSL_AD_UNKNOWN_PSK_IDENTITY - ? SSL_R_PSK_IDENTITY_NOT_FOUND - : SSL_R_CLIENTHELLO_TLSEXT); + al == SSL_AD_UNKNOWN_PSK_IDENTITY + ? SSL_R_PSK_IDENTITY_NOT_FOUND + : SSL_R_CLIENTHELLO_TLSEXT); return -1; } } @@ -1275,11 +1270,11 @@ static int ssl_check_srp_ext_ClientHello(SSL *s) #endif int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, - size_t cookie_len) + size_t cookie_len) { /* Always use DTLS 1.0 version: see RFC 6347 */ if (!WPACKET_put_bytes_u16(pkt, DTLS1_VERSION) - || !WPACKET_sub_memcpy_u8(pkt, cookie, cookie_len)) + || !WPACKET_sub_memcpy_u8(pkt, cookie, cookie_len)) return 0; return 1; @@ -1288,17 +1283,14 @@ int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt) { unsigned int cookie_leni; - if (s->ctx->app_gen_cookie_cb == NULL || - s->ctx->app_gen_cookie_cb(s, s->d1->cookie, - &cookie_leni) == 0 || - cookie_leni > DTLS1_COOKIE_LENGTH) { + if (s->ctx->app_gen_cookie_cb == NULL || s->ctx->app_gen_cookie_cb(s, s->d1->cookie, &cookie_leni) == 0 || cookie_leni > DTLS1_COOKIE_LENGTH) { SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); return 0; } s->d1->cookie_len = cookie_leni; if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie, - s->d1->cookie_len)) { + s->d1->cookie_len)) { SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); return 0; } @@ -1323,26 +1315,42 @@ int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt) static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello) { static const unsigned char kSafariExtensionsBlock[] = { - 0x00, 0x0a, /* elliptic_curves extension */ - 0x00, 0x08, /* 8 bytes */ - 0x00, 0x06, /* 6 bytes of curve ids */ - 0x00, 0x17, /* P-256 */ - 0x00, 0x18, /* P-384 */ - 0x00, 0x19, /* P-521 */ + 0x00, + 0x0a, /* elliptic_curves extension */ + 0x00, + 0x08, /* 8 bytes */ + 0x00, + 0x06, /* 6 bytes of curve ids */ + 0x00, + 0x17, /* P-256 */ + 0x00, + 0x18, /* P-384 */ + 0x00, + 0x19, /* P-521 */ - 0x00, 0x0b, /* ec_point_formats */ - 0x00, 0x02, /* 2 bytes */ - 0x01, /* 1 point format */ - 0x00, /* uncompressed */ + 0x00, + 0x0b, /* ec_point_formats */ + 0x00, + 0x02, /* 2 bytes */ + 0x01, /* 1 point format */ + 0x00, /* uncompressed */ /* The following is only present in TLS 1.2 */ - 0x00, 0x0d, /* signature_algorithms */ - 0x00, 0x0c, /* 12 bytes */ - 0x00, 0x0a, /* 10 bytes */ - 0x05, 0x01, /* SHA-384/RSA */ - 0x04, 0x01, /* SHA-256/RSA */ - 0x02, 0x01, /* SHA-1/RSA */ - 0x04, 0x03, /* SHA-256/ECDSA */ - 0x02, 0x03, /* SHA-1/ECDSA */ + 0x00, + 0x0d, /* signature_algorithms */ + 0x00, + 0x0c, /* 12 bytes */ + 0x00, + 0x0a, /* 10 bytes */ + 0x05, + 0x01, /* SHA-384/RSA */ + 0x04, + 0x01, /* SHA-256/RSA */ + 0x02, + 0x01, /* SHA-1/RSA */ + 0x04, + 0x03, /* SHA-256/ECDSA */ + 0x02, + 0x03, /* SHA-1/ECDSA */ }; /* Length of the common prefix (first two extensions). */ static const size_t kSafariCommonExtensionsLength = 18; @@ -1361,16 +1369,15 @@ static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello) if (type != TLSEXT_TYPE_server_name) return; - ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ? - sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength; + ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ? sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength; s->s3.is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock, - ext_len); + ext_len); } -#define RENEG_OPTIONS_OK(options) \ +#define RENEG_OPTIONS_OK(options) \ ((options & SSL_OP_NO_RENEGOTIATION) == 0 \ - && (options & SSL_OP_ALLOW_CLIENT_RENEGOTIATION) != 0) + && (options & SSL_OP_ALLOW_CLIENT_RENEGOTIATION) != 0) MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) { @@ -1386,9 +1393,10 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) goto err; } if (!RENEG_OPTIONS_OK(s->options) - || (!s->s3.send_connection_binding - && (s->options - & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)) { + || (!s->s3.send_connection_binding + && (s->options + & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) + == 0)) { ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); return MSG_PROCESS_FINISHED_READING; } @@ -1412,7 +1420,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) unsigned int mt; if (!SSL_IS_FIRST_HANDSHAKE(s) - || s->hello_retry_request != SSL_HRR_NONE) { + || s->hello_retry_request != SSL_HRR_NONE) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto err; } @@ -1472,7 +1480,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) } if (!PACKET_get_sub_packet(pkt, &clienthello->ciphersuites, - ciphersuite_len) + ciphersuite_len) || !PACKET_copy_bytes(pkt, clienthello->session_id, session_id_len) || !PACKET_get_sub_packet(pkt, &challenge, challenge_len) /* No extensions. */ @@ -1488,11 +1496,11 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) * sizeof(clienthello->random) does. */ challenge_len = challenge_len > SSL3_RANDOM_SIZE - ? SSL3_RANDOM_SIZE : challenge_len; + ? SSL3_RANDOM_SIZE + : challenge_len; memset(clienthello->random, 0, SSL3_RANDOM_SIZE); if (!PACKET_copy_bytes(&challenge, - clienthello->random + SSL3_RANDOM_SIZE - - challenge_len, challenge_len) + clienthello->random + SSL3_RANDOM_SIZE - challenge_len, challenge_len) /* Advertise only null compression. */ || !PACKET_buf_init(&compression, &null_compression, 1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1505,8 +1513,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (!PACKET_copy_bytes(pkt, clienthello->random, SSL3_RANDOM_SIZE) || !PACKET_get_length_prefixed_1(pkt, &session_id) || !PACKET_copy_all(&session_id, clienthello->session_id, - SSL_MAX_SSL_SESSION_ID_LENGTH, - &clienthello->session_id_len)) { + SSL_MAX_SSL_SESSION_ID_LENGTH, + &clienthello->session_id_len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } @@ -1517,8 +1525,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) goto err; } if (!PACKET_copy_all(&cookie, clienthello->dtls_cookie, - DTLS1_COOKIE_LENGTH, - &clienthello->dtls_cookie_len)) { + DTLS1_COOKIE_LENGTH, + &clienthello->dtls_cookie_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1550,7 +1558,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) PACKET_null_init(&clienthello->extensions); } else { if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } @@ -1558,8 +1566,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) } if (!PACKET_copy_all(&compression, clienthello->compressions, - MAX_COMPRESSIONS_SIZE, - &clienthello->compressions_len)) { + MAX_COMPRESSIONS_SIZE, + &clienthello->compressions_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1567,8 +1575,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) /* Preserve the raw extensions PACKET for later use */ extensions = clienthello->extensions; if (!tls_collect_extensions(s, &extensions, SSL_EXT_CLIENT_HELLO, - &clienthello->pre_proc_exts, - &clienthello->pre_proc_exts_len, 1)) { + &clienthello->pre_proc_exts, + &clienthello->pre_proc_exts_len, 1)) { /* SSLfatal already been called */ goto err; } @@ -1576,7 +1584,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) return MSG_PROCESS_CONTINUE_PROCESSING; - err: +err: if (clienthello != NULL) OPENSSL_free(clienthello->pre_proc_exts); OPENSSL_free(clienthello); @@ -1624,8 +1632,8 @@ static int tls_early_post_process_client_hello(SSL *s) if (clienthello->isv2) { if (clienthello->legacy_version == SSL2_VERSION - || (clienthello->legacy_version & 0xff00) - != (SSL3_VERSION_MAJOR << 8)) { + || (clienthello->legacy_version & 0xff00) + != (SSL3_VERSION_MAJOR << 8)) { /* * This is real SSLv2 or something completely unknown. We don't * support it. @@ -1642,8 +1650,7 @@ static int tls_early_post_process_client_hello(SSL *s) */ if (!SSL_IS_DTLS(s)) { protverr = ssl_choose_server_version(s, clienthello, &dgrd); - } else if (s->method->version != DTLS_ANY_VERSION && - DTLS_VERSION_LT((int)clienthello->legacy_version, s->version)) { + } else if (s->method->version != DTLS_ANY_VERSION && DTLS_VERSION_LT((int)clienthello->legacy_version, s->version)) { protverr = SSL_R_VERSION_TOO_LOW; } else { protverr = 0; @@ -1669,16 +1676,18 @@ static int tls_early_post_process_client_hello(SSL *s) if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { if (s->ctx->app_verify_cookie_cb != NULL) { if (s->ctx->app_verify_cookie_cb(s, clienthello->dtls_cookie, - clienthello->dtls_cookie_len) == 0) { + clienthello->dtls_cookie_len) + == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_COOKIE_MISMATCH); + SSL_R_COOKIE_MISMATCH); goto err; /* else cookie verification succeeded */ } /* default verification */ } else if (s->d1->cookie_len != clienthello->dtls_cookie_len - || memcmp(clienthello->dtls_cookie, s->d1->cookie, - s->d1->cookie_len) != 0) { + || memcmp(clienthello->dtls_cookie, s->d1->cookie, + s->d1->cookie_len) + != 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_COOKIE_MISMATCH); goto err; } @@ -1697,9 +1706,9 @@ static int tls_early_post_process_client_hello(SSL *s) s->hit = 0; if (!ssl_cache_cipherlist(s, &clienthello->ciphersuites, - clienthello->isv2) || - !bytes_to_cipher_list(s, &clienthello->ciphersuites, &ciphers, &scsvs, - clienthello->isv2, 1)) { + clienthello->isv2) + || !bytes_to_cipher_list(s, &clienthello->ciphersuites, &ciphers, &scsvs, + clienthello->isv2, 1)) { /* SSLfatal() already called */ goto err; } @@ -1707,18 +1716,17 @@ static int tls_early_post_process_client_hello(SSL *s) s->s3.send_connection_binding = 0; /* Check what signalling cipher-suite values were received. */ if (scsvs != NULL) { - for(i = 0; i < sk_SSL_CIPHER_num(scsvs); i++) { + for (i = 0; i < sk_SSL_CIPHER_num(scsvs); i++) { c = sk_SSL_CIPHER_value(scsvs, i); if (SSL_CIPHER_get_id(c) == SSL3_CK_SCSV) { if (s->renegotiate) { /* SCSV is fatal if renegotiating */ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); + SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); goto err; } s->s3.send_connection_binding = 1; - } else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV && - !ssl_check_version_downgrade(s)) { + } else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV && !ssl_check_version_downgrade(s)) { /* * This SCSV indicates that the client previously tried * a higher version. We should fail if the current version @@ -1727,7 +1735,7 @@ static int tls_early_post_process_client_hello(SSL *s) * an insecure downgrade. */ SSLfatal(s, SSL_AD_INAPPROPRIATE_FALLBACK, - SSL_R_INAPPROPRIATE_FALLBACK); + SSL_R_INAPPROPRIATE_FALLBACK); goto err; } } @@ -1735,16 +1743,15 @@ static int tls_early_post_process_client_hello(SSL *s) /* For TLSv1.3 we must select the ciphersuite *before* session resumption */ if (SSL_IS_TLS13(s)) { - const SSL_CIPHER *cipher = - ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s)); + const SSL_CIPHER *cipher = ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s)); if (cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_SHARED_CIPHER); goto err; } if (s->hello_retry_request == SSL_HRR_PENDING - && (s->s3.tmp.new_cipher == NULL - || s->s3.tmp.new_cipher->id != cipher->id)) { + && (s->s3.tmp.new_cipher == NULL + || s->s3.tmp.new_cipher->id != cipher->id)) { /* * A previous HRR picked a different ciphersuite to the one we * just selected. Something must have changed. @@ -1757,8 +1764,8 @@ static int tls_early_post_process_client_hello(SSL *s) /* We need to do this before getting the session */ if (!tls_parse_extension(s, TLSEXT_IDX_extended_master_secret, - SSL_EXT_CLIENT_HELLO, - clienthello->pre_proc_exts, NULL, 0)) { + SSL_EXT_CLIENT_HELLO, + clienthello->pre_proc_exts, NULL, 0)) { /* SSLfatal() already called */ goto err; } @@ -1779,9 +1786,7 @@ static int tls_early_post_process_client_hello(SSL *s) * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be * ignored. */ - if (clienthello->isv2 || - (s->new_session && - (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { + if (clienthello->isv2 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { if (!ssl_get_new_session(s, 1)) { /* SSLfatal() already called */ goto err; @@ -1805,7 +1810,7 @@ static int tls_early_post_process_client_hello(SSL *s) if (SSL_IS_TLS13(s)) { memcpy(s->tmp_session_id, s->clienthello->session_id, - s->clienthello->session_id_len); + s->clienthello->session_id_len); s->tmp_session_id_len = s->clienthello->session_id_len; } @@ -1817,15 +1822,16 @@ static int tls_early_post_process_client_hello(SSL *s) j = 0; id = s->session->cipher->id; - OSSL_TRACE_BEGIN(TLS_CIPHER) { + OSSL_TRACE_BEGIN(TLS_CIPHER) + { BIO_printf(trc_out, "client sent %d ciphers\n", - sk_SSL_CIPHER_num(ciphers)); + sk_SSL_CIPHER_num(ciphers)); } for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { c = sk_SSL_CIPHER_value(ciphers, i); if (trc_out != NULL) BIO_printf(trc_out, "client [%2d of %2d]:%s\n", i, - sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c)); + sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c)); if (c->id == id) { j = 1; break; @@ -1837,7 +1843,7 @@ static int tls_early_post_process_client_hello(SSL *s) * to reuse it */ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_REQUIRED_CIPHER_MISSING); + SSL_R_REQUIRED_CIPHER_MISSING); OSSL_TRACE_CANCEL(TLS_CIPHER); goto err; } @@ -1860,7 +1866,7 @@ static int tls_early_post_process_client_hello(SSL *s) /* TLS extensions */ if (!tls_parse_all_extensions(s, SSL_EXT_CLIENT_HELLO, - clienthello->pre_proc_exts, NULL, 0, 1)) { + clienthello->pre_proc_exts, NULL, 0, 1)) { /* SSLfatal() already called */ goto err; } @@ -1881,10 +1887,10 @@ static int tls_early_post_process_client_hello(SSL *s) } if (!s->hit - && s->version >= TLS1_VERSION - && !SSL_IS_TLS13(s) - && !SSL_IS_DTLS(s) - && s->ext.session_secret_cb) { + && s->version >= TLS1_VERSION + && !SSL_IS_TLS13(s) + && !SSL_IS_DTLS(s) + && s->ext.session_secret_cb) { const SSL_CIPHER *pref_cipher = NULL; /* * s->session->master_key_length is a size_t, but this is an int for @@ -1894,10 +1900,10 @@ static int tls_early_post_process_client_hello(SSL *s) master_key_length = sizeof(s->session->master_key); if (s->ext.session_secret_cb(s, s->session->master_key, - &master_key_length, ciphers, - &pref_cipher, - s->ext.session_secret_cb_arg) - && master_key_length > 0) { + &master_key_length, ciphers, + &pref_cipher, + s->ext.session_secret_cb_arg) + && master_key_length > 0) { s->session->master_key_length = master_key_length; s->hit = 1; s->peer_ciphers = ciphers; @@ -1908,7 +1914,7 @@ static int tls_early_post_process_client_hello(SSL *s) /* check if some cipher was preferred by call back */ if (pref_cipher == NULL) pref_cipher = ssl3_choose_cipher(s, s->peer_ciphers, - SSL_get_ciphers(s)); + SSL_get_ciphers(s)); if (pref_cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_SHARED_CIPHER); goto err; @@ -1936,7 +1942,7 @@ static int tls_early_post_process_client_hello(SSL *s) */ if (clienthello->compressions_len != 1) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INVALID_COMPRESSION_ALGORITHM); + SSL_R_INVALID_COMPRESSION_ALGORITHM); goto err; } } @@ -1949,7 +1955,7 @@ static int tls_early_post_process_client_hello(SSL *s) /* Can't disable compression */ if (!ssl_allow_compression(s)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_INCONSISTENT_COMPRESSION); + SSL_R_INCONSISTENT_COMPRESSION); goto err; } /* Look for resumed compression method */ @@ -1962,7 +1968,7 @@ static int tls_early_post_process_client_hello(SSL *s) } if (s->s3.tmp.new_compression == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_INVALID_COMPRESSION_ALGORITHM); + SSL_R_INVALID_COMPRESSION_ALGORITHM); goto err; } /* Look for resumed method in compression list */ @@ -1972,7 +1978,7 @@ static int tls_early_post_process_client_hello(SSL *s) } if (k >= clienthello->compressions_len) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING); + SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING); goto err; } } else if (s->hit) { @@ -2043,7 +2049,7 @@ static int tls_early_post_process_client_hello(SSL *s) OPENSSL_free(s->clienthello); s->clienthello = NULL; return 1; - err: +err: sk_SSL_CIPHER_free(ciphers); sk_SSL_CIPHER_free(scsvs); OPENSSL_free(clienthello->pre_proc_exts); @@ -2068,7 +2074,7 @@ static int tls_handle_status_request(SSL *s) * influence which certificate is sent */ if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing && s->ctx != NULL - && s->ctx->ext.status_cb != NULL) { + && s->ctx->ext.status_cb != NULL) { int ret; /* If no certificate can't return certificate status */ @@ -2112,9 +2118,9 @@ int tls_handle_alpn(SSL *s) if (s->ctx->ext.alpn_select_cb != NULL && s->s3.alpn_proposed != NULL) { int r = s->ctx->ext.alpn_select_cb(s, &selected, &selected_len, - s->s3.alpn_proposed, - (unsigned int)s->s3.alpn_proposed_len, - s->ctx->ext.alpn_select_cb_arg); + s->s3.alpn_proposed, + (unsigned int)s->s3.alpn_proposed_len, + s->ctx->ext.alpn_select_cb_arg); if (r == SSL_TLSEXT_ERR_OK) { OPENSSL_free(s->s3.alpn_selected); @@ -2132,9 +2138,10 @@ int tls_handle_alpn(SSL *s) /* Check ALPN is consistent with session */ if (s->session->ext.alpn_selected == NULL - || selected_len != s->session->ext.alpn_selected_len - || memcmp(selected, s->session->ext.alpn_selected, - selected_len) != 0) { + || selected_len != s->session->ext.alpn_selected_len + || memcmp(selected, s->session->ext.alpn_selected, + selected_len) + != 0) { /* Not consistent so can't be used for early_data */ s->ext.early_data_ok = 0; @@ -2146,14 +2153,14 @@ int tls_handle_alpn(SSL *s) */ if (!ossl_assert(s->session->ext.alpn_selected == NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); return 0; } s->session->ext.alpn_selected = OPENSSL_memdup(selected, - selected_len); + selected_len); if (s->session->ext.alpn_selected == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); return 0; } s->session->ext.alpn_selected_len = selected_len; @@ -2163,7 +2170,7 @@ int tls_handle_alpn(SSL *s) return 1; } else if (r != SSL_TLSEXT_ERR_NOACK) { SSLfatal(s, SSL_AD_NO_APPLICATION_PROTOCOL, - SSL_R_NO_APPLICATION_PROTOCOL); + SSL_R_NO_APPLICATION_PROTOCOL); return 0; } /* @@ -2213,12 +2220,11 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) /* In TLSv1.3 we selected the ciphersuite before resumption */ if (!SSL_IS_TLS13(s)) { - cipher = - ssl3_choose_cipher(s, s->peer_ciphers, SSL_get_ciphers(s)); + cipher = ssl3_choose_cipher(s, s->peer_ciphers, SSL_get_ciphers(s)); if (cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SHARED_CIPHER); + SSL_R_NO_SHARED_CIPHER); goto err; } s->s3.tmp.new_cipher = cipher; @@ -2230,10 +2236,10 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) } /* check whether we should disable session resumption */ if (s->not_resumable_session_cb != NULL) - s->session->not_resumable = - s->not_resumable_session_cb(s, - ((s->s3.tmp.new_cipher->algorithm_mkey - & (SSL_kDHE | SSL_kECDHE)) != 0)); + s->session->not_resumable = s->not_resumable_session_cb(s, + ((s->s3.tmp.new_cipher->algorithm_mkey + & (SSL_kDHE | SSL_kECDHE)) + != 0)); if (s->session->not_resumable) /* do not send a session ticket */ s->ext.ticket_expected = 0; @@ -2294,7 +2300,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) #endif return WORK_FINISHED_STOP; - err: +err: return WORK_ERROR; } @@ -2308,14 +2314,15 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) version = usetls13 ? TLS1_2_VERSION : s->version; if (!WPACKET_put_bytes_u16(pkt, version) - /* - * Random stuff. Filling of the server_random takes place in - * tls_process_client_hello() - */ - || !WPACKET_memcpy(pkt, - s->hello_retry_request == SSL_HRR_PENDING - ? hrrrandom : s->s3.server_random, - SSL3_RANDOM_SIZE)) { + /* + * Random stuff. Filling of the server_random takes place in + * tls_process_client_hello() + */ + || !WPACKET_memcpy(pkt, + s->hello_retry_request == SSL_HRR_PENDING + ? hrrrandom + : s->s3.server_random, + SSL3_RANDOM_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -2339,7 +2346,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) * to send back. */ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) - && !s->hit) + && !s->hit) s->session->session_id_length = 0; if (usetls13) { @@ -2366,19 +2373,19 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) #endif if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl) - || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, &len) - || !WPACKET_put_bytes_u8(pkt, compm)) { + || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, &len) + || !WPACKET_put_bytes_u8(pkt, compm)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } if (!tls_construct_extensions(s, pkt, - s->hello_retry_request == SSL_HRR_PENDING - ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST - : (SSL_IS_TLS13(s) - ? SSL_EXT_TLS1_3_SERVER_HELLO - : SSL_EXT_TLS1_2_SERVER_HELLO), - NULL, 0)) { + s->hello_retry_request == SSL_HRR_PENDING + ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST + : (SSL_IS_TLS13(s) + ? SSL_EXT_TLS1_3_SERVER_HELLO + : SSL_EXT_TLS1_2_SERVER_HELLO), + NULL, 0)) { /* SSLfatal() already called */ return 0; } @@ -2398,7 +2405,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) return 0; } } else if (!(s->verify_mode & SSL_VERIFY_PEER) - && !ssl3_digest_cached_records(s, 0)) { + && !ssl3_digest_cached_records(s, 0)) { /* SSLfatal() already called */; return 0; } @@ -2449,123 +2456,121 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) /* Plain PSK or RSAPSK nothing to do */ if (type & (SSL_kPSK | SSL_kRSAPSK)) { } else -#endif /* !OPENSSL_NO_PSK */ - if (type & (SSL_kDHE | SSL_kDHEPSK)) { - CERT *cert = s->cert; - EVP_PKEY *pkdhp = NULL; +#endif /* !OPENSSL_NO_PSK */ + if (type & (SSL_kDHE | SSL_kDHEPSK)) { + CERT *cert = s->cert; + EVP_PKEY *pkdhp = NULL; - if (s->cert->dh_tmp_auto) { - pkdh = ssl_get_auto_dh(s); - if (pkdh == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; + if (s->cert->dh_tmp_auto) { + pkdh = ssl_get_auto_dh(s); + if (pkdh == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } + pkdhp = pkdh; + } else { + pkdhp = cert->dh_tmp; } - pkdhp = pkdh; - } else { - pkdhp = cert->dh_tmp; - } #if !defined(OPENSSL_NO_DEPRECATED_3_0) - if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) { - pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(s, 0, 1024)); - if (pkdh == NULL) { + if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) { + pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(s, 0, 1024)); + if (pkdh == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } + pkdhp = pkdh; + } +#endif + if (pkdhp == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_TMP_DH_KEY); + goto err; + } + if (!ssl_security(s, SSL_SECOP_TMP_DH, + EVP_PKEY_get_security_bits(pkdhp), 0, pkdhp)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_DH_KEY_TOO_SMALL); + goto err; + } + if (s->s3.tmp.pkey != NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } - pkdhp = pkdh; - } -#endif - if (pkdhp == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_TMP_DH_KEY); - goto err; - } - if (!ssl_security(s, SSL_SECOP_TMP_DH, - EVP_PKEY_get_security_bits(pkdhp), 0, pkdhp)) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_DH_KEY_TOO_SMALL); - goto err; - } - if (s->s3.tmp.pkey != NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - s->s3.tmp.pkey = ssl_generate_pkey(s, pkdhp); - if (s->s3.tmp.pkey == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } + s->s3.tmp.pkey = ssl_generate_pkey(s, pkdhp); + if (s->s3.tmp.pkey == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } - EVP_PKEY_free(pkdh); - pkdh = NULL; + EVP_PKEY_free(pkdh); + pkdh = NULL; - /* These BIGNUMs need to be freed when we're finished */ - freer = 1; - if (!EVP_PKEY_get_bn_param(s->s3.tmp.pkey, OSSL_PKEY_PARAM_FFC_P, - &r[0]) + /* These BIGNUMs need to be freed when we're finished */ + freer = 1; + if (!EVP_PKEY_get_bn_param(s->s3.tmp.pkey, OSSL_PKEY_PARAM_FFC_P, + &r[0]) || !EVP_PKEY_get_bn_param(s->s3.tmp.pkey, OSSL_PKEY_PARAM_FFC_G, - &r[1]) + &r[1]) || !EVP_PKEY_get_bn_param(s->s3.tmp.pkey, - OSSL_PKEY_PARAM_PUB_KEY, &r[2])) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - } else if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { + OSSL_PKEY_PARAM_PUB_KEY, &r[2])) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } + } else if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { - if (s->s3.tmp.pkey != NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } + if (s->s3.tmp.pkey != NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } - /* Get NID of appropriate shared curve */ - curve_id = tls1_shared_group(s, -2); - if (curve_id == 0) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); - goto err; - } - /* Cache the group used in the SSL_SESSION */ - s->session->kex_group = curve_id; - /* Generate a new key for this curve */ - s->s3.tmp.pkey = ssl_generate_pkey_group(s, curve_id); - if (s->s3.tmp.pkey == NULL) { - /* SSLfatal() already called */ - goto err; - } + /* Get NID of appropriate shared curve */ + curve_id = tls1_shared_group(s, -2); + if (curve_id == 0) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); + goto err; + } + /* Cache the group used in the SSL_SESSION */ + s->session->kex_group = curve_id; + /* Generate a new key for this curve */ + s->s3.tmp.pkey = ssl_generate_pkey_group(s, curve_id); + if (s->s3.tmp.pkey == NULL) { + /* SSLfatal() already called */ + goto err; + } - /* Encode the public key. */ - encodedlen = EVP_PKEY_get1_encoded_public_key(s->s3.tmp.pkey, - &encodedPoint); - if (encodedlen == 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EC_LIB); - goto err; - } + /* Encode the public key. */ + encodedlen = EVP_PKEY_get1_encoded_public_key(s->s3.tmp.pkey, + &encodedPoint); + if (encodedlen == 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EC_LIB); + goto err; + } - /* - * We'll generate the serverKeyExchange message explicitly so we - * can set these to NULLs - */ - r[0] = NULL; - r[1] = NULL; - r[2] = NULL; - r[3] = NULL; - } else + /* + * We'll generate the serverKeyExchange message explicitly so we + * can set these to NULLs + */ + r[0] = NULL; + r[1] = NULL; + r[2] = NULL; + r[3] = NULL; + } else #ifndef OPENSSL_NO_SRP - if (type & SSL_kSRP) { - if ((s->srp_ctx.N == NULL) || - (s->srp_ctx.g == NULL) || - (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_SRP_PARAM); + if (type & SSL_kSRP) { + if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) || (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_SRP_PARAM); + goto err; + } + r[0] = s->srp_ctx.N; + r[1] = s->srp_ctx.g; + r[2] = s->srp_ctx.s; + r[3] = s->srp_ctx.B; + } else +#endif + { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); goto err; } - r[0] = s->srp_ctx.N; - r[1] = s->srp_ctx.g; - r[2] = s->srp_ctx.s; - r[3] = s->srp_ctx.B; - } else -#endif - { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); - goto err; - } if (((s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) != 0) || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK)) != 0) { @@ -2578,15 +2583,16 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) #ifndef OPENSSL_NO_PSK if (type & SSL_PSK) { size_t len = (s->cert->psk_identity_hint == NULL) - ? 0 : strlen(s->cert->psk_identity_hint); + ? 0 + : strlen(s->cert->psk_identity_hint); /* * It should not happen that len > PSK_MAX_IDENTITY_LEN - we already * checked this when we set the identity hint - but just in case */ if (len > PSK_MAX_IDENTITY_LEN - || !WPACKET_sub_memcpy_u16(pkt, s->cert->psk_identity_hint, - len)) { + || !WPACKET_sub_memcpy_u16(pkt, s->cert->psk_identity_hint, + len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2627,7 +2633,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) } if (!WPACKET_allocate_bytes(pkt, BN_num_bytes(r[i]), &binval) - || !WPACKET_close(pkt)) { + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2643,9 +2649,9 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) * point itself */ if (!WPACKET_put_bytes_u8(pkt, NAMED_CURVE_TYPE) - || !WPACKET_put_bytes_u8(pkt, 0) - || !WPACKET_put_bytes_u8(pkt, curve_id) - || !WPACKET_sub_memcpy_u8(pkt, encodedPoint, encodedlen)) { + || !WPACKET_put_bytes_u8(pkt, 0) + || !WPACKET_put_bytes_u8(pkt, curve_id) + || !WPACKET_sub_memcpy_u8(pkt, encodedPoint, encodedlen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2677,9 +2683,10 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) } if (EVP_DigestSignInit_ex(md_ctx, &pctx, - md == NULL ? NULL : EVP_MD_get0_name(md), - s->ctx->libctx, s->ctx->propq, pkey, - NULL) <= 0) { + md == NULL ? NULL : EVP_MD_get0_name(md), + s->ctx->libctx, s->ctx->propq, pkey, + NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2691,18 +2698,18 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) } } tbslen = construct_key_exchange_tbs(s, &tbs, - s->init_buf->data + paramoffset, - paramlen); + s->init_buf->data + paramoffset, + paramlen); if (tbslen == 0) { /* SSLfatal() already called */ goto err; } - if (EVP_DigestSign(md_ctx, NULL, &siglen, tbs, tbslen) <=0 - || !WPACKET_sub_reserve_bytes_u16(pkt, siglen, &sigbytes1) - || EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen) <= 0 - || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2) - || sigbytes1 != sigbytes2) { + if (EVP_DigestSign(md_ctx, NULL, &siglen, tbs, tbslen) <= 0 + || !WPACKET_sub_reserve_bytes_u16(pkt, siglen, &sigbytes1) + || EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen) <= 0 + || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2) + || sigbytes1 != sigbytes2) { OPENSSL_free(tbs); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -2711,7 +2718,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) } ret = 1; - err: +err: EVP_PKEY_free(pkdh); OPENSSL_free(encodedPoint); EVP_MD_CTX_free(md_ctx); @@ -2737,9 +2744,10 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) return 0; } if (RAND_bytes_ex(s->ctx->libctx, s->pha_context, - s->pha_context_len, 0) <= 0 - || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, - s->pha_context_len)) { + s->pha_context_len, 0) + <= 0 + || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, + s->pha_context_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -2756,8 +2764,8 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) } if (!tls_construct_extensions(s, pkt, - SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL, - 0)) { + SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL, + 0)) { /* SSLfatal() already called */ return 0; } @@ -2776,9 +2784,9 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) size_t nl = tls12_get_psigalgs(s, 1, &psigs); if (!WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH) - || !tls12_copy_sigalgs(s, pkt, psigs, nl) - || !WPACKET_close(pkt)) { + || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH) + || !tls12_copy_sigalgs(s, pkt, psigs, nl) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -2789,7 +2797,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) return 0; } - done: +done: s->certreqs_sent++; s->s3.tmp.cert_request = 1; return 1; @@ -2821,7 +2829,7 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt) } psklen = s->psk_server_callback(s, s->session->psk_identity, - psk, sizeof(psk)); + psk, sizeof(psk)); if (psklen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -2898,7 +2906,7 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt) * We must not leak whether a decryption failure occurs because of * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246, * section 7.4.7.1). We use the special padding type - * RSA_PKCS1_WITH_TLS_PADDING to do that. It will automaticaly decrypt the + * RSA_PKCS1_WITH_TLS_PADDING to do that. It will automatically decrypt the * RSA, check the padding and check that the client version is as expected * in the premaster secret. If any of that fails then the function appears * to return successfully but with a random result. The call below could @@ -2906,23 +2914,24 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt) * See https://tools.ietf.org/html/rfc5246#section-7.4.7.1 */ if (EVP_PKEY_decrypt_init(ctx) <= 0 - || EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_WITH_TLS_PADDING) <= 0) { + || EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_WITH_TLS_PADDING) <= 0) { SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_DECRYPTION_FAILED); goto err; } *p++ = OSSL_PARAM_construct_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, - (unsigned int *)&s->client_version); - if ((s->options & SSL_OP_TLS_ROLLBACK_BUG) != 0) + (unsigned int *)&s->client_version); + if ((s->options & SSL_OP_TLS_ROLLBACK_BUG) != 0) *p++ = OSSL_PARAM_construct_uint( OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, (unsigned int *)&s->version); *p++ = OSSL_PARAM_construct_end(); if (!EVP_PKEY_CTX_set_params(ctx, params) - || EVP_PKEY_decrypt(ctx, rsa_decrypt, &outlen, - PACKET_data(&enc_premaster), - PACKET_remaining(&enc_premaster)) <= 0) { + || EVP_PKEY_decrypt(ctx, rsa_decrypt, &outlen, + PACKET_data(&enc_premaster), + PACKET_remaining(&enc_premaster)) + <= 0) { SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_DECRYPTION_FAILED); goto err; } @@ -2939,13 +2948,13 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt) /* Also cleanses rsa_decrypt (on success or failure) */ if (!ssl_generate_master_secret(s, rsa_decrypt, - SSL_MAX_MASTER_KEY_LENGTH, 0)) { + SSL_MAX_MASTER_KEY_LENGTH, 0)) { /* SSLfatal() already called */ goto err; } ret = 1; - err: +err: OPENSSL_free(rsa_decrypt); EVP_PKEY_CTX_free(ctx); return ret; @@ -2997,7 +3006,7 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt) ret = 1; EVP_PKEY_free(s->s3.tmp.pkey); s->s3.tmp.pkey = NULL; - err: +err: EVP_PKEY_free(ckey); return ret; } @@ -3052,7 +3061,7 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) ret = 1; EVP_PKEY_free(s->s3.tmp.pkey); s->s3.tmp.pkey = NULL; - err: +err: EVP_PKEY_free(ckey); return ret; @@ -3153,10 +3162,10 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt) * We have nothing to do with this blob so we just skip it */ pKX = d2i_GOST_KX_MESSAGE(NULL, &ptr, PACKET_remaining(pkt)); if (pKX == NULL - || pKX->kxBlob == NULL - || ASN1_TYPE_get(pKX->kxBlob) != V_ASN1_SEQUENCE) { - SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_DECRYPTION_FAILED); - goto err; + || pKX->kxBlob == NULL + || ASN1_TYPE_get(pKX->kxBlob) != V_ASN1_SEQUENCE) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_DECRYPTION_FAILED); + goto err; } if (!PACKET_forward(pkt, ptr - PACKET_data(pkt))) { @@ -3173,23 +3182,25 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt) start = pKX->kxBlob->value.sequence->data; if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start, - inlen) <= 0) { + inlen) + <= 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_DECRYPTION_FAILED); goto err; } /* Generate master secret */ if (!ssl_generate_master_secret(s, premaster_secret, - sizeof(premaster_secret), 0)) { + sizeof(premaster_secret), 0)) { /* SSLfatal() already called */ goto err; } /* Check if pubkey from client certificate was used */ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, - NULL) > 0) + NULL) + > 0) s->statem.no_cert_verify = 1; ret = 1; - err: +err: EVP_PKEY_CTX_free(pkey_ctx); GOST_KX_MESSAGE_free(pKX); return ret; @@ -3223,9 +3234,7 @@ static int tls_process_cke_gost18(SSL *s, PACKET *pkt) } /* Get our certificate private key */ - pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey != NULL ? - s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey : - s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey; + pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey != NULL ? s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey : s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey; if (pk == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_STATE); goto err; @@ -3243,13 +3252,15 @@ static int tls_process_cke_gost18(SSL *s, PACKET *pkt) /* Reuse EVP_PKEY_CTRL_SET_IV, make choice in engine code depending on size */ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_DECRYPT, - EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) <= 0) { + EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_DECRYPT, - EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) <= 0) { + EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } @@ -3262,13 +3273,13 @@ static int tls_process_cke_gost18(SSL *s, PACKET *pkt) } /* Generate master secret */ if (!ssl_generate_master_secret(s, premaster_secret, - sizeof(premaster_secret), 0)) { - /* SSLfatal() already called */ - goto err; + sizeof(premaster_secret), 0)) { + /* SSLfatal() already called */ + goto err; } ret = 1; - err: +err: EVP_PKEY_CTX_free(pkey_ctx); return ret; #else @@ -3337,7 +3348,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) } return MSG_PROCESS_CONTINUE_PROCESSING; - err: +err: #ifndef OPENSSL_NO_PSK OPENSSL_clear_free(s->s3.tmp.psk, s->s3.tmp.psklen); s->s3.tmp.psk = NULL; @@ -3359,7 +3370,7 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) * used. */ memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, - sizeof(DTLS1_SCTP_AUTH_LABEL)); + sizeof(DTLS1_SCTP_AUTH_LABEL)); /* Don't include the terminating zero. */ labellen = sizeof(labelbuffer) - 1; @@ -3367,15 +3378,16 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) labellen += 1; if (SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - labellen, NULL, 0, - 0) <= 0) { + sizeof(sctpauthkey), labelbuffer, + labellen, NULL, 0, + 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return WORK_ERROR; } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); + sizeof(sctpauthkey), sctpauthkey); } } #endif @@ -3432,16 +3444,13 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) goto err; } - if (SSL_IS_TLS13(s) && (!PACKET_get_length_prefixed_1(pkt, &context) - || (s->pha_context == NULL && PACKET_remaining(&context) != 0) - || (s->pha_context != NULL && - !PACKET_equal(&context, s->pha_context, s->pha_context_len)))) { + if (SSL_IS_TLS13(s) && (!PACKET_get_length_prefixed_1(pkt, &context) || (s->pha_context == NULL && PACKET_remaining(&context) != 0) || (s->pha_context != NULL && !PACKET_equal(&context, s->pha_context, s->pha_context_len)))) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_INVALID_CONTEXT); goto err; } if (!PACKET_get_length_prefixed_3(pkt, &spkt) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } @@ -3478,11 +3487,11 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) goto err; } if (!tls_collect_extensions(s, &extensions, - SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, - NULL, chainidx == 0) + SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, + NULL, chainidx == 0) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE, - rawexts, x, chainidx, - PACKET_remaining(&spkt) == 0)) { + rawexts, x, chainidx, + PACKET_remaining(&spkt) == 0)) { OPENSSL_free(rawexts); goto err; } @@ -3500,14 +3509,13 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) /* TLS does not mind 0 certs returned */ if (s->version == SSL3_VERSION) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_CERTIFICATES_RETURNED); + SSL_R_NO_CERTIFICATES_RETURNED); goto err; } /* Fail for TLS only if we required a certificate */ - else if ((s->verify_mode & SSL_VERIFY_PEER) && - (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { + else if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { SSLfatal(s, SSL_AD_CERTIFICATE_REQUIRED, - SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); + SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); goto err; } /* No client certificate so digest cached records */ @@ -3520,13 +3528,13 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) i = ssl_verify_cert_chain(s, sk); if (i <= 0) { SSLfatal(s, ssl_x509err2alert(s->verify_result), - SSL_R_CERTIFICATE_VERIFY_FAILED); + SSL_R_CERTIFICATE_VERIFY_FAILED); goto err; } pkey = X509_get0_pubkey(sk_X509_value(sk, 0)); if (pkey == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_UNKNOWN_CERTIFICATE_TYPE); + SSL_R_UNKNOWN_CERTIFICATE_TYPE); goto err; } } @@ -3574,8 +3582,8 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) /* Save the current hash state for when we receive the CertificateVerify */ if (SSL_IS_TLS13(s)) { if (!ssl_handshake_hash(s, s->cert_verify_hash, - sizeof(s->cert_verify_hash), - &s->cert_verify_hash_len)) { + sizeof(s->cert_verify_hash), + &s->cert_verify_hash_len)) { /* SSLfatal() already called */ goto err; } @@ -3586,7 +3594,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) ret = MSG_PROCESS_CONTINUE_READING; - err: +err: X509_free(x); sk_X509_pop_free(sk, X509_free); return ret; @@ -3618,7 +3626,7 @@ int tls_construct_server_certificate(SSL *s, WPACKET *pkt) } static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add, - unsigned char *tick_nonce) + unsigned char *tick_nonce) { uint32_t timeout = (uint32_t)s->session->timeout; @@ -3644,7 +3652,7 @@ static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add, if (SSL_IS_TLS13(s)) { if (!WPACKET_put_bytes_u32(pkt, age_add) - || !WPACKET_sub_memcpy_u8(pkt, tick_nonce, TICKET_NONCE_SIZE)) { + || !WPACKET_sub_memcpy_u8(pkt, tick_nonce, TICKET_NONCE_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -3664,7 +3672,7 @@ static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add, * -1 on fatal error */ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, - unsigned char *tick_nonce) + unsigned char *tick_nonce) { unsigned char *senc = NULL; EVP_CIPHER_CTX *ctx = NULL; @@ -3748,13 +3756,13 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, if (tctx->ext.ticket_key_evp_cb != NULL) ret = tctx->ext.ticket_key_evp_cb(s, key_name, iv, ctx, - ssl_hmac_get0_EVP_MAC_CTX(hctx), - 1); + ssl_hmac_get0_EVP_MAC_CTX(hctx), + 1); #ifndef OPENSSL_NO_DEPRECATED_3_0 else if (tctx->ext.ticket_key_cb != NULL) /* if 0 is returned, write an empty ticket */ ret = tctx->ext.ticket_key_cb(s, key_name, iv, ctx, - ssl_hmac_get0_HMAC_CTX(hctx), 1); + ssl_hmac_get0_HMAC_CTX(hctx), 1); #endif if (ret == 0) { @@ -3769,7 +3777,7 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, } /* Put timeout and length */ if (!WPACKET_put_bytes_u32(pkt, 0) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -3789,7 +3797,7 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, } } else { EVP_CIPHER *cipher = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC", - s->ctx->propq); + s->ctx->propq); if (cipher == NULL) { /* Error is already recorded */ @@ -3799,19 +3807,19 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, iv_len = EVP_CIPHER_get_iv_length(cipher); if (iv_len < 0 - || RAND_bytes_ex(s->ctx->libctx, iv, iv_len, 0) <= 0 - || !EVP_EncryptInit_ex(ctx, cipher, NULL, - tctx->ext.secure->tick_aes_key, iv) - || !ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, - sizeof(tctx->ext.secure->tick_hmac_key), - "SHA256")) { + || RAND_bytes_ex(s->ctx->libctx, iv, iv_len, 0) <= 0 + || !EVP_EncryptInit_ex(ctx, cipher, NULL, + tctx->ext.secure->tick_aes_key, iv) + || !ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, + sizeof(tctx->ext.secure->tick_hmac_key), + "SHA256")) { EVP_CIPHER_free(cipher); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } EVP_CIPHER_free(cipher); memcpy(key_name, tctx->ext.tick_key_name, - sizeof(tctx->ext.tick_key_name)); + sizeof(tctx->ext.tick_key_name)); } if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) { @@ -3820,29 +3828,29 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, } if (!WPACKET_get_total_written(pkt, &macoffset) - /* Output key name */ - || !WPACKET_memcpy(pkt, key_name, sizeof(key_name)) - /* output IV */ - || !WPACKET_memcpy(pkt, iv, iv_len) - || !WPACKET_reserve_bytes(pkt, slen + EVP_MAX_BLOCK_LENGTH, - &encdata1) - /* Encrypt session data */ - || !EVP_EncryptUpdate(ctx, encdata1, &len, senc, slen) - || !WPACKET_allocate_bytes(pkt, len, &encdata2) - || encdata1 != encdata2 - || !EVP_EncryptFinal(ctx, encdata1 + len, &lenfinal) - || !WPACKET_allocate_bytes(pkt, lenfinal, &encdata2) - || encdata1 + len != encdata2 - || len + lenfinal > slen + EVP_MAX_BLOCK_LENGTH - || !WPACKET_get_total_written(pkt, &macendoffset) - || !ssl_hmac_update(hctx, - (unsigned char *)s->init_buf->data + macoffset, - macendoffset - macoffset) - || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &macdata1) - || !ssl_hmac_final(hctx, macdata1, &hlen, EVP_MAX_MD_SIZE) - || hlen > EVP_MAX_MD_SIZE - || !WPACKET_allocate_bytes(pkt, hlen, &macdata2) - || macdata1 != macdata2) { + /* Output key name */ + || !WPACKET_memcpy(pkt, key_name, sizeof(key_name)) + /* output IV */ + || !WPACKET_memcpy(pkt, iv, iv_len) + || !WPACKET_reserve_bytes(pkt, slen + EVP_MAX_BLOCK_LENGTH, + &encdata1) + /* Encrypt session data */ + || !EVP_EncryptUpdate(ctx, encdata1, &len, senc, slen) + || !WPACKET_allocate_bytes(pkt, len, &encdata2) + || encdata1 != encdata2 + || !EVP_EncryptFinal(ctx, encdata1 + len, &lenfinal) + || !WPACKET_allocate_bytes(pkt, lenfinal, &encdata2) + || encdata1 + len != encdata2 + || len + lenfinal > slen + EVP_MAX_BLOCK_LENGTH + || !WPACKET_get_total_written(pkt, &macendoffset) + || !ssl_hmac_update(hctx, + (unsigned char *)s->init_buf->data + macoffset, + macendoffset - macoffset) + || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &macdata1) + || !ssl_hmac_final(hctx, macdata1, &hlen, EVP_MAX_MD_SIZE) + || hlen > EVP_MAX_MD_SIZE + || !WPACKET_allocate_bytes(pkt, hlen, &macdata2) + || macdata1 != macdata2) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -3854,7 +3862,7 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, } ok = 1; - err: +err: OPENSSL_free(senc); EVP_CIPHER_CTX_free(ctx); ssl_hmac_free(hctx); @@ -3862,7 +3870,7 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, } static int construct_stateful_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, - unsigned char *tick_nonce) + unsigned char *tick_nonce) { if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) { /* SSLfatal() already called */ @@ -3870,8 +3878,8 @@ static int construct_stateful_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, } if (!WPACKET_memcpy(pkt, s->session->session_id, - s->session->session_id_length) - || !WPACKET_close(pkt)) { + s->session->session_id_length) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -3908,7 +3916,9 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) if (SSL_IS_TLS13(s)) { size_t i, hashlen; uint64_t nonce; - static const unsigned char nonce_label[] = "resumption"; + /* ASCII: "resumption", in hex for EBCDIC compatibility */ + static const unsigned char nonce_label[] = { 0x72, 0x65, 0x73, 0x75, 0x6D, + 0x70, 0x74, 0x69, 0x6F, 0x6E }; const EVP_MD *md = ssl_handshake_md(s); int hashleni = EVP_MD_get_size(md); @@ -3941,7 +3951,8 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) goto err; } if (RAND_bytes_ex(s->ctx->libctx, age_add_u.age_add_c, - sizeof(age_add_u), 0) <= 0) { + sizeof(age_add_u), 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -3954,12 +3965,12 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) } if (!tls13_hkdf_expand(s, md, s->resumption_master_secret, - nonce_label, - sizeof(nonce_label) - 1, - tick_nonce, - TICKET_NONCE_SIZE, - s->session->master_key, - hashlen, 1)) { + nonce_label, + sizeof(nonce_label), + tick_nonce, + TICKET_NONCE_SIZE, + s->session->master_key, + hashlen, 1)) { /* SSLfatal() already called */ goto err; } @@ -3969,8 +3980,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) ssl_session_calculate_timeout(s->session); if (s->s3.alpn_selected != NULL) { OPENSSL_free(s->session->ext.alpn_selected); - s->session->ext.alpn_selected = - OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); + s->session->ext.alpn_selected = OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { s->session->ext.alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); @@ -3981,8 +3991,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) s->session->ext.max_early_data = s->max_early_data; } - if (tctx->generate_ticket_cb != NULL && - tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) { + if (tctx->generate_ticket_cb != NULL && tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -3992,9 +4001,9 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) * is no point in using full stateless tickets. */ if (SSL_IS_TLS13(s) - && ((s->options & SSL_OP_NO_TICKET) != 0 - || (s->max_early_data > 0 - && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))) { + && ((s->options & SSL_OP_NO_TICKET) != 0 + || (s->max_early_data > 0 + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))) { if (!construct_stateful_ticket(s, pkt, age_add_u.age_add, tick_nonce)) { /* SSLfatal() already called */ goto err; @@ -4003,7 +4012,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) int tmpret; tmpret = construct_stateless_ticket(s, pkt, age_add_u.age_add, - tick_nonce); + tick_nonce); if (tmpret != 1) { if (tmpret == 0) { ret = 2; /* Non-fatal. Abort construction but continue */ @@ -4017,8 +4026,8 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) if (SSL_IS_TLS13(s)) { if (!tls_construct_extensions(s, pkt, - SSL_EXT_TLS1_3_NEW_SESSION_TICKET, - NULL, 0)) { + SSL_EXT_TLS1_3_NEW_SESSION_TICKET, + NULL, 0)) { /* SSLfatal() already called */ goto err; } @@ -4027,7 +4036,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) } ret = 1; - err: +err: return ret; } @@ -4038,8 +4047,8 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) int tls_construct_cert_status_body(SSL *s, WPACKET *pkt) { if (!WPACKET_put_bytes_u8(pkt, s->ext.status_type) - || !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp, - s->ext.ocsp.resp_len)) { + || !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp, + s->ext.ocsp.resp_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -4096,7 +4105,7 @@ MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt) static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt) { if (!tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, - NULL, 0)) { + NULL, 0)) { /* SSLfatal() already called */ return 0; } @@ -4112,7 +4121,7 @@ MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt) } if (s->early_data_state != SSL_EARLY_DATA_READING - && s->early_data_state != SSL_EARLY_DATA_READ_RETRY) { + && s->early_data_state != SSL_EARLY_DATA_READ_RETRY) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return MSG_PROCESS_ERROR; } @@ -4128,7 +4137,7 @@ MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt) s->early_data_state = SSL_EARLY_DATA_FINISHED_READING; if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) { + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) { /* SSLfatal() already called */ return MSG_PROCESS_ERROR; } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 6cb7baaf7c9c..a1eb12d024b0 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -23,13 +23,13 @@ /* seed1 through seed5 are concatenated */ static int tls1_PRF(SSL *s, - const void *seed1, size_t seed1_len, - const void *seed2, size_t seed2_len, - const void *seed3, size_t seed3_len, - const void *seed4, size_t seed4_len, - const void *seed5, size_t seed5_len, - const unsigned char *sec, size_t slen, - unsigned char *out, size_t olen, int fatal) + const void *seed1, size_t seed1_len, + const void *seed2, size_t seed2_len, + const void *seed3, size_t seed3_len, + const void *seed4, size_t seed4_len, + const void *seed5, size_t seed5_len, + const unsigned char *sec, size_t slen, + unsigned char *out, size_t olen, int fatal) { const EVP_MD *md = ssl_prf_md(s); EVP_KDF *kdf; @@ -54,27 +54,27 @@ static int tls1_PRF(SSL *s, goto err; mdname = EVP_MD_get0_name(md); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, 0); + (char *)mdname, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, - (unsigned char *)sec, - (size_t)slen); + (unsigned char *)sec, + (size_t)slen); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, - (void *)seed1, (size_t)seed1_len); + (void *)seed1, (size_t)seed1_len); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, - (void *)seed2, (size_t)seed2_len); + (void *)seed2, (size_t)seed2_len); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, - (void *)seed3, (size_t)seed3_len); + (void *)seed3, (size_t)seed3_len); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, - (void *)seed4, (size_t)seed4_len); + (void *)seed4, (size_t)seed4_len); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, - (void *)seed5, (size_t)seed5_len); + (void *)seed5, (size_t)seed5_len); *p = OSSL_PARAM_construct_end(); if (EVP_KDF_derive(kctx, out, olen, params)) { EVP_KDF_CTX_free(kctx); return 1; } - err: +err: if (fatal) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); else @@ -89,24 +89,24 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num) /* Calls SSLfatal() as required */ ret = tls1_PRF(s, - TLS_MD_KEY_EXPANSION_CONST, - TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3.server_random, - SSL3_RANDOM_SIZE, s->s3.client_random, SSL3_RANDOM_SIZE, - NULL, 0, NULL, 0, s->session->master_key, - s->session->master_key_length, km, num, 1); + TLS_MD_KEY_EXPANSION_CONST, + TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3.server_random, + SSL3_RANDOM_SIZE, s->s3.client_random, SSL3_RANDOM_SIZE, + NULL, 0, NULL, 0, s->session->master_key, + s->session->master_key_length, km, num, 1); return ret; } #ifndef OPENSSL_NO_KTLS - /* - * Count the number of records that were not processed yet from record boundary. - * - * This function assumes that there are only fully formed records read in the - * record layer. If read_ahead is enabled, then this might be false and this - * function will fail. - */ -# ifndef OPENSSL_NO_KTLS_RX +/* + * Count the number of records that were not processed yet from record boundary. + * + * This function assumes that there are only fully formed records read in the + * record layer. If read_ahead is enabled, then this might be false and this + * function will fail. + */ +#ifndef OPENSSL_NO_KTLS_RX static int count_unprocessed_records(SSL *s) { SSL3_BUFFER *rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); @@ -130,13 +130,12 @@ static int count_unprocessed_records(SSL *s) return count; } -# endif #endif - +#endif int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *ciph, - const EVP_MD *md) + const EVP_CIPHER *ciph, + const EVP_MD *md) { /* * Provided cipher, the TLS padding/MAC removal is performed provider @@ -147,20 +146,20 @@ int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, int imacsize = -1; if ((EVP_CIPHER_get_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0 - /* - * We look at s->ext.use_etm instead of SSL_READ_ETM() or - * SSL_WRITE_ETM() because this test applies to both reading - * and writing. - */ - && !s->ext.use_etm) + /* + * We look at s->ext.use_etm instead of SSL_READ_ETM() or + * SSL_WRITE_ETM() because this test applies to both reading + * and writing. + */ + && !s->ext.use_etm) imacsize = EVP_MD_get_size(md); if (imacsize >= 0) macsize = (size_t)imacsize; *pprm++ = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION, - &s->version); + &s->version); *pprm++ = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, - &macsize); + &macsize); *pprm = OSSL_PARAM_construct_end(); if (!EVP_CIPHER_CTX_set_params(ctx, params)) { @@ -171,7 +170,6 @@ int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, return 1; } - static int tls_iv_length_within_key_block(const EVP_CIPHER *c) { /* If GCM/CCM mode only part of IV comes from PRF */ @@ -203,10 +201,10 @@ int tls1_change_cipher_state(SSL *s, int which) ktls_crypto_info_t crypto_info; unsigned char *rec_seq; void *rl_sequence; -# ifndef OPENSSL_NO_KTLS_RX +#ifndef OPENSSL_NO_KTLS_RX int count_unprocessed; int bit; -# endif +#endif BIO *bio; #endif @@ -257,7 +255,7 @@ int tls1_change_cipher_state(SSL *s, int which) s->expand = COMP_CTX_new(comp->method); if (s->expand == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_COMPRESSION_LIBRARY_ERROR); + SSL_R_COMPRESSION_LIBRARY_ERROR); goto err; } } @@ -313,7 +311,7 @@ int tls1_change_cipher_state(SSL *s, int which) s->compress = COMP_CTX_new(comp->method); if (s->compress == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_COMPRESSION_LIBRARY_ERROR); + SSL_R_COMPRESSION_LIBRARY_ERROR); goto err; } } @@ -336,8 +334,7 @@ int tls1_change_cipher_state(SSL *s, int which) cl = EVP_CIPHER_get_key_length(c); j = cl; k = tls_iv_length_within_key_block(c); - if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || - (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { + if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { ms = &(p[0]); n = i + i; key = &(p[n]); @@ -364,8 +361,8 @@ int tls1_change_cipher_state(SSL *s, int which) if (!(EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) { if (mac_type == EVP_PKEY_HMAC) { mac_key = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", - s->ctx->propq, mac_secret, - *mac_secret_size); + s->ctx->propq, mac_secret, + *mac_secret_size); } else { /* * If its not HMAC then the only other types of MAC we support are @@ -373,12 +370,13 @@ int tls1_change_cipher_state(SSL *s, int which) * a MAC key. */ mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret, - (int)*mac_secret_size); + (int)*mac_secret_size); } if (mac_key == NULL || EVP_DigestSignInit_ex(mac_ctx, NULL, EVP_MD_get0_name(m), - s->ctx->libctx, s->ctx->propq, mac_key, - NULL) <= 0) { + s->ctx->libctx, s->ctx->propq, mac_key, + NULL) + <= 0) { EVP_PKEY_free(mac_key); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -386,22 +384,24 @@ int tls1_change_cipher_state(SSL *s, int which) EVP_PKEY_free(mac_key); } - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "which = %04X, mac key:\n", which); BIO_dump_indent(trc_out, ms, i, 4); - } OSSL_TRACE_END(TLS); + } + OSSL_TRACE_END(TLS); if (EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) { if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)) || EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k, - iv) <= 0) { + iv) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } } else if (EVP_CIPHER_get_mode(c) == EVP_CIPH_CCM_MODE) { int taglen; - if (s->s3.tmp. - new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) + if (s->s3.tmp.new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) taglen = EVP_CCM8_TLS_TAG_LEN; else taglen = EVP_CCM_TLS_TAG_LEN; @@ -423,7 +423,8 @@ int tls1_change_cipher_state(SSL *s, int which) if ((EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size && EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, - (int)*mac_secret_size, mac_secret) <= 0) { + (int)*mac_secret_size, mac_secret) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -433,7 +434,7 @@ int tls1_change_cipher_state(SSL *s, int which) * different to that in c if we have an ENGINE in use */ if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(dd)) != NULL - && !tls_provider_set_tls_params(s, dd, c, m)) { + && !tls_provider_set_tls_params(s, dd, c, m)) { /* SSLfatal already called */ goto err; } @@ -462,13 +463,12 @@ int tls1_change_cipher_state(SSL *s, int which) /* All future data will get encrypted by ktls. Flush the BIO or skip ktls */ if (which & SSL3_CC_WRITE) { - if (BIO_flush(bio) <= 0) - goto skip_ktls; + if (BIO_flush(bio) <= 0) + goto skip_ktls; } /* ktls doesn't support renegotiation */ - if ((BIO_get_ktls_send(s->wbio) && (which & SSL3_CC_WRITE)) || - (BIO_get_ktls_recv(s->rbio) && (which & SSL3_CC_READ))) { + if ((BIO_get_ktls_send(s->wbio) && (which & SSL3_CC_WRITE)) || (BIO_get_ktls_recv(s->rbio) && (which & SSL3_CC_READ))) { SSLfatal(s, SSL_AD_NO_RENEGOTIATION, ERR_R_INTERNAL_ERROR); goto err; } @@ -479,11 +479,11 @@ int tls1_change_cipher_state(SSL *s, int which) rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer); if (!ktls_configure_crypto(s, c, dd, rl_sequence, &crypto_info, &rec_seq, - iv, key, ms, *mac_secret_size)) + iv, key, ms, *mac_secret_size)) goto skip_ktls; if (which & SSL3_CC_READ) { -# ifndef OPENSSL_NO_KTLS_RX +#ifndef OPENSSL_NO_KTLS_RX count_unprocessed = count_unprocessed_records(s); if (count_unprocessed < 0) goto skip_ktls; @@ -497,9 +497,9 @@ int tls1_change_cipher_state(SSL *s, int which) } count_unprocessed--; } -# else +#else goto skip_ktls; -# endif +#endif } /* ktls works with user provided buffers directly */ @@ -509,19 +509,21 @@ int tls1_change_cipher_state(SSL *s, int which) SSL_set_options(s, SSL_OP_NO_RENEGOTIATION); } - skip_ktls: -#endif /* OPENSSL_NO_KTLS */ +skip_ktls: +#endif /* OPENSSL_NO_KTLS */ s->statem.enc_write_state = ENC_WRITE_STATE_VALID; - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "which = %04X, key:\n", which); BIO_dump_indent(trc_out, key, EVP_CIPHER_get_key_length(c), 4); BIO_printf(trc_out, "iv:\n"); BIO_dump_indent(trc_out, iv, k, 4); - } OSSL_TRACE_END(TLS); + } + OSSL_TRACE_END(TLS); return 1; - err: +err: return 0; } @@ -539,7 +541,7 @@ int tls1_setup_key_block(SSL *s) return 1; if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, &mac_type, - &mac_secret_size, &comp, s->ext.use_etm)) { + &mac_secret_size, &comp, s->ext.use_etm)) { /* Error is already recorded */ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); return 0; @@ -552,7 +554,7 @@ int tls1_setup_key_block(SSL *s) s->s3.tmp.new_mac_pkey_type = mac_type; s->s3.tmp.new_mac_secret_size = mac_secret_size; num = mac_secret_size + EVP_CIPHER_get_key_length(c) - + tls_iv_length_within_key_block(c); + + tls_iv_length_within_key_block(c); num *= 2; ssl3_cleanup_key_block(s); @@ -565,7 +567,8 @@ int tls1_setup_key_block(SSL *s) s->s3.tmp.key_block_length = num; s->s3.tmp.key_block = p; - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "key block length: %zu\n", num); BIO_printf(trc_out, "client random\n"); BIO_dump_indent(trc_out, s->s3.client_random, SSL3_RANDOM_SIZE, 4); @@ -573,19 +576,22 @@ int tls1_setup_key_block(SSL *s) BIO_dump_indent(trc_out, s->s3.server_random, SSL3_RANDOM_SIZE, 4); BIO_printf(trc_out, "master key\n"); BIO_dump_indent(trc_out, - s->session->master_key, - s->session->master_key_length, 4); - } OSSL_TRACE_END(TLS); + s->session->master_key, + s->session->master_key_length, 4); + } + OSSL_TRACE_END(TLS); if (!tls1_generate_key_block(s, p, num)) { /* SSLfatal() already called */ goto err; } - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "key block\n"); BIO_dump_indent(trc_out, p, num, 4); - } OSSL_TRACE_END(TLS); + } + OSSL_TRACE_END(TLS); if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) && s->method->version <= TLS1_VERSION) { @@ -605,12 +611,12 @@ int tls1_setup_key_block(SSL *s) } ret = 1; - err: +err: return ret; } size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, - unsigned char *out) + unsigned char *out) { size_t hashlen; unsigned char hash[EVP_MAX_MD_SIZE]; @@ -630,8 +636,8 @@ size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, } if (!tls1_PRF(s, str, slen, hash, hashlen, NULL, 0, NULL, 0, NULL, 0, - s->session->master_key, s->session->master_key_length, - out, finished_size, 1)) { + s->session->master_key, s->session->master_key_length, + out, finished_size, 1)) { /* SSLfatal() already called */ return 0; } @@ -640,7 +646,7 @@ size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, } int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, - size_t len, size_t *secret_size) + size_t len, size_t *secret_size) { if (s->session->flags & SSL_SESS_FLAG_EXTMS) { unsigned char hash[EVP_MAX_MD_SIZE * 2]; @@ -651,41 +657,44 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, * point (after client key exchange and before certificate verify) */ if (!ssl3_digest_cached_records(s, 1) - || !ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) { + || !ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) { /* SSLfatal() already called */ return 0; } - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "Handshake hashes:\n"); BIO_dump(trc_out, (char *)hash, hashlen); - } OSSL_TRACE_END(TLS); + } + OSSL_TRACE_END(TLS); if (!tls1_PRF(s, - TLS_MD_EXTENDED_MASTER_SECRET_CONST, - TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE, - hash, hashlen, - NULL, 0, - NULL, 0, - NULL, 0, p, len, out, - SSL3_MASTER_SECRET_SIZE, 1)) { + TLS_MD_EXTENDED_MASTER_SECRET_CONST, + TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE, + hash, hashlen, + NULL, 0, + NULL, 0, + NULL, 0, p, len, out, + SSL3_MASTER_SECRET_SIZE, 1)) { /* SSLfatal() already called */ return 0; } OPENSSL_cleanse(hash, hashlen); } else { if (!tls1_PRF(s, - TLS_MD_MASTER_SECRET_CONST, - TLS_MD_MASTER_SECRET_CONST_SIZE, - s->s3.client_random, SSL3_RANDOM_SIZE, - NULL, 0, - s->s3.server_random, SSL3_RANDOM_SIZE, - NULL, 0, p, len, out, - SSL3_MASTER_SECRET_SIZE, 1)) { - /* SSLfatal() already called */ + TLS_MD_MASTER_SECRET_CONST, + TLS_MD_MASTER_SECRET_CONST_SIZE, + s->s3.client_random, SSL3_RANDOM_SIZE, + NULL, 0, + s->s3.server_random, SSL3_RANDOM_SIZE, + NULL, 0, p, len, out, + SSL3_MASTER_SECRET_SIZE, 1)) { + /* SSLfatal() already called */ return 0; } } - OSSL_TRACE_BEGIN(TLS) { + OSSL_TRACE_BEGIN(TLS) + { BIO_printf(trc_out, "Premaster Secret:\n"); BIO_dump_indent(trc_out, p, len, 4); BIO_printf(trc_out, "Client Random:\n"); @@ -694,18 +703,19 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, BIO_dump_indent(trc_out, s->s3.server_random, SSL3_RANDOM_SIZE, 4); BIO_printf(trc_out, "Master Secret:\n"); BIO_dump_indent(trc_out, - s->session->master_key, - SSL3_MASTER_SECRET_SIZE, 4); - } OSSL_TRACE_END(TLS); + s->session->master_key, + SSL3_MASTER_SECRET_SIZE, 4); + } + OSSL_TRACE_END(TLS); *secret_size = SSL3_MASTER_SECRET_SIZE; return 1; } int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *context, - size_t contextlen, int use_context) + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context) { unsigned char *val = NULL; size_t vallen = 0, currentvalpos; @@ -748,39 +758,44 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, * the comparisons won't have buffer overflow */ if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST, - TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0) + TLS_MD_CLIENT_FINISH_CONST_SIZE) + == 0) goto err1; if (memcmp(val, TLS_MD_SERVER_FINISH_CONST, - TLS_MD_SERVER_FINISH_CONST_SIZE) == 0) + TLS_MD_SERVER_FINISH_CONST_SIZE) + == 0) goto err1; if (memcmp(val, TLS_MD_MASTER_SECRET_CONST, - TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) + TLS_MD_MASTER_SECRET_CONST_SIZE) + == 0) goto err1; if (memcmp(val, TLS_MD_EXTENDED_MASTER_SECRET_CONST, - TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE) == 0) + TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE) + == 0) goto err1; if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST, - TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) + TLS_MD_KEY_EXPANSION_CONST_SIZE) + == 0) goto err1; rv = tls1_PRF(s, - val, vallen, - NULL, 0, - NULL, 0, - NULL, 0, - NULL, 0, - s->session->master_key, s->session->master_key_length, - out, olen, 0); + val, vallen, + NULL, 0, + NULL, 0, + NULL, 0, + NULL, 0, + s->session->master_key, s->session->master_key_length, + out, olen, 0); goto ret; - err1: +err1: ERR_raise(ERR_LIB_SSL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); rv = 0; goto ret; - err2: +err2: ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); rv = 0; - ret: +ret: OPENSSL_clear_free(val, vallen); return rv; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index bbb3b514d77f..ac5ae3da2e5b 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -142,48 +142,48 @@ static struct { int nid; uint16_t group_id; } nid_to_group[] = { - {NID_sect163k1, OSSL_TLS_GROUP_ID_sect163k1}, - {NID_sect163r1, OSSL_TLS_GROUP_ID_sect163r1}, - {NID_sect163r2, OSSL_TLS_GROUP_ID_sect163r2}, - {NID_sect193r1, OSSL_TLS_GROUP_ID_sect193r1}, - {NID_sect193r2, OSSL_TLS_GROUP_ID_sect193r2}, - {NID_sect233k1, OSSL_TLS_GROUP_ID_sect233k1}, - {NID_sect233r1, OSSL_TLS_GROUP_ID_sect233r1}, - {NID_sect239k1, OSSL_TLS_GROUP_ID_sect239k1}, - {NID_sect283k1, OSSL_TLS_GROUP_ID_sect283k1}, - {NID_sect283r1, OSSL_TLS_GROUP_ID_sect283r1}, - {NID_sect409k1, OSSL_TLS_GROUP_ID_sect409k1}, - {NID_sect409r1, OSSL_TLS_GROUP_ID_sect409r1}, - {NID_sect571k1, OSSL_TLS_GROUP_ID_sect571k1}, - {NID_sect571r1, OSSL_TLS_GROUP_ID_sect571r1}, - {NID_secp160k1, OSSL_TLS_GROUP_ID_secp160k1}, - {NID_secp160r1, OSSL_TLS_GROUP_ID_secp160r1}, - {NID_secp160r2, OSSL_TLS_GROUP_ID_secp160r2}, - {NID_secp192k1, OSSL_TLS_GROUP_ID_secp192k1}, - {NID_X9_62_prime192v1, OSSL_TLS_GROUP_ID_secp192r1}, - {NID_secp224k1, OSSL_TLS_GROUP_ID_secp224k1}, - {NID_secp224r1, OSSL_TLS_GROUP_ID_secp224r1}, - {NID_secp256k1, OSSL_TLS_GROUP_ID_secp256k1}, - {NID_X9_62_prime256v1, OSSL_TLS_GROUP_ID_secp256r1}, - {NID_secp384r1, OSSL_TLS_GROUP_ID_secp384r1}, - {NID_secp521r1, OSSL_TLS_GROUP_ID_secp521r1}, - {NID_brainpoolP256r1, OSSL_TLS_GROUP_ID_brainpoolP256r1}, - {NID_brainpoolP384r1, OSSL_TLS_GROUP_ID_brainpoolP384r1}, - {NID_brainpoolP512r1, OSSL_TLS_GROUP_ID_brainpoolP512r1}, - {EVP_PKEY_X25519, OSSL_TLS_GROUP_ID_x25519}, - {EVP_PKEY_X448, OSSL_TLS_GROUP_ID_x448}, - {NID_id_tc26_gost_3410_2012_256_paramSetA, 0x0022}, - {NID_id_tc26_gost_3410_2012_256_paramSetB, 0x0023}, - {NID_id_tc26_gost_3410_2012_256_paramSetC, 0x0024}, - {NID_id_tc26_gost_3410_2012_256_paramSetD, 0x0025}, - {NID_id_tc26_gost_3410_2012_512_paramSetA, 0x0026}, - {NID_id_tc26_gost_3410_2012_512_paramSetB, 0x0027}, - {NID_id_tc26_gost_3410_2012_512_paramSetC, 0x0028}, - {NID_ffdhe2048, OSSL_TLS_GROUP_ID_ffdhe2048}, - {NID_ffdhe3072, OSSL_TLS_GROUP_ID_ffdhe3072}, - {NID_ffdhe4096, OSSL_TLS_GROUP_ID_ffdhe4096}, - {NID_ffdhe6144, OSSL_TLS_GROUP_ID_ffdhe6144}, - {NID_ffdhe8192, OSSL_TLS_GROUP_ID_ffdhe8192} + { NID_sect163k1, OSSL_TLS_GROUP_ID_sect163k1 }, + { NID_sect163r1, OSSL_TLS_GROUP_ID_sect163r1 }, + { NID_sect163r2, OSSL_TLS_GROUP_ID_sect163r2 }, + { NID_sect193r1, OSSL_TLS_GROUP_ID_sect193r1 }, + { NID_sect193r2, OSSL_TLS_GROUP_ID_sect193r2 }, + { NID_sect233k1, OSSL_TLS_GROUP_ID_sect233k1 }, + { NID_sect233r1, OSSL_TLS_GROUP_ID_sect233r1 }, + { NID_sect239k1, OSSL_TLS_GROUP_ID_sect239k1 }, + { NID_sect283k1, OSSL_TLS_GROUP_ID_sect283k1 }, + { NID_sect283r1, OSSL_TLS_GROUP_ID_sect283r1 }, + { NID_sect409k1, OSSL_TLS_GROUP_ID_sect409k1 }, + { NID_sect409r1, OSSL_TLS_GROUP_ID_sect409r1 }, + { NID_sect571k1, OSSL_TLS_GROUP_ID_sect571k1 }, + { NID_sect571r1, OSSL_TLS_GROUP_ID_sect571r1 }, + { NID_secp160k1, OSSL_TLS_GROUP_ID_secp160k1 }, + { NID_secp160r1, OSSL_TLS_GROUP_ID_secp160r1 }, + { NID_secp160r2, OSSL_TLS_GROUP_ID_secp160r2 }, + { NID_secp192k1, OSSL_TLS_GROUP_ID_secp192k1 }, + { NID_X9_62_prime192v1, OSSL_TLS_GROUP_ID_secp192r1 }, + { NID_secp224k1, OSSL_TLS_GROUP_ID_secp224k1 }, + { NID_secp224r1, OSSL_TLS_GROUP_ID_secp224r1 }, + { NID_secp256k1, OSSL_TLS_GROUP_ID_secp256k1 }, + { NID_X9_62_prime256v1, OSSL_TLS_GROUP_ID_secp256r1 }, + { NID_secp384r1, OSSL_TLS_GROUP_ID_secp384r1 }, + { NID_secp521r1, OSSL_TLS_GROUP_ID_secp521r1 }, + { NID_brainpoolP256r1, OSSL_TLS_GROUP_ID_brainpoolP256r1 }, + { NID_brainpoolP384r1, OSSL_TLS_GROUP_ID_brainpoolP384r1 }, + { NID_brainpoolP512r1, OSSL_TLS_GROUP_ID_brainpoolP512r1 }, + { EVP_PKEY_X25519, OSSL_TLS_GROUP_ID_x25519 }, + { EVP_PKEY_X448, OSSL_TLS_GROUP_ID_x448 }, + { NID_id_tc26_gost_3410_2012_256_paramSetA, 0x0022 }, + { NID_id_tc26_gost_3410_2012_256_paramSetB, 0x0023 }, + { NID_id_tc26_gost_3410_2012_256_paramSetC, 0x0024 }, + { NID_id_tc26_gost_3410_2012_256_paramSetD, 0x0025 }, + { NID_id_tc26_gost_3410_2012_512_paramSetA, 0x0026 }, + { NID_id_tc26_gost_3410_2012_512_paramSetB, 0x0027 }, + { NID_id_tc26_gost_3410_2012_512_paramSetC, 0x0028 }, + { NID_ffdhe2048, OSSL_TLS_GROUP_ID_ffdhe2048 }, + { NID_ffdhe3072, OSSL_TLS_GROUP_ID_ffdhe3072 }, + { NID_ffdhe4096, OSSL_TLS_GROUP_ID_ffdhe4096 }, + { NID_ffdhe6144, OSSL_TLS_GROUP_ID_ffdhe6144 }, + { NID_ffdhe8192, OSSL_TLS_GROUP_ID_ffdhe8192 } }; static const unsigned char ecformats_default[] = { @@ -194,23 +194,23 @@ static const unsigned char ecformats_default[] = { /* The default curves */ static const uint16_t supported_groups_default[] = { - 29, /* X25519 (29) */ - 23, /* secp256r1 (23) */ - 30, /* X448 (30) */ - 25, /* secp521r1 (25) */ - 24, /* secp384r1 (24) */ - 34, /* GC256A (34) */ - 35, /* GC256B (35) */ - 36, /* GC256C (36) */ - 37, /* GC256D (37) */ - 38, /* GC512A (38) */ - 39, /* GC512B (39) */ - 40, /* GC512C (40) */ - 0x100, /* ffdhe2048 (0x100) */ - 0x101, /* ffdhe3072 (0x101) */ - 0x102, /* ffdhe4096 (0x102) */ - 0x103, /* ffdhe6144 (0x103) */ - 0x104, /* ffdhe8192 (0x104) */ + 29, /* X25519 (29) */ + 23, /* secp256r1 (23) */ + 30, /* X448 (30) */ + 25, /* secp521r1 (25) */ + 24, /* secp384r1 (24) */ + 34, /* GC256A (34) */ + 35, /* GC256B (35) */ + 36, /* GC256C (36) */ + 37, /* GC256D (37) */ + 38, /* GC512A (38) */ + 39, /* GC512B (39) */ + 40, /* GC512C (40) */ + 0x100, /* ffdhe2048 (0x100) */ + 0x101, /* ffdhe3072 (0x101) */ + 0x102, /* ffdhe4096 (0x102) */ + 0x103, /* ffdhe6144 (0x103) */ + 0x104, /* ffdhe8192 (0x104) */ }; static const uint16_t suiteb_curves[] = { @@ -223,7 +223,7 @@ struct provider_group_data_st { OSSL_PROVIDER *provider; }; -#define TLS_GROUP_LIST_MALLOC_BLOCK_SIZE 10 +#define TLS_GROUP_LIST_MALLOC_BLOCK_SIZE 10 static OSSL_CALLBACK add_provider_groups; static int add_provider_groups(const OSSL_PARAM params[], void *data) { @@ -242,20 +242,20 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data) if (ctx->group_list_max_len == 0) tmp = OPENSSL_malloc(sizeof(TLS_GROUP_INFO) - * TLS_GROUP_LIST_MALLOC_BLOCK_SIZE); + * TLS_GROUP_LIST_MALLOC_BLOCK_SIZE); else tmp = OPENSSL_realloc(ctx->group_list, - (ctx->group_list_max_len - + TLS_GROUP_LIST_MALLOC_BLOCK_SIZE) - * sizeof(TLS_GROUP_INFO)); + (ctx->group_list_max_len + + TLS_GROUP_LIST_MALLOC_BLOCK_SIZE) + * sizeof(TLS_GROUP_INFO)); if (tmp == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 0; } ctx->group_list = tmp; memset(tmp + ctx->group_list_max_len, - 0, - sizeof(TLS_GROUP_INFO) * TLS_GROUP_LIST_MALLOC_BLOCK_SIZE); + 0, + sizeof(TLS_GROUP_INFO) * TLS_GROUP_LIST_MALLOC_BLOCK_SIZE); ctx->group_list_max_len += TLS_GROUP_LIST_MALLOC_BLOCK_SIZE; } @@ -367,7 +367,7 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data) EVP_KEYMGMT_free(keymgmt); } ERR_pop_to_mark(); - err: +err: if (ginf != NULL) { OPENSSL_free(ginf->tlsname); OPENSSL_free(ginf->realname); @@ -384,7 +384,7 @@ static int discover_provider_groups(OSSL_PROVIDER *provider, void *vctx) pgd.ctx = vctx; pgd.provider = provider; return OSSL_PROVIDER_get_capabilities(provider, "TLS-GROUP", - add_provider_groups, &pgd); + add_provider_groups, &pgd); } int ssl_load_groups(SSL_CTX *ctx) @@ -416,8 +416,8 @@ int ssl_load_groups(SSL_CTX *ctx) } memcpy(ctx->ext.supported_groups_default, - tmp_supp_groups, - num_deflt_grps * sizeof(tmp_supp_groups[0])); + tmp_supp_groups, + num_deflt_grps * sizeof(tmp_supp_groups[0])); ctx->ext.supported_groups_default_len = num_deflt_grps; return 1; @@ -429,7 +429,7 @@ static uint16_t tls1_group_name2id(SSL_CTX *ctx, const char *name) for (i = 0; i < ctx->group_list_len; i++) { if (strcmp(ctx->group_list[i].tlsname, name) == 0 - || strcmp(ctx->group_list[i].realname, name) == 0) + || strcmp(ctx->group_list[i].realname, name) == 0) return ctx->group_list[i].group_id; } @@ -459,8 +459,7 @@ int tls1_group_id2nid(uint16_t group_id, int include_unknown) * Return well known Group NIDs - for backwards compatibility. This won't * work for groups we don't know about. */ - for (i = 0; i < OSSL_NELEM(nid_to_group); i++) - { + for (i = 0; i < OSSL_NELEM(nid_to_group); i++) { if (nid_to_group[i].group_id == group_id) return nid_to_group[i].nid; } @@ -477,8 +476,7 @@ uint16_t tls1_nid2group_id(int nid) * Return well known Group ids - for backwards compatibility. This won't * work for groups we don't know about. */ - for (i = 0; i < OSSL_NELEM(nid_to_group); i++) - { + for (i = 0; i < OSSL_NELEM(nid_to_group); i++) { if (nid_to_group[i].nid == nid) return nid_to_group[i].group_id; } @@ -491,7 +489,7 @@ uint16_t tls1_nid2group_id(int nid) * the number of groups supported. */ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, - size_t *pgroupslen) + size_t *pgroupslen) { /* For Suite B mode only include P-256, P-384 */ switch (tls1_suiteb(s)) { @@ -523,7 +521,7 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, } int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion, - int isec, int *okfortls13) + int isec, int *okfortls13) { const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(s->ctx, group_id); int ret; @@ -554,12 +552,12 @@ int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion, ret &= (maxversion >= ginfo->mintls); if (ret && okfortls13 != NULL && maxversion == TLS1_3_VERSION) *okfortls13 = (ginfo->maxtls == 0) - || (ginfo->maxtls >= TLS1_3_VERSION); + || (ginfo->maxtls >= TLS1_3_VERSION); } ret &= !isec - || strcmp(ginfo->algorithm, "EC") == 0 - || strcmp(ginfo->algorithm, "X25519") == 0 - || strcmp(ginfo->algorithm, "X448") == 0; + || strcmp(ginfo->algorithm, "EC") == 0 + || strcmp(ginfo->algorithm, "X25519") == 0 + || strcmp(ginfo->algorithm, "X448") == 0; return ret; } @@ -576,7 +574,7 @@ int tls_group_allowed(SSL *s, uint16_t group, int op) gtmp[0] = group >> 8; gtmp[1] = group & 0xff; return ssl_security(s, op, ginfo->secbits, - tls1_group_id2nid(ginfo->group_id, 0), (void *)gtmp); + tls1_group_id2nid(ginfo->group_id, 0), (void *)gtmp); } /* Return 1 if "id" is in "list" */ @@ -641,7 +639,7 @@ uint16_t tls1_shared_group(SSL *s, int nmatch) const TLS_GROUP_INFO *inf; if (!tls1_in_list(id, supp, num_supp) - || !tls_group_allowed(s, id, SSL_SECOP_CURVE_SHARED)) + || !tls_group_allowed(s, id, SSL_SECOP_CURVE_SHARED)) continue; inf = tls1_group_id_lookup(ctx, id); if (!ossl_assert(inf != NULL)) @@ -650,20 +648,20 @@ uint16_t tls1_shared_group(SSL *s, int nmatch) if (inf->maxdtls == -1) continue; if ((inf->mindtls != 0 && DTLS_VERSION_LT(s->version, inf->mindtls)) - || (inf->maxdtls != 0 - && DTLS_VERSION_GT(s->version, inf->maxdtls))) + || (inf->maxdtls != 0 + && DTLS_VERSION_GT(s->version, inf->maxdtls))) continue; } else { if (inf->maxtls == -1) continue; if ((inf->mintls != 0 && s->version < inf->mintls) - || (inf->maxtls != 0 && s->version > inf->maxtls)) + || (inf->maxtls != 0 && s->version > inf->maxtls)) continue; } if (nmatch == k) return id; - k++; + k++; } if (nmatch == -1) return k; @@ -672,7 +670,7 @@ uint16_t tls1_shared_group(SSL *s, int nmatch) } int tls1_set_groups(uint16_t **pext, size_t *pextlen, - int *groups, size_t ngroups) + int *groups, size_t ngroups) { uint16_t *glist; size_t i; @@ -714,8 +712,8 @@ err: return 0; } -# define GROUPLIST_INCREMENT 40 -# define GROUP_NAME_BUFFER_LENGTH 64 +#define GROUPLIST_INCREMENT 40 +#define GROUP_NAME_BUFFER_LENGTH 64 typedef struct { SSL_CTX *ctx; size_t gidcnt; @@ -733,9 +731,8 @@ static int gid_cb(const char *elem, int len, void *arg) if (elem == NULL) return 0; if (garg->gidcnt == garg->gidmax) { - uint16_t *tmp = - OPENSSL_realloc(garg->gid_arr, - (garg->gidmax + GROUPLIST_INCREMENT) * sizeof(*garg->gid_arr)); + uint16_t *tmp = OPENSSL_realloc(garg->gid_arr, + (garg->gidmax + GROUPLIST_INCREMENT) * sizeof(*garg->gid_arr)); if (tmp == NULL) return 0; garg->gidmax += GROUPLIST_INCREMENT; @@ -749,7 +746,7 @@ static int gid_cb(const char *elem, int len, void *arg) gid = tls1_group_name2id(garg->ctx, etmp); if (gid == 0) { ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT, - "group '%s' cannot be set", etmp); + "group '%s' cannot be set", etmp); return 0; } for (i = 0; i < garg->gidcnt; i++) @@ -761,7 +758,7 @@ static int gid_cb(const char *elem, int len, void *arg) /* Set groups based on a colon separated list */ int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen, - const char *str) + const char *str) { gid_cb_st gcb; uint16_t *tmparr; @@ -791,14 +788,14 @@ int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen, *pext = tmparr; *pextlen = gcb.gidcnt; ret = 1; - end: +end: OPENSSL_free(gcb.gid_arr); return ret; } /* Check a group id matches preferences */ int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups) - { +{ const uint16_t *groups; size_t groups_len; @@ -845,12 +842,12 @@ int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups) * extension, so groups_len == 0 always means no extension. */ if (groups_len == 0) - return 1; + return 1; return tls1_in_list(group_id, groups, groups_len); } void tls1_get_formatlist(SSL *s, const unsigned char **pformats, - size_t *num_formats) + size_t *num_formats) { /* * If we have a custom point format list use it otherwise use default @@ -879,13 +876,12 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey) if (!EVP_PKEY_is_a(pkey, "EC")) return 1; - /* Get required compression id */ point_conv = EVP_PKEY_get_ec_point_conv_form(pkey); if (point_conv == 0) return 0; if (point_conv == POINT_CONVERSION_UNCOMPRESSED) { - comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; + comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; } else if (SSL_IS_TLS13(s)) { /* * ec_point_formats extension is not used in TLSv1.3 so we ignore @@ -964,10 +960,11 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md) else if (group_id == TLSEXT_curve_P_384) check_md = NID_ecdsa_with_SHA384; else - return 0; /* Should never happen */ + return 0; /* Should never happen */ for (i = 0; i < s->shared_sigalgslen; i++) { if (check_md == s->shared_sigalgs[i]->sigandhash) - return 1;; + return 1; + ; } return 0; } @@ -1042,111 +1039,110 @@ static const uint16_t tls12_sigalgs[] = { #endif }; - static const uint16_t suiteb_sigalgs[] = { TLSEXT_SIGALG_ecdsa_secp256r1_sha256, TLSEXT_SIGALG_ecdsa_secp384r1_sha384 }; static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { - {"ecdsa_secp256r1_sha256", TLSEXT_SIGALG_ecdsa_secp256r1_sha256, - NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, - NID_ecdsa_with_SHA256, NID_X9_62_prime256v1, 1}, - {"ecdsa_secp384r1_sha384", TLSEXT_SIGALG_ecdsa_secp384r1_sha384, - NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, - NID_ecdsa_with_SHA384, NID_secp384r1, 1}, - {"ecdsa_secp521r1_sha512", TLSEXT_SIGALG_ecdsa_secp521r1_sha512, - NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, - NID_ecdsa_with_SHA512, NID_secp521r1, 1}, - {"ed25519", TLSEXT_SIGALG_ed25519, - NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519, - NID_undef, NID_undef, 1}, - {"ed448", TLSEXT_SIGALG_ed448, - NID_undef, -1, EVP_PKEY_ED448, SSL_PKEY_ED448, - NID_undef, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_ecdsa_sha224, - NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, - NID_ecdsa_with_SHA224, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_ecdsa_sha1, - NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, - NID_ecdsa_with_SHA1, NID_undef, 1}, - {"rsa_pss_rsae_sha256", TLSEXT_SIGALG_rsa_pss_rsae_sha256, - NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, - NID_undef, NID_undef, 1}, - {"rsa_pss_rsae_sha384", TLSEXT_SIGALG_rsa_pss_rsae_sha384, - NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, - NID_undef, NID_undef, 1}, - {"rsa_pss_rsae_sha512", TLSEXT_SIGALG_rsa_pss_rsae_sha512, - NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, - NID_undef, NID_undef, 1}, - {"rsa_pss_pss_sha256", TLSEXT_SIGALG_rsa_pss_pss_sha256, - NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, - NID_undef, NID_undef, 1}, - {"rsa_pss_pss_sha384", TLSEXT_SIGALG_rsa_pss_pss_sha384, - NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, - NID_undef, NID_undef, 1}, - {"rsa_pss_pss_sha512", TLSEXT_SIGALG_rsa_pss_pss_sha512, - NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, - NID_undef, NID_undef, 1}, - {"rsa_pkcs1_sha256", TLSEXT_SIGALG_rsa_pkcs1_sha256, - NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_sha256WithRSAEncryption, NID_undef, 1}, - {"rsa_pkcs1_sha384", TLSEXT_SIGALG_rsa_pkcs1_sha384, - NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_sha384WithRSAEncryption, NID_undef, 1}, - {"rsa_pkcs1_sha512", TLSEXT_SIGALG_rsa_pkcs1_sha512, - NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_sha512WithRSAEncryption, NID_undef, 1}, - {"rsa_pkcs1_sha224", TLSEXT_SIGALG_rsa_pkcs1_sha224, - NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_sha224WithRSAEncryption, NID_undef, 1}, - {"rsa_pkcs1_sha1", TLSEXT_SIGALG_rsa_pkcs1_sha1, - NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_sha1WithRSAEncryption, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_dsa_sha256, - NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, - NID_dsa_with_SHA256, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_dsa_sha384, - NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, - NID_undef, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_dsa_sha512, - NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, - NID_undef, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_dsa_sha224, - NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, - NID_undef, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_dsa_sha1, - NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, - NID_dsaWithSHA1, NID_undef, 1}, + { "ecdsa_secp256r1_sha256", TLSEXT_SIGALG_ecdsa_secp256r1_sha256, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA256, NID_X9_62_prime256v1, 1 }, + { "ecdsa_secp384r1_sha384", TLSEXT_SIGALG_ecdsa_secp384r1_sha384, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA384, NID_secp384r1, 1 }, + { "ecdsa_secp521r1_sha512", TLSEXT_SIGALG_ecdsa_secp521r1_sha512, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA512, NID_secp521r1, 1 }, + { "ed25519", TLSEXT_SIGALG_ed25519, + NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519, + NID_undef, NID_undef, 1 }, + { "ed448", TLSEXT_SIGALG_ed448, + NID_undef, -1, EVP_PKEY_ED448, SSL_PKEY_ED448, + NID_undef, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_ecdsa_sha224, + NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA224, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_ecdsa_sha1, + NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA1, NID_undef, 1 }, + { "rsa_pss_rsae_sha256", TLSEXT_SIGALG_rsa_pss_rsae_sha256, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, + NID_undef, NID_undef, 1 }, + { "rsa_pss_rsae_sha384", TLSEXT_SIGALG_rsa_pss_rsae_sha384, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, + NID_undef, NID_undef, 1 }, + { "rsa_pss_rsae_sha512", TLSEXT_SIGALG_rsa_pss_rsae_sha512, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, + NID_undef, NID_undef, 1 }, + { "rsa_pss_pss_sha256", TLSEXT_SIGALG_rsa_pss_pss_sha256, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, + NID_undef, NID_undef, 1 }, + { "rsa_pss_pss_sha384", TLSEXT_SIGALG_rsa_pss_pss_sha384, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, + NID_undef, NID_undef, 1 }, + { "rsa_pss_pss_sha512", TLSEXT_SIGALG_rsa_pss_pss_sha512, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, + NID_undef, NID_undef, 1 }, + { "rsa_pkcs1_sha256", TLSEXT_SIGALG_rsa_pkcs1_sha256, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_sha256WithRSAEncryption, NID_undef, 1 }, + { "rsa_pkcs1_sha384", TLSEXT_SIGALG_rsa_pkcs1_sha384, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_sha384WithRSAEncryption, NID_undef, 1 }, + { "rsa_pkcs1_sha512", TLSEXT_SIGALG_rsa_pkcs1_sha512, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_sha512WithRSAEncryption, NID_undef, 1 }, + { "rsa_pkcs1_sha224", TLSEXT_SIGALG_rsa_pkcs1_sha224, + NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_sha224WithRSAEncryption, NID_undef, 1 }, + { "rsa_pkcs1_sha1", TLSEXT_SIGALG_rsa_pkcs1_sha1, + NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_sha1WithRSAEncryption, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_dsa_sha256, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_dsa_with_SHA256, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_dsa_sha384, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_undef, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_dsa_sha512, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_undef, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_dsa_sha224, + NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_undef, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_dsa_sha1, + NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_dsaWithSHA1, NID_undef, 1 }, #ifndef OPENSSL_NO_GOST - {NULL, TLSEXT_SIGALG_gostr34102012_256_intrinsic, - NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX, - NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256, - NID_undef, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_gostr34102012_512_intrinsic, - NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX, - NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512, - NID_undef, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, - NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX, - NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256, - NID_undef, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, - NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX, - NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512, - NID_undef, NID_undef, 1}, - {NULL, TLSEXT_SIGALG_gostr34102001_gostr3411, - NID_id_GostR3411_94, SSL_MD_GOST94_IDX, - NID_id_GostR3410_2001, SSL_PKEY_GOST01, - NID_undef, NID_undef, 1} + { NULL, TLSEXT_SIGALG_gostr34102012_256_intrinsic, + NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX, + NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256, + NID_undef, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_gostr34102012_512_intrinsic, + NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX, + NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512, + NID_undef, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, + NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX, + NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256, + NID_undef, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, + NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX, + NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512, + NID_undef, NID_undef, 1 }, + { NULL, TLSEXT_SIGALG_gostr34102001_gostr3411, + NID_id_GostR3411_94, SSL_MD_GOST94_IDX, + NID_id_GostR3410_2001, SSL_PKEY_GOST01, + NID_undef, NID_undef, 1 } #endif }; /* Legacy sigalgs for TLS < 1.2 RSA TLS signatures */ static const SIGALG_LOOKUP legacy_rsa_sigalg = { "rsa_pkcs1_md5_sha1", 0, - NID_md5_sha1, SSL_MD_MD5_SHA1_IDX, - EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_undef, NID_undef, 1 + NID_md5_sha1, SSL_MD_MD5_SHA1_IDX, + EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_undef, NID_undef, 1 }; /* @@ -1179,7 +1175,7 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) ERR_set_mark(); for (i = 0, lu = sigalg_lookup_tbl; - i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { + i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { EVP_PKEY_CTX *pctx; cache[i] = *lu; @@ -1193,7 +1189,7 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) * independently - but not as a combination. We ignore this for now. */ if (lu->hash != NID_undef - && ctx->ssl_digest_methods[lu->hash_idx] == NULL) { + && ctx->ssl_digest_methods[lu->hash_idx] == NULL) { cache[i].enabled = 0; continue; } @@ -1213,7 +1209,7 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) cache = NULL; ret = 1; - err: +err: OPENSSL_free(cache); EVP_PKEY_free(tmpkey); return ret; @@ -1226,9 +1222,9 @@ static const SIGALG_LOOKUP *tls1_lookup_sigalg(const SSL *s, uint16_t sigalg) const SIGALG_LOOKUP *lu; for (i = 0, lu = s->ctx->sigalg_lookup_cache; - /* cache should have the same number of elements as sigalg_lookup_tbl */ - i < OSSL_NELEM(sigalg_lookup_tbl); - lu++, i++) { + /* cache should have the same number of elements as sigalg_lookup_tbl */ + i < OSSL_NELEM(sigalg_lookup_tbl); + lu++, i++) { if (lu->sigalg == sigalg) { if (!lu->enabled) return NULL; @@ -1265,7 +1261,7 @@ int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, const EVP_MD **pmd) */ #define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_get_size(md) + 2) static int rsa_pss_check_min_key_size(SSL_CTX *ctx, const EVP_PKEY *pkey, - const SIGALG_LOOKUP *lu) + const SIGALG_LOOKUP *lu) { const EVP_MD *md; @@ -1310,7 +1306,7 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) int real_idx; for (real_idx = SSL_PKEY_GOST12_512; real_idx >= SSL_PKEY_GOST01; - real_idx--) { + real_idx--) { if (s->cert->pkeys[real_idx].privatekey != NULL) { idx = real_idx; break; @@ -1325,11 +1321,11 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) int real_idx; for (real_idx = SSL_PKEY_GOST12_512; real_idx >= SSL_PKEY_GOST12_256; - real_idx--) { - if (s->cert->pkeys[real_idx].privatekey != NULL) { - idx = real_idx; - break; - } + real_idx--) { + if (s->cert->pkeys[real_idx].privatekey != NULL) { + idx = real_idx; + break; + } } } } else { @@ -1410,8 +1406,8 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs) */ int tls_check_sigalg_curve(const SSL *s, int curve) { - const uint16_t *sigs; - size_t siglen, i; + const uint16_t *sigs; + size_t siglen, i; if (s->cert->conf_sigalgs) { sigs = s->cert->conf_sigalgs; @@ -1427,8 +1423,8 @@ int tls_check_sigalg_curve(const SSL *s, int curve) if (lu == NULL) continue; if (lu->sig == EVP_PKEY_EC - && lu->curve != NID_undef - && curve == lu->curve) + && lu->curve != NID_undef + && curve == lu->curve) return 1; } @@ -1446,8 +1442,7 @@ static int sigalg_security_bits(SSL_CTX *ctx, const SIGALG_LOOKUP *lu) if (!tls1_lookup_md(ctx, lu, &md)) return 0; - if (md != NULL) - { + if (md != NULL) { int md_type = EVP_MD_get_type(md); /* Security bits: half digest bits */ @@ -1515,13 +1510,13 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) if (lu == NULL || (SSL_IS_TLS13(s) && (lu->hash == NID_sha1 || lu->hash == NID_sha224)) || (pkeyid != lu->sig - && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) { + && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE); return 0; } /* Check the sigalg is consistent with the key OID */ if (!ssl_cert_lookup_by_nid(EVP_PKEY_get_id(pkey), &cidx) - || lu->sig_idx != (int)cidx) { + || lu->sig_idx != (int)cidx) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE); return 0; } @@ -1531,7 +1526,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) /* Check point compression is permitted */ if (!tls1_check_pkey_comp(s, pkey)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_ILLEGAL_POINT_COMPRESSION); + SSL_R_ILLEGAL_POINT_COMPRESSION); return 0; } @@ -1555,7 +1550,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) if (sig != TLSEXT_SIGALG_ecdsa_secp256r1_sha256 && sig != TLSEXT_SIGALG_ecdsa_secp384r1_sha384) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_WRONG_SIGNATURE_TYPE); + SSL_R_WRONG_SIGNATURE_TYPE); return 0; } } @@ -1572,8 +1567,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) break; } /* Allow fallback to SHA1 if not strict mode */ - if (i == sent_sigslen && (lu->hash != NID_sha1 - || s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)) { + if (i == sent_sigslen && (lu->hash != NID_sha1 || s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); return 0; } @@ -1588,10 +1582,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) sigalgstr[0] = (sig >> 8) & 0xff; sigalgstr[1] = sig & 0xff; secbits = sigalg_security_bits(s->ctx, lu); - if (secbits == 0 || - !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, - md != NULL ? EVP_MD_get_type(md) : NID_undef, - (void *)sigalgstr)) { + if (secbits == 0 || !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, md != NULL ? EVP_MD_get_type(md) : NID_undef, (void *)sigalgstr)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); return 0; } @@ -1632,7 +1623,8 @@ int ssl_set_client_disabled(SSL *s) s->s3.tmp.mask_k = 0; ssl_set_sig_mask(&s->s3.tmp.mask_a, s, SSL_SECOP_SIGALG_MASK); if (ssl_get_min_max_version(s, &s->s3.tmp.min_ver, - &s->s3.tmp.max_ver, NULL) != 0) + &s->s3.tmp.max_ver, NULL) + != 0) return 0; #ifndef OPENSSL_NO_PSK /* with PSK there must be client callback set */ @@ -1640,7 +1632,7 @@ int ssl_set_client_disabled(SSL *s) s->s3.tmp.mask_a |= SSL_aPSK; s->s3.tmp.mask_k |= SSL_PSK; } -#endif /* OPENSSL_NO_PSK */ +#endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) { s->s3.tmp.mask_a |= SSL_aSRP; @@ -1674,14 +1666,13 @@ int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int ecdhe) * in SSLv3 if we are a client */ if (min_tls == TLS1_VERSION && ecdhe - && (c->algorithm_mkey & (SSL_kECDHE | SSL_kECDHEPSK)) != 0) + && (c->algorithm_mkey & (SSL_kECDHE | SSL_kECDHEPSK)) != 0) min_tls = SSL3_VERSION; if ((min_tls > s->s3.tmp.max_ver) || (c->max_tls < s->s3.tmp.min_ver)) return 1; } - if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3.tmp.max_ver) - || DTLS_VERSION_LT(c->max_dtls, s->s3.tmp.min_ver))) + if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3.tmp.max_ver) || DTLS_VERSION_LT(c->max_dtls, s->s3.tmp.min_ver))) return 1; return !ssl_security(s, op, c->strength_bits, 0, (void *)c); @@ -1710,7 +1701,7 @@ int tls1_set_server_sigalgs(SSL *s) * the default algorithm for each certificate type */ if (s->s3.tmp.peer_cert_sigalgs == NULL - && s->s3.tmp.peer_sigalgs == NULL) { + && s->s3.tmp.peer_sigalgs == NULL) { const uint16_t *sent_sigs; size_t sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs); @@ -1723,8 +1714,8 @@ int tls1_set_server_sigalgs(SSL *s) /* Check default matches a type we sent */ for (j = 0; j < sent_sigslen; j++) { if (lu->sigalg == sent_sigs[j]) { - s->s3.tmp.valid_flags[i] = CERT_PKEY_SIGN; - break; + s->s3.tmp.valid_flags[i] = CERT_PKEY_SIGN; + break; } } } @@ -1740,7 +1731,7 @@ int tls1_set_server_sigalgs(SSL *s) /* Fatal error if no shared signature algorithms */ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS); + SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS); return 0; } @@ -1752,7 +1743,7 @@ int tls1_set_server_sigalgs(SSL *s) * point to the resulting session. */ SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, - SSL_SESSION **ret) + SSL_SESSION **ret) { size_t size; RAW_EXTENSION *ticketext; @@ -1775,7 +1766,7 @@ SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, size = PACKET_remaining(&ticketext->data); return tls_decrypt_ticket(s, PACKET_data(&ticketext->data), size, - hello->session_id, hello->session_id_len, ret); + hello->session_id, hello->session_id_len, ret); } /*- @@ -1802,8 +1793,8 @@ SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, * point to the resulting session. */ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, - size_t eticklen, const unsigned char *sess_id, - size_t sesslen, SSL_SESSION **psess) + size_t eticklen, const unsigned char *sess_id, + size_t sesslen, SSL_SESSION **psess) { SSL_SESSION *sess = NULL; unsigned char *sdec; @@ -1863,16 +1854,16 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, if (tctx->ext.ticket_key_evp_cb != NULL) rv = tctx->ext.ticket_key_evp_cb(s, nctick, - nctick + TLSEXT_KEYNAME_LENGTH, - ctx, - ssl_hmac_get0_EVP_MAC_CTX(hctx), - 0); + nctick + TLSEXT_KEYNAME_LENGTH, + ctx, + ssl_hmac_get0_EVP_MAC_CTX(hctx), + 0); #ifndef OPENSSL_NO_DEPRECATED_3_0 else if (tctx->ext.ticket_key_cb != NULL) /* if 0 is returned, write an empty ticket */ rv = tctx->ext.ticket_key_cb(s, nctick, - nctick + TLSEXT_KEYNAME_LENGTH, - ctx, ssl_hmac_get0_HMAC_CTX(hctx), 0); + nctick + TLSEXT_KEYNAME_LENGTH, + ctx, ssl_hmac_get0_HMAC_CTX(hctx), 0); #endif if (rv < 0) { ret = SSL_TICKET_FATAL_ERR_OTHER; @@ -1889,20 +1880,23 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, /* Check key name matches */ if (memcmp(etick, tctx->ext.tick_key_name, - TLSEXT_KEYNAME_LENGTH) != 0) { + TLSEXT_KEYNAME_LENGTH) + != 0) { ret = SSL_TICKET_NO_DECRYPT; goto end; } aes256cbc = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC", - s->ctx->propq); + s->ctx->propq); if (aes256cbc == NULL || ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, - sizeof(tctx->ext.secure->tick_hmac_key), - "SHA256") <= 0 + sizeof(tctx->ext.secure->tick_hmac_key), + "SHA256") + <= 0 || EVP_DecryptInit_ex(ctx, aes256cbc, NULL, - tctx->ext.secure->tick_aes_key, - etick + TLSEXT_KEYNAME_LENGTH) <= 0) { + tctx->ext.secure->tick_aes_key, + etick + TLSEXT_KEYNAME_LENGTH) + <= 0) { EVP_CIPHER_free(aes256cbc); ret = SSL_TICKET_FATAL_ERR_OTHER; goto end; @@ -1949,8 +1943,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, p = etick + TLSEXT_KEYNAME_LENGTH + ivlen; eticklen -= TLSEXT_KEYNAME_LENGTH + ivlen; sdec = OPENSSL_malloc(eticklen); - if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, - (int)eticklen) <= 0) { + if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, (int)eticklen) <= 0) { OPENSSL_free(sdec); ret = SSL_TICKET_FATAL_ERR_OTHER; goto end; @@ -1996,7 +1989,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, */ ret = SSL_TICKET_NO_DECRYPT; - end: +end: EVP_CIPHER_CTX_free(ctx); ssl_hmac_free(hctx); @@ -2006,18 +1999,18 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, * performs any action */ if (s->session_ctx->decrypt_ticket_cb != NULL - && (ret == SSL_TICKET_EMPTY - || ret == SSL_TICKET_NO_DECRYPT - || ret == SSL_TICKET_SUCCESS - || ret == SSL_TICKET_SUCCESS_RENEW)) { + && (ret == SSL_TICKET_EMPTY + || ret == SSL_TICKET_NO_DECRYPT + || ret == SSL_TICKET_SUCCESS + || ret == SSL_TICKET_SUCCESS_RENEW)) { size_t keyname_len = eticklen; int retcb; if (keyname_len > TLSEXT_KEYNAME_LENGTH) keyname_len = TLSEXT_KEYNAME_LENGTH; retcb = s->session_ctx->decrypt_ticket_cb(s, sess, etick, keyname_len, - ret, - s->session_ctx->ticket_cb_data); + ret, + s->session_ctx->ticket_cb_data); switch (retcb) { case SSL_TICKET_RETURN_ABORT: ret = SSL_TICKET_FATAL_ERR_OTHER; @@ -2040,7 +2033,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, case SSL_TICKET_RETURN_USE: case SSL_TICKET_RETURN_USE_RENEW: if (ret != SSL_TICKET_SUCCESS - && ret != SSL_TICKET_SUCCESS_RENEW) + && ret != SSL_TICKET_SUCCESS_RENEW) ret = SSL_TICKET_FATAL_ERR_OTHER; else if (retcb == SSL_TICKET_RETURN_USE) ret = SSL_TICKET_SUCCESS; @@ -2093,14 +2086,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) return 0; if (lu->sig == NID_id_GostR3410_2012_256 - || lu->sig == NID_id_GostR3410_2012_512 - || lu->sig == NID_id_GostR3410_2001) { + || lu->sig == NID_id_GostR3410_2012_512 + || lu->sig == NID_id_GostR3410_2001) { /* We never allow GOST sig algs on the server with TLSv1.3 */ if (s->server && SSL_IS_TLS13(s)) return 0; if (!s->server - && s->method->version == TLS_ANY_VERSION - && s->s3.tmp.max_ver >= TLS1_3_VERSION) { + && s->method->version == TLS_ANY_VERSION + && s->s3.tmp.max_ver >= TLS1_3_VERSION) { int i, num; STACK_OF(SSL_CIPHER) *sk; @@ -2163,18 +2156,18 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) clu = ssl_cert_lookup_by_idx(lu->sig_idx); if (clu == NULL) - continue; + continue; /* If algorithm is disabled see if we can enable it */ if ((clu->amask & disabled_mask) != 0 - && tls12_sigalg_allowed(s, op, lu)) + && tls12_sigalg_allowed(s, op, lu)) disabled_mask &= ~clu->amask; } *pmask_a |= disabled_mask; } int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, - const uint16_t *psig, size_t psiglen) + const uint16_t *psig, size_t psiglen) { size_t i; int rv = 0; @@ -2183,7 +2176,7 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *psig); if (lu == NULL - || !tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) + || !tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) continue; if (!WPACKET_put_bytes_u16(pkt, *psig)) return 0; @@ -2191,10 +2184,7 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, * If TLS 1.3 must have at least one valid TLS 1.3 message * signing algorithm: i.e. neither RSA nor SHA1/SHA224 */ - if (rv == 0 && (!SSL_IS_TLS13(s) - || (lu->sig != EVP_PKEY_RSA - && lu->hash != NID_sha1 - && lu->hash != NID_sha224))) + if (rv == 0 && (!SSL_IS_TLS13(s) || (lu->sig != EVP_PKEY_RSA && lu->hash != NID_sha1 && lu->hash != NID_sha224))) rv = 1; } if (rv == 0) @@ -2204,8 +2194,8 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, /* Given preference and allowed sigalgs set shared sigalgs */ static size_t tls12_shared_sigalgs(SSL *s, const SIGALG_LOOKUP **shsig, - const uint16_t *pref, size_t preflen, - const uint16_t *allow, size_t allowlen) + const uint16_t *pref, size_t preflen, + const uint16_t *allow, size_t allowlen) { const uint16_t *ptmp, *atmp; size_t i, j, nmatch = 0; @@ -2214,7 +2204,7 @@ static size_t tls12_shared_sigalgs(SSL *s, const SIGALG_LOOKUP **shsig, /* Skip disabled hashes or signature algorithms */ if (lu == NULL - || !tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SHARED, lu)) + || !tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SHARED, lu)) continue; for (j = 0, atmp = allow; j < allowlen; j++, atmp++) { if (*ptmp == *atmp) { @@ -2290,7 +2280,7 @@ int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen) size >>= 1; - if ((buf = OPENSSL_malloc(size * sizeof(*buf))) == NULL) { + if ((buf = OPENSSL_malloc(size * sizeof(*buf))) == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 0; } @@ -2320,11 +2310,10 @@ int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert) if (cert) return tls1_save_u16(pkt, &s->s3.tmp.peer_cert_sigalgs, - &s->s3.tmp.peer_cert_sigalgslen); + &s->s3.tmp.peer_cert_sigalgslen); else return tls1_save_u16(pkt, &s->s3.tmp.peer_sigalgs, - &s->s3.tmp.peer_sigalgslen); - + &s->s3.tmp.peer_sigalgslen); } /* Set preferred digest for each key type */ @@ -2355,8 +2344,8 @@ int tls1_process_sigalgs(SSL *s) } int SSL_get_sigalgs(SSL *s, int idx, - int *psign, int *phash, int *psignhash, - unsigned char *rsig, unsigned char *rhash) + int *psign, int *phash, int *psignhash, + unsigned char *rsig, unsigned char *rhash) { uint16_t *psig = s->s3.tmp.peer_sigalgs; size_t numsigalgs = s->s3.tmp.peer_sigalgslen; @@ -2384,8 +2373,8 @@ int SSL_get_sigalgs(SSL *s, int idx, } int SSL_get_shared_sigalgs(SSL *s, int idx, - int *psign, int *phash, int *psignhash, - unsigned char *rsig, unsigned char *rhash) + int *psign, int *phash, int *psignhash, + unsigned char *rsig, unsigned char *rhash) { const SIGALG_LOOKUP *shsigalgs; if (s->shared_sigalgs == NULL @@ -2433,7 +2422,7 @@ static void get_sigorhash(int *psig, int *phash, const char *str) } } /* Maximum length of a signature algorithm string component */ -#define TLS_MAX_SIGSTRING_LEN 40 +#define TLS_MAX_SIGSTRING_LEN 40 static int sig_cb(const char *elem, int len, void *arg) { @@ -2462,7 +2451,7 @@ static int sig_cb(const char *elem, int len, void *arg) */ if (p == NULL) { for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); - i++, s++) { + i++, s++) { if (s->name != NULL && strcmp(etmp, s->name) == 0) { sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg; break; @@ -2480,7 +2469,7 @@ static int sig_cb(const char *elem, int len, void *arg) if (sig_alg == NID_undef || hash_alg == NID_undef) return 0; for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); - i++, s++) { + i++, s++) { if (s->hash == hash_alg && s->sig == sig_alg) { sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg; break; @@ -2516,7 +2505,7 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client) } int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen, - int client) + int client) { uint16_t *sigalgs; @@ -2557,7 +2546,7 @@ int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client) int sig_id = *psig_nids++; for (j = 0, curr = sigalg_lookup_tbl; j < OSSL_NELEM(sigalg_lookup_tbl); - j++, curr++) { + j++, curr++) { if (curr->hash == md_id && curr->sig == sig_id) { *sptr++ = curr->sigalg; break; @@ -2580,7 +2569,7 @@ int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client) return 1; - err: +err: OPENSSL_free(sigalgs); return 0; } @@ -2610,8 +2599,8 @@ static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid) } for (i = 0; i < sigalgslen; i++) { sigalg = use_pc_sigalgs - ? tls1_lookup_sigalg(s, s->s3.tmp.peer_cert_sigalgs[i]) - : s->shared_sigalgs[i]; + ? tls1_lookup_sigalg(s, s->s3.tmp.peer_cert_sigalgs[i]) + : s->shared_sigalgs[i]; if (sigalg != NULL && sig_nid == sigalg->sigandhash) return 1; } @@ -2641,14 +2630,14 @@ static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x) /* Flags which need to be set for a certificate when strict mode not set */ #define CERT_PKEY_VALID_FLAGS \ - (CERT_PKEY_EE_SIGNATURE|CERT_PKEY_EE_PARAM) + (CERT_PKEY_EE_SIGNATURE | CERT_PKEY_EE_PARAM) /* Strict mode flags */ -#define CERT_PKEY_STRICT_FLAGS \ - (CERT_PKEY_VALID_FLAGS|CERT_PKEY_CA_SIGNATURE|CERT_PKEY_CA_PARAM \ - | CERT_PKEY_ISSUER_NAME|CERT_PKEY_CERT_TYPE) +#define CERT_PKEY_STRICT_FLAGS \ + (CERT_PKEY_VALID_FLAGS | CERT_PKEY_CA_SIGNATURE | CERT_PKEY_CA_PARAM \ + | CERT_PKEY_ISSUER_NAME | CERT_PKEY_CERT_TYPE) int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, - int idx) + int idx) { int i; int rv = 0; @@ -2710,9 +2699,9 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, int default_nid; int rsign = 0; if (s->s3.tmp.peer_cert_sigalgs != NULL - || s->s3.tmp.peer_sigalgs != NULL) { + || s->s3.tmp.peer_sigalgs != NULL) { default_nid = 0; - /* If no sigalgs extension use defaults from RFC5246 */ + /* If no sigalgs extension use defaults from RFC5246 */ } else { switch (idx) { case SSL_PKEY_RSA: @@ -2797,7 +2786,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, /* Else not TLS 1.2, so mark EE and CA signing algorithms OK */ else if (check_flags) rv |= CERT_PKEY_EE_SIGNATURE | CERT_PKEY_CA_SIGNATURE; - skip_sigs: +skip_sigs: /* Check cert parameters are consistent */ if (tls1_check_cert_param(s, x, 1)) rv |= CERT_PKEY_EE_PARAM; @@ -2870,7 +2859,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, if (!check_flags || (rv & check_flags) == check_flags) rv |= CERT_PKEY_VALID; - end: +end: if (TLS1_get_version(s) >= TLS1_2_VERSION) rv |= *pvalid & (CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN); @@ -2955,18 +2944,18 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s) pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, "DH", s->ctx->propq); if (pctx == NULL - || EVP_PKEY_fromdata_init(pctx) != 1) + || EVP_PKEY_fromdata_init(pctx) != 1) goto err; tmpl = OSSL_PARAM_BLD_new(); if (tmpl == NULL - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p) - || !OSSL_PARAM_BLD_push_uint(tmpl, OSSL_PKEY_PARAM_FFC_G, 2)) + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p) + || !OSSL_PARAM_BLD_push_uint(tmpl, OSSL_PKEY_PARAM_FFC_G, 2)) goto err; params = OSSL_PARAM_BLD_to_param(tmpl); if (params == NULL - || EVP_PKEY_fromdata(pctx, &dhp, EVP_PKEY_KEY_PARAMETERS, params) != 1) + || EVP_PKEY_fromdata(pctx, &dhp, EVP_PKEY_KEY_PARAMETERS, params) != 1) goto err; err: @@ -3072,9 +3061,9 @@ static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu) /* If not recognised or not supported by cipher mask it is not suitable */ if (clu == NULL - || (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) == 0 - || (clu->nid == EVP_PKEY_RSA_PSS - && (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kRSA) != 0)) + || (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) == 0 + || (clu->nid == EVP_PKEY_RSA_PSS + && (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kRSA) != 0)) return -1; return s->s3.tmp.valid_flags[sig_idx] & CERT_PKEY_VALID ? sig_idx : -1; @@ -3087,7 +3076,7 @@ static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu) * Returns true if the cert is usable and false otherwise. */ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, - EVP_PKEY *pkey) + EVP_PKEY *pkey) { const SIGALG_LOOKUP *lu; int mdnid, pknid, supported; @@ -3101,8 +3090,8 @@ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, if (sig->hash != NID_undef) mdname = OBJ_nid2sn(sig->hash); supported = EVP_PKEY_digestsign_supports_digest(pkey, s->ctx->libctx, - mdname, - s->ctx->propq); + mdname, + s->ctx->propq); if (supported <= 0) return 0; @@ -3153,7 +3142,7 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) return 0; return check_cert_usable(s, sig, s->cert->pkeys[idx].x509, - s->cert->pkeys[idx].privatekey); + s->cert->pkeys[idx].privatekey); } /* @@ -3161,7 +3150,7 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) * specified signature scheme |sig|, or false otherwise. */ static int is_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, - EVP_PKEY *pkey) + EVP_PKEY *pkey) { size_t idx; @@ -3201,7 +3190,7 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey) if (!tls1_lookup_md(s->ctx, lu, NULL)) continue; if ((pkey == NULL && !has_usable_cert(s, lu, -1)) - || (pkey != NULL && !is_cert_usable(s, lu, x, pkey))) + || (pkey != NULL && !is_cert_usable(s, lu, x, pkey))) continue; tmppkey = (pkey != NULL) ? pkey @@ -3251,7 +3240,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) if (!fatalerrs) return 1; SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); + SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); return 0; } } else { @@ -3259,7 +3248,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) if (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aCERT)) return 1; if (!s->server && !ssl_has_cert(s, s->cert->key - s->cert->pkeys)) - return 1; + return 1; if (SSL_USE_SIGALGS(s)) { size_t i; @@ -3269,7 +3258,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) /* For Suite B need to match signature algorithm to curve */ if (tls1_suiteb(s)) curve = ssl_get_EC_curve_nid(s->cert->pkeys[SSL_PKEY_ECC] - .privatekey); + .privatekey); /* * Find highest preference signature algorithm matching @@ -3308,23 +3297,23 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) * we have to assume GOST support. */ if (i == s->shared_sigalgslen && s->s3.tmp.new_cipher->algorithm_auth & (SSL_aGOST01 | SSL_aGOST12)) { - if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { - if (!fatalerrs) - return 1; - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); - return 0; - } else { - i = 0; - sig_idx = lu->sig_idx; - } + if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { + if (!fatalerrs) + return 1; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); + return 0; + } else { + i = 0; + sig_idx = lu->sig_idx; + } } #endif if (i == s->shared_sigalgslen) { if (!fatalerrs) return 1; SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); + SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); return 0; } } else { @@ -3338,7 +3327,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) if (!fatalerrs) return 1; SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); + SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); return 0; } @@ -3346,14 +3335,14 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs); for (i = 0; i < sent_sigslen; i++, sent_sigs++) { if (lu->sigalg == *sent_sigs - && has_usable_cert(s, lu, lu->sig_idx)) + && has_usable_cert(s, lu, lu->sig_idx)) break; } if (i == sent_sigslen) { if (!fatalerrs) return 1; SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_WRONG_SIGNATURE_TYPE); + SSL_R_WRONG_SIGNATURE_TYPE); return 0; } } @@ -3362,7 +3351,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) if (!fatalerrs) return 1; SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); + SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); return 0; } } @@ -3378,7 +3367,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode) { if (mode != TLSEXT_max_fragment_length_DISABLED - && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) { + && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } @@ -3390,7 +3379,7 @@ int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode) int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode) { if (mode != TLSEXT_max_fragment_length_DISABLED - && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) { + && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } @@ -3418,7 +3407,7 @@ SSL_HMAC *ssl_hmac_new(const SSL_CTX *ctx) return NULL; #ifndef OPENSSL_NO_DEPRECATED_3_0 if (ctx->ext.ticket_key_evp_cb == NULL - && ctx->ext.ticket_key_cb != NULL) { + && ctx->ext.ticket_key_cb != NULL) { if (!ssl_hmac_old_new(ret)) goto err; return ret; @@ -3429,7 +3418,7 @@ SSL_HMAC *ssl_hmac_new(const SSL_CTX *ctx) goto err; EVP_MAC_free(mac); return ret; - err: +err: EVP_MAC_CTX_free(ret->ctx); EVP_MAC_free(mac); OPENSSL_free(ret); @@ -3481,7 +3470,7 @@ int ssl_hmac_update(SSL_HMAC *ctx, const unsigned char *data, size_t len) } int ssl_hmac_final(SSL_HMAC *ctx, unsigned char *md, size_t *len, - size_t max_size) + size_t max_size) { if (ctx->ctx != NULL) return EVP_MAC_final(ctx->ctx, md, len, max_size); @@ -3514,8 +3503,8 @@ int ssl_get_EC_curve_nid(const EVP_PKEY *pkey) } __owur int tls13_set_encoded_pub_key(EVP_PKEY *pkey, - const unsigned char *enckey, - size_t enckeylen) + const unsigned char *enckey, + size_t enckeylen) { if (EVP_PKEY_is_a(pkey, "DH")) { int bits = EVP_PKEY_get_bits(pkey); diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 405b1e6864a7..e11883dd4b58 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,15 +18,15 @@ typedef struct { const char *name; } ssl_trace_tbl; -# define ssl_trace_str(val, tbl) \ +#define ssl_trace_str(val, tbl) \ do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl)) -# define ssl_trace_list(bio, indent, msg, msglen, value, table) \ - do_ssl_trace_list(bio, indent, msg, msglen, value, \ - table, OSSL_NELEM(table)) +#define ssl_trace_list(bio, indent, msg, msglen, value, table) \ + do_ssl_trace_list(bio, indent, msg, msglen, value, \ + table, OSSL_NELEM(table)) static const char *do_ssl_trace_str(int val, const ssl_trace_tbl *tbl, - size_t ntbl) + size_t ntbl) { size_t i; @@ -38,8 +38,8 @@ static const char *do_ssl_trace_str(int val, const ssl_trace_tbl *tbl, } static int do_ssl_trace_list(BIO *bio, int indent, - const unsigned char *msg, size_t msglen, - size_t vlen, const ssl_trace_tbl *tbl, size_t ntbl) + const unsigned char *msg, size_t msglen, + size_t vlen, const ssl_trace_tbl *tbl, size_t ntbl) { int val; @@ -60,559 +60,559 @@ static int do_ssl_trace_list(BIO *bio, int indent, /* Version number */ static const ssl_trace_tbl ssl_version_tbl[] = { - {SSL3_VERSION, "SSL 3.0"}, - {TLS1_VERSION, "TLS 1.0"}, - {TLS1_1_VERSION, "TLS 1.1"}, - {TLS1_2_VERSION, "TLS 1.2"}, - {TLS1_3_VERSION, "TLS 1.3"}, - {DTLS1_VERSION, "DTLS 1.0"}, - {DTLS1_2_VERSION, "DTLS 1.2"}, - {DTLS1_BAD_VER, "DTLS 1.0 (bad)"} + { SSL3_VERSION, "SSL 3.0" }, + { TLS1_VERSION, "TLS 1.0" }, + { TLS1_1_VERSION, "TLS 1.1" }, + { TLS1_2_VERSION, "TLS 1.2" }, + { TLS1_3_VERSION, "TLS 1.3" }, + { DTLS1_VERSION, "DTLS 1.0" }, + { DTLS1_2_VERSION, "DTLS 1.2" }, + { DTLS1_BAD_VER, "DTLS 1.0 (bad)" } }; static const ssl_trace_tbl ssl_content_tbl[] = { - {SSL3_RT_CHANGE_CIPHER_SPEC, "ChangeCipherSpec"}, - {SSL3_RT_ALERT, "Alert"}, - {SSL3_RT_HANDSHAKE, "Handshake"}, - {SSL3_RT_APPLICATION_DATA, "ApplicationData"}, + { SSL3_RT_CHANGE_CIPHER_SPEC, "ChangeCipherSpec" }, + { SSL3_RT_ALERT, "Alert" }, + { SSL3_RT_HANDSHAKE, "Handshake" }, + { SSL3_RT_APPLICATION_DATA, "ApplicationData" }, }; /* Handshake types, sorted by ascending id */ static const ssl_trace_tbl ssl_handshake_tbl[] = { - {SSL3_MT_HELLO_REQUEST, "HelloRequest"}, - {SSL3_MT_CLIENT_HELLO, "ClientHello"}, - {SSL3_MT_SERVER_HELLO, "ServerHello"}, - {DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest"}, - {SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket"}, - {SSL3_MT_END_OF_EARLY_DATA, "EndOfEarlyData"}, - {SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions"}, - {SSL3_MT_CERTIFICATE, "Certificate"}, - {SSL3_MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange"}, - {SSL3_MT_CERTIFICATE_REQUEST, "CertificateRequest"}, - {SSL3_MT_SERVER_DONE, "ServerHelloDone"}, - {SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify"}, - {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"}, - {SSL3_MT_FINISHED, "Finished"}, - {SSL3_MT_CERTIFICATE_URL, "CertificateUrl"}, - {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"}, - {SSL3_MT_SUPPLEMENTAL_DATA, "SupplementalData"}, - {SSL3_MT_KEY_UPDATE, "KeyUpdate"}, -# ifndef OPENSSL_NO_NEXTPROTONEG - {SSL3_MT_NEXT_PROTO, "NextProto"}, -# endif - {SSL3_MT_MESSAGE_HASH, "MessageHash"} + { SSL3_MT_HELLO_REQUEST, "HelloRequest" }, + { SSL3_MT_CLIENT_HELLO, "ClientHello" }, + { SSL3_MT_SERVER_HELLO, "ServerHello" }, + { DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest" }, + { SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket" }, + { SSL3_MT_END_OF_EARLY_DATA, "EndOfEarlyData" }, + { SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions" }, + { SSL3_MT_CERTIFICATE, "Certificate" }, + { SSL3_MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange" }, + { SSL3_MT_CERTIFICATE_REQUEST, "CertificateRequest" }, + { SSL3_MT_SERVER_DONE, "ServerHelloDone" }, + { SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify" }, + { SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange" }, + { SSL3_MT_FINISHED, "Finished" }, + { SSL3_MT_CERTIFICATE_URL, "CertificateUrl" }, + { SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus" }, + { SSL3_MT_SUPPLEMENTAL_DATA, "SupplementalData" }, + { SSL3_MT_KEY_UPDATE, "KeyUpdate" }, +#ifndef OPENSSL_NO_NEXTPROTONEG + { SSL3_MT_NEXT_PROTO, "NextProto" }, +#endif + { SSL3_MT_MESSAGE_HASH, "MessageHash" } }; /* Cipher suites */ static const ssl_trace_tbl ssl_ciphers_tbl[] = { - {0x0000, "TLS_NULL_WITH_NULL_NULL"}, - {0x0001, "TLS_RSA_WITH_NULL_MD5"}, - {0x0002, "TLS_RSA_WITH_NULL_SHA"}, - {0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"}, - {0x0004, "TLS_RSA_WITH_RC4_128_MD5"}, - {0x0005, "TLS_RSA_WITH_RC4_128_SHA"}, - {0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"}, - {0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA"}, - {0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0009, "TLS_RSA_WITH_DES_CBC_SHA"}, - {0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"}, - {0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA"}, - {0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"}, - {0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA"}, - {0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA"}, - {0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"}, - {0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA"}, - {0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"}, - {0x0018, "TLS_DH_anon_WITH_RC4_128_MD5"}, - {0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}, - {0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA"}, - {0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"}, - {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"}, - {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"}, - {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"}, - {0x0020, "TLS_KRB5_WITH_RC4_128_SHA"}, - {0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA"}, - {0x0022, "TLS_KRB5_WITH_DES_CBC_MD5"}, - {0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"}, - {0x0024, "TLS_KRB5_WITH_RC4_128_MD5"}, - {0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5"}, - {0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"}, - {0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"}, - {0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"}, - {0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"}, - {0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"}, - {0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"}, - {0x002C, "TLS_PSK_WITH_NULL_SHA"}, - {0x002D, "TLS_DHE_PSK_WITH_NULL_SHA"}, - {0x002E, "TLS_RSA_PSK_WITH_NULL_SHA"}, - {0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA"}, - {0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"}, - {0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"}, - {0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"}, - {0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"}, - {0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA"}, - {0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA"}, - {0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"}, - {0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"}, - {0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"}, - {0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"}, - {0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA"}, - {0x003B, "TLS_RSA_WITH_NULL_SHA256"}, - {0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256"}, - {0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256"}, - {0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"}, - {0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"}, - {0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"}, - {0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"}, - {0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"}, - {0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"}, - {0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"}, - {0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"}, - {0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"}, - {0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"}, - {0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"}, - {0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT"}, - {0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411"}, - {0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"}, - {0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"}, - {0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"}, - {0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"}, - {0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"}, - {0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"}, - {0x008A, "TLS_PSK_WITH_RC4_128_SHA"}, - {0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA"}, - {0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA"}, - {0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA"}, - {0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA"}, - {0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"}, - {0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"}, - {0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"}, - {0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA"}, - {0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"}, - {0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"}, - {0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"}, - {0x0096, "TLS_RSA_WITH_SEED_CBC_SHA"}, - {0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA"}, - {0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA"}, - {0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA"}, - {0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA"}, - {0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA"}, - {0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256"}, - {0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384"}, - {0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"}, - {0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"}, - {0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"}, - {0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"}, - {0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"}, - {0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"}, - {0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"}, - {0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"}, - {0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256"}, - {0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384"}, - {0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256"}, - {0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384"}, - {0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"}, - {0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"}, - {0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"}, - {0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"}, - {0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256"}, - {0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384"}, - {0x00B0, "TLS_PSK_WITH_NULL_SHA256"}, - {0x00B1, "TLS_PSK_WITH_NULL_SHA384"}, - {0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"}, - {0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"}, - {0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256"}, - {0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384"}, - {0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"}, - {0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"}, - {0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256"}, - {0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384"}, - {0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"}, - {0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"}, - {0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"}, - {0x5600, "TLS_FALLBACK_SCSV"}, - {0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA"}, - {0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"}, - {0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"}, - {0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"}, - {0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"}, - {0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA"}, - {0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}, - {0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"}, - {0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"}, - {0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"}, - {0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA"}, - {0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA"}, - {0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"}, - {0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"}, - {0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA"}, - {0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA"}, - {0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}, - {0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}, - {0xC015, "TLS_ECDH_anon_WITH_NULL_SHA"}, - {0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA"}, - {0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"}, - {0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"}, - {0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"}, - {0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"}, - {0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"}, - {0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"}, - {0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"}, - {0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"}, - {0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"}, - {0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"}, - {0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"}, - {0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"}, - {0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"}, - {0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"}, - {0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"}, - {0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}, - {0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"}, - {0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"}, - {0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"}, - {0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}, - {0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}, - {0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"}, - {0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"}, - {0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}, - {0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}, - {0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"}, - {0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"}, - {0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA"}, - {0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"}, - {0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"}, - {0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"}, - {0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"}, - {0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"}, - {0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA"}, - {0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256"}, - {0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384"}, - {0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"}, - {0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"}, - {0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"}, - {0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"}, - {0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"}, - {0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"}, - {0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"}, - {0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"}, - {0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"}, - {0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"}, - {0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"}, - {0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"}, - {0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"}, - {0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"}, - {0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"}, - {0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"}, - {0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256"}, - {0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384"}, - {0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"}, - {0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"}, - {0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"}, - {0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"}, - {0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256"}, - {0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384"}, - {0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"}, - {0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"}, - {0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"}, - {0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"}, - {0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"}, - {0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"}, - {0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, - {0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, - {0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, - {0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, - {0xC09C, "TLS_RSA_WITH_AES_128_CCM"}, - {0xC09D, "TLS_RSA_WITH_AES_256_CCM"}, - {0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM"}, - {0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM"}, - {0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8"}, - {0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8"}, - {0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8"}, - {0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8"}, - {0xC0A4, "TLS_PSK_WITH_AES_128_CCM"}, - {0xC0A5, "TLS_PSK_WITH_AES_256_CCM"}, - {0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM"}, - {0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM"}, - {0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8"}, - {0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8"}, - {0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8"}, - {0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8"}, - {0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"}, - {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"}, - {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"}, - {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"}, - {0xC102, "IANA-GOST2012-GOST8912-GOST8912"}, - {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"}, - {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"}, - {0x1301, "TLS_AES_128_GCM_SHA256"}, - {0x1302, "TLS_AES_256_GCM_SHA384"}, - {0x1303, "TLS_CHACHA20_POLY1305_SHA256"}, - {0x1304, "TLS_AES_128_CCM_SHA256"}, - {0x1305, "TLS_AES_128_CCM_8_SHA256"}, - {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, - {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, - {0xFF85, "LEGACY-GOST2012-GOST8912-GOST8912"}, - {0xFF87, "GOST2012-NULL-GOST12"}, - {0xC100, "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC"}, - {0xC101, "GOST2012-MAGMA-MAGMAOMAC"}, - {0xC102, "GOST2012-GOST8912-IANA"}, + { 0x0000, "TLS_NULL_WITH_NULL_NULL" }, + { 0x0001, "TLS_RSA_WITH_NULL_MD5" }, + { 0x0002, "TLS_RSA_WITH_NULL_SHA" }, + { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" }, + { 0x0004, "TLS_RSA_WITH_RC4_128_MD5" }, + { 0x0005, "TLS_RSA_WITH_RC4_128_SHA" }, + { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" }, + { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" }, + { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" }, + { 0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA" }, + { 0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" }, + { 0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA" }, + { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" }, + { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" }, + { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" }, + { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" }, + { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" }, + { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" }, + { 0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA" }, + { 0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" }, + { 0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" }, + { 0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" }, + { 0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" }, + { 0x0020, "TLS_KRB5_WITH_RC4_128_SHA" }, + { 0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA" }, + { 0x0022, "TLS_KRB5_WITH_DES_CBC_MD5" }, + { 0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" }, + { 0x0024, "TLS_KRB5_WITH_RC4_128_MD5" }, + { 0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5" }, + { 0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" }, + { 0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" }, + { 0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" }, + { 0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" }, + { 0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" }, + { 0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" }, + { 0x002C, "TLS_PSK_WITH_NULL_SHA" }, + { 0x002D, "TLS_DHE_PSK_WITH_NULL_SHA" }, + { 0x002E, "TLS_RSA_PSK_WITH_NULL_SHA" }, + { 0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA" }, + { 0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" }, + { 0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" }, + { 0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" }, + { 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }, + { 0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" }, + { 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA" }, + { 0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" }, + { 0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" }, + { 0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" }, + { 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }, + { 0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" }, + { 0x003B, "TLS_RSA_WITH_NULL_SHA256" }, + { 0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256" }, + { 0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256" }, + { 0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" }, + { 0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" }, + { 0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" }, + { 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" }, + { 0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" }, + { 0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" }, + { 0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" }, + { 0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" }, + { 0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" }, + { 0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256" }, + { 0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256" }, + { 0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT" }, + { 0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411" }, + { 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" }, + { 0x008A, "TLS_PSK_WITH_RC4_128_SHA" }, + { 0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA" }, + { 0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA" }, + { 0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA" }, + { 0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA" }, + { 0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" }, + { 0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" }, + { 0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" }, + { 0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA" }, + { 0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" }, + { 0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" }, + { 0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" }, + { 0x0096, "TLS_RSA_WITH_SEED_CBC_SHA" }, + { 0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA" }, + { 0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA" }, + { 0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA" }, + { 0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA" }, + { 0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA" }, + { 0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256" }, + { 0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384" }, + { 0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" }, + { 0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" }, + { 0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" }, + { 0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" }, + { 0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" }, + { 0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" }, + { 0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" }, + { 0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" }, + { 0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256" }, + { 0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384" }, + { 0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256" }, + { 0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384" }, + { 0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" }, + { 0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" }, + { 0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" }, + { 0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" }, + { 0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256" }, + { 0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384" }, + { 0x00B0, "TLS_PSK_WITH_NULL_SHA256" }, + { 0x00B1, "TLS_PSK_WITH_NULL_SHA384" }, + { 0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" }, + { 0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" }, + { 0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256" }, + { 0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384" }, + { 0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" }, + { 0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" }, + { 0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256" }, + { 0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384" }, + { 0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" }, + { 0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" }, + { 0x5600, "TLS_FALLBACK_SCSV" }, + { 0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, + { 0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, + { 0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, + { 0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, + { 0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA" }, + { 0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" }, + { 0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" }, + { 0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" }, + { 0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA" }, + { 0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA" }, + { 0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" }, + { 0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" }, + { 0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA" }, + { 0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA" }, + { 0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" }, + { 0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" }, + { 0xC015, "TLS_ECDH_anon_WITH_NULL_SHA" }, + { 0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA" }, + { 0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" }, + { 0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" }, + { 0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" }, + { 0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" }, + { 0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" }, + { 0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" }, + { 0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" }, + { 0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" }, + { 0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" }, + { 0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" }, + { 0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" }, + { 0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" }, + { 0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" }, + { 0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" }, + { 0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" }, + { 0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" }, + { 0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" }, + { 0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" }, + { 0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" }, + { 0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" }, + { 0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }, + { 0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" }, + { 0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" }, + { 0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }, + { 0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" }, + { 0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" }, + { 0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" }, + { 0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA" }, + { 0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" }, + { 0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" }, + { 0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" }, + { 0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" }, + { 0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" }, + { 0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA" }, + { 0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256" }, + { 0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384" }, + { 0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" }, + { 0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" }, + { 0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" }, + { 0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" }, + { 0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256" }, + { 0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384" }, + { 0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" }, + { 0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" }, + { 0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" }, + { 0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" }, + { 0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" }, + { 0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" }, + { 0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" }, + { 0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" }, + { 0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" }, + { 0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" }, + { 0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256" }, + { 0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384" }, + { 0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" }, + { 0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" }, + { 0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" }, + { 0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" }, + { 0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256" }, + { 0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384" }, + { 0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" }, + { 0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" }, + { 0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" }, + { 0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" }, + { 0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" }, + { 0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" }, + { 0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, + { 0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, + { 0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, + { 0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, + { 0xC09C, "TLS_RSA_WITH_AES_128_CCM" }, + { 0xC09D, "TLS_RSA_WITH_AES_256_CCM" }, + { 0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM" }, + { 0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM" }, + { 0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8" }, + { 0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8" }, + { 0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8" }, + { 0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8" }, + { 0xC0A4, "TLS_PSK_WITH_AES_128_CCM" }, + { 0xC0A5, "TLS_PSK_WITH_AES_256_CCM" }, + { 0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM" }, + { 0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM" }, + { 0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8" }, + { 0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8" }, + { 0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8" }, + { 0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8" }, + { 0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" }, + { 0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" }, + { 0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" }, + { 0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" }, + { 0xC102, "IANA-GOST2012-GOST8912-GOST8912" }, + { 0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, + { 0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" }, + { 0x1301, "TLS_AES_128_GCM_SHA256" }, + { 0x1302, "TLS_AES_256_GCM_SHA384" }, + { 0x1303, "TLS_CHACHA20_POLY1305_SHA256" }, + { 0x1304, "TLS_AES_128_CCM_SHA256" }, + { 0x1305, "TLS_AES_128_CCM_8_SHA256" }, + { 0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA" }, + { 0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, + { 0xFF85, "LEGACY-GOST2012-GOST8912-GOST8912" }, + { 0xFF87, "GOST2012-NULL-GOST12" }, + { 0xC100, "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC" }, + { 0xC101, "GOST2012-MAGMA-MAGMAOMAC" }, + { 0xC102, "GOST2012-GOST8912-IANA" }, }; /* Compression methods */ static const ssl_trace_tbl ssl_comp_tbl[] = { - {0x0000, "No Compression"}, - {0x0001, "Zlib Compression"} + { 0x0000, "No Compression" }, + { 0x0001, "Zlib Compression" } }; /* Extensions sorted by ascending id */ static const ssl_trace_tbl ssl_exts_tbl[] = { - {TLSEXT_TYPE_server_name, "server_name"}, - {TLSEXT_TYPE_max_fragment_length, "max_fragment_length"}, - {TLSEXT_TYPE_client_certificate_url, "client_certificate_url"}, - {TLSEXT_TYPE_trusted_ca_keys, "trusted_ca_keys"}, - {TLSEXT_TYPE_truncated_hmac, "truncated_hmac"}, - {TLSEXT_TYPE_status_request, "status_request"}, - {TLSEXT_TYPE_user_mapping, "user_mapping"}, - {TLSEXT_TYPE_client_authz, "client_authz"}, - {TLSEXT_TYPE_server_authz, "server_authz"}, - {TLSEXT_TYPE_cert_type, "cert_type"}, - {TLSEXT_TYPE_supported_groups, "supported_groups"}, - {TLSEXT_TYPE_ec_point_formats, "ec_point_formats"}, - {TLSEXT_TYPE_srp, "srp"}, - {TLSEXT_TYPE_signature_algorithms, "signature_algorithms"}, - {TLSEXT_TYPE_use_srtp, "use_srtp"}, - {TLSEXT_TYPE_application_layer_protocol_negotiation, - "application_layer_protocol_negotiation"}, - {TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"}, - {TLSEXT_TYPE_padding, "padding"}, - {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"}, - {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"}, - {TLSEXT_TYPE_session_ticket, "session_ticket"}, - {TLSEXT_TYPE_psk, "psk"}, - {TLSEXT_TYPE_early_data, "early_data"}, - {TLSEXT_TYPE_supported_versions, "supported_versions"}, - {TLSEXT_TYPE_cookie, "cookie_ext"}, - {TLSEXT_TYPE_psk_kex_modes, "psk_key_exchange_modes"}, - {TLSEXT_TYPE_certificate_authorities, "certificate_authorities"}, - {TLSEXT_TYPE_post_handshake_auth, "post_handshake_auth"}, - {TLSEXT_TYPE_signature_algorithms_cert, "signature_algorithms_cert"}, - {TLSEXT_TYPE_key_share, "key_share"}, - {TLSEXT_TYPE_renegotiate, "renegotiate"}, -# ifndef OPENSSL_NO_NEXTPROTONEG - {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"}, -# endif + { TLSEXT_TYPE_server_name, "server_name" }, + { TLSEXT_TYPE_max_fragment_length, "max_fragment_length" }, + { TLSEXT_TYPE_client_certificate_url, "client_certificate_url" }, + { TLSEXT_TYPE_trusted_ca_keys, "trusted_ca_keys" }, + { TLSEXT_TYPE_truncated_hmac, "truncated_hmac" }, + { TLSEXT_TYPE_status_request, "status_request" }, + { TLSEXT_TYPE_user_mapping, "user_mapping" }, + { TLSEXT_TYPE_client_authz, "client_authz" }, + { TLSEXT_TYPE_server_authz, "server_authz" }, + { TLSEXT_TYPE_cert_type, "cert_type" }, + { TLSEXT_TYPE_supported_groups, "supported_groups" }, + { TLSEXT_TYPE_ec_point_formats, "ec_point_formats" }, + { TLSEXT_TYPE_srp, "srp" }, + { TLSEXT_TYPE_signature_algorithms, "signature_algorithms" }, + { TLSEXT_TYPE_use_srtp, "use_srtp" }, + { TLSEXT_TYPE_application_layer_protocol_negotiation, + "application_layer_protocol_negotiation" }, + { TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps" }, + { TLSEXT_TYPE_padding, "padding" }, + { TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac" }, + { TLSEXT_TYPE_extended_master_secret, "extended_master_secret" }, + { TLSEXT_TYPE_session_ticket, "session_ticket" }, + { TLSEXT_TYPE_psk, "psk" }, + { TLSEXT_TYPE_early_data, "early_data" }, + { TLSEXT_TYPE_supported_versions, "supported_versions" }, + { TLSEXT_TYPE_cookie, "cookie_ext" }, + { TLSEXT_TYPE_psk_kex_modes, "psk_key_exchange_modes" }, + { TLSEXT_TYPE_certificate_authorities, "certificate_authorities" }, + { TLSEXT_TYPE_post_handshake_auth, "post_handshake_auth" }, + { TLSEXT_TYPE_signature_algorithms_cert, "signature_algorithms_cert" }, + { TLSEXT_TYPE_key_share, "key_share" }, + { TLSEXT_TYPE_renegotiate, "renegotiate" }, +#ifndef OPENSSL_NO_NEXTPROTONEG + { TLSEXT_TYPE_next_proto_neg, "next_proto_neg" }, +#endif }; static const ssl_trace_tbl ssl_groups_tbl[] = { - {1, "sect163k1 (K-163)"}, - {2, "sect163r1"}, - {3, "sect163r2 (B-163)"}, - {4, "sect193r1"}, - {5, "sect193r2"}, - {6, "sect233k1 (K-233)"}, - {7, "sect233r1 (B-233)"}, - {8, "sect239k1"}, - {9, "sect283k1 (K-283)"}, - {10, "sect283r1 (B-283)"}, - {11, "sect409k1 (K-409)"}, - {12, "sect409r1 (B-409)"}, - {13, "sect571k1 (K-571)"}, - {14, "sect571r1 (B-571)"}, - {15, "secp160k1"}, - {16, "secp160r1"}, - {17, "secp160r2"}, - {18, "secp192k1"}, - {19, "secp192r1 (P-192)"}, - {20, "secp224k1"}, - {21, "secp224r1 (P-224)"}, - {22, "secp256k1"}, - {23, "secp256r1 (P-256)"}, - {24, "secp384r1 (P-384)"}, - {25, "secp521r1 (P-521)"}, - {26, "brainpoolP256r1"}, - {27, "brainpoolP384r1"}, - {28, "brainpoolP512r1"}, - {29, "ecdh_x25519"}, - {30, "ecdh_x448"}, - {34, "GC256A"}, - {35, "GC256B"}, - {36, "GC256C"}, - {37, "GC256D"}, - {38, "GC512A"}, - {39, "GC512B"}, - {40, "GC512C"}, - {256, "ffdhe2048"}, - {257, "ffdhe3072"}, - {258, "ffdhe4096"}, - {259, "ffdhe6144"}, - {260, "ffdhe8192"}, - {0xFF01, "arbitrary_explicit_prime_curves"}, - {0xFF02, "arbitrary_explicit_char2_curves"} + { 1, "sect163k1 (K-163)" }, + { 2, "sect163r1" }, + { 3, "sect163r2 (B-163)" }, + { 4, "sect193r1" }, + { 5, "sect193r2" }, + { 6, "sect233k1 (K-233)" }, + { 7, "sect233r1 (B-233)" }, + { 8, "sect239k1" }, + { 9, "sect283k1 (K-283)" }, + { 10, "sect283r1 (B-283)" }, + { 11, "sect409k1 (K-409)" }, + { 12, "sect409r1 (B-409)" }, + { 13, "sect571k1 (K-571)" }, + { 14, "sect571r1 (B-571)" }, + { 15, "secp160k1" }, + { 16, "secp160r1" }, + { 17, "secp160r2" }, + { 18, "secp192k1" }, + { 19, "secp192r1 (P-192)" }, + { 20, "secp224k1" }, + { 21, "secp224r1 (P-224)" }, + { 22, "secp256k1" }, + { 23, "secp256r1 (P-256)" }, + { 24, "secp384r1 (P-384)" }, + { 25, "secp521r1 (P-521)" }, + { 26, "brainpoolP256r1" }, + { 27, "brainpoolP384r1" }, + { 28, "brainpoolP512r1" }, + { 29, "ecdh_x25519" }, + { 30, "ecdh_x448" }, + { 34, "GC256A" }, + { 35, "GC256B" }, + { 36, "GC256C" }, + { 37, "GC256D" }, + { 38, "GC512A" }, + { 39, "GC512B" }, + { 40, "GC512C" }, + { 256, "ffdhe2048" }, + { 257, "ffdhe3072" }, + { 258, "ffdhe4096" }, + { 259, "ffdhe6144" }, + { 260, "ffdhe8192" }, + { 0xFF01, "arbitrary_explicit_prime_curves" }, + { 0xFF02, "arbitrary_explicit_char2_curves" } }; static const ssl_trace_tbl ssl_point_tbl[] = { - {0, "uncompressed"}, - {1, "ansiX962_compressed_prime"}, - {2, "ansiX962_compressed_char2"} + { 0, "uncompressed" }, + { 1, "ansiX962_compressed_prime" }, + { 2, "ansiX962_compressed_char2" } }; static const ssl_trace_tbl ssl_mfl_tbl[] = { - {0, "disabled"}, - {1, "max_fragment_length := 2^9 (512 bytes)"}, - {2, "max_fragment_length := 2^10 (1024 bytes)"}, - {3, "max_fragment_length := 2^11 (2048 bytes)"}, - {4, "max_fragment_length := 2^12 (4096 bytes)"} + { 0, "disabled" }, + { 1, "max_fragment_length := 2^9 (512 bytes)" }, + { 2, "max_fragment_length := 2^10 (1024 bytes)" }, + { 3, "max_fragment_length := 2^11 (2048 bytes)" }, + { 4, "max_fragment_length := 2^12 (4096 bytes)" } }; static const ssl_trace_tbl ssl_sigalg_tbl[] = { - {TLSEXT_SIGALG_ecdsa_secp256r1_sha256, "ecdsa_secp256r1_sha256"}, - {TLSEXT_SIGALG_ecdsa_secp384r1_sha384, "ecdsa_secp384r1_sha384"}, - {TLSEXT_SIGALG_ecdsa_secp521r1_sha512, "ecdsa_secp521r1_sha512"}, - {TLSEXT_SIGALG_ecdsa_sha224, "ecdsa_sha224"}, - {TLSEXT_SIGALG_ed25519, "ed25519"}, - {TLSEXT_SIGALG_ed448, "ed448"}, - {TLSEXT_SIGALG_ecdsa_sha1, "ecdsa_sha1"}, - {TLSEXT_SIGALG_rsa_pss_rsae_sha256, "rsa_pss_rsae_sha256"}, - {TLSEXT_SIGALG_rsa_pss_rsae_sha384, "rsa_pss_rsae_sha384"}, - {TLSEXT_SIGALG_rsa_pss_rsae_sha512, "rsa_pss_rsae_sha512"}, - {TLSEXT_SIGALG_rsa_pss_pss_sha256, "rsa_pss_pss_sha256"}, - {TLSEXT_SIGALG_rsa_pss_pss_sha384, "rsa_pss_pss_sha384"}, - {TLSEXT_SIGALG_rsa_pss_pss_sha512, "rsa_pss_pss_sha512"}, - {TLSEXT_SIGALG_rsa_pkcs1_sha256, "rsa_pkcs1_sha256"}, - {TLSEXT_SIGALG_rsa_pkcs1_sha384, "rsa_pkcs1_sha384"}, - {TLSEXT_SIGALG_rsa_pkcs1_sha512, "rsa_pkcs1_sha512"}, - {TLSEXT_SIGALG_rsa_pkcs1_sha224, "rsa_pkcs1_sha224"}, - {TLSEXT_SIGALG_rsa_pkcs1_sha1, "rsa_pkcs1_sha1"}, - {TLSEXT_SIGALG_dsa_sha256, "dsa_sha256"}, - {TLSEXT_SIGALG_dsa_sha384, "dsa_sha384"}, - {TLSEXT_SIGALG_dsa_sha512, "dsa_sha512"}, - {TLSEXT_SIGALG_dsa_sha224, "dsa_sha224"}, - {TLSEXT_SIGALG_dsa_sha1, "dsa_sha1"}, - {TLSEXT_SIGALG_gostr34102012_256_intrinsic, "gost2012_256"}, - {TLSEXT_SIGALG_gostr34102012_512_intrinsic, "gost2012_512"}, - {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, "gost2012_256"}, - {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, "gost2012_512"}, - {TLSEXT_SIGALG_gostr34102001_gostr3411, "gost2001_gost94"}, + { TLSEXT_SIGALG_ecdsa_secp256r1_sha256, "ecdsa_secp256r1_sha256" }, + { TLSEXT_SIGALG_ecdsa_secp384r1_sha384, "ecdsa_secp384r1_sha384" }, + { TLSEXT_SIGALG_ecdsa_secp521r1_sha512, "ecdsa_secp521r1_sha512" }, + { TLSEXT_SIGALG_ecdsa_sha224, "ecdsa_sha224" }, + { TLSEXT_SIGALG_ed25519, "ed25519" }, + { TLSEXT_SIGALG_ed448, "ed448" }, + { TLSEXT_SIGALG_ecdsa_sha1, "ecdsa_sha1" }, + { TLSEXT_SIGALG_rsa_pss_rsae_sha256, "rsa_pss_rsae_sha256" }, + { TLSEXT_SIGALG_rsa_pss_rsae_sha384, "rsa_pss_rsae_sha384" }, + { TLSEXT_SIGALG_rsa_pss_rsae_sha512, "rsa_pss_rsae_sha512" }, + { TLSEXT_SIGALG_rsa_pss_pss_sha256, "rsa_pss_pss_sha256" }, + { TLSEXT_SIGALG_rsa_pss_pss_sha384, "rsa_pss_pss_sha384" }, + { TLSEXT_SIGALG_rsa_pss_pss_sha512, "rsa_pss_pss_sha512" }, + { TLSEXT_SIGALG_rsa_pkcs1_sha256, "rsa_pkcs1_sha256" }, + { TLSEXT_SIGALG_rsa_pkcs1_sha384, "rsa_pkcs1_sha384" }, + { TLSEXT_SIGALG_rsa_pkcs1_sha512, "rsa_pkcs1_sha512" }, + { TLSEXT_SIGALG_rsa_pkcs1_sha224, "rsa_pkcs1_sha224" }, + { TLSEXT_SIGALG_rsa_pkcs1_sha1, "rsa_pkcs1_sha1" }, + { TLSEXT_SIGALG_dsa_sha256, "dsa_sha256" }, + { TLSEXT_SIGALG_dsa_sha384, "dsa_sha384" }, + { TLSEXT_SIGALG_dsa_sha512, "dsa_sha512" }, + { TLSEXT_SIGALG_dsa_sha224, "dsa_sha224" }, + { TLSEXT_SIGALG_dsa_sha1, "dsa_sha1" }, + { TLSEXT_SIGALG_gostr34102012_256_intrinsic, "gost2012_256" }, + { TLSEXT_SIGALG_gostr34102012_512_intrinsic, "gost2012_512" }, + { TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, "gost2012_256" }, + { TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, "gost2012_512" }, + { TLSEXT_SIGALG_gostr34102001_gostr3411, "gost2001_gost94" }, }; static const ssl_trace_tbl ssl_ctype_tbl[] = { - {1, "rsa_sign"}, - {2, "dss_sign"}, - {3, "rsa_fixed_dh"}, - {4, "dss_fixed_dh"}, - {5, "rsa_ephemeral_dh"}, - {6, "dss_ephemeral_dh"}, - {20, "fortezza_dms"}, - {64, "ecdsa_sign"}, - {65, "rsa_fixed_ecdh"}, - {66, "ecdsa_fixed_ecdh"}, - {67, "gost_sign256"}, - {68, "gost_sign512"}, + { 1, "rsa_sign" }, + { 2, "dss_sign" }, + { 3, "rsa_fixed_dh" }, + { 4, "dss_fixed_dh" }, + { 5, "rsa_ephemeral_dh" }, + { 6, "dss_ephemeral_dh" }, + { 20, "fortezza_dms" }, + { 64, "ecdsa_sign" }, + { 65, "rsa_fixed_ecdh" }, + { 66, "ecdsa_fixed_ecdh" }, + { 67, "gost_sign256" }, + { 68, "gost_sign512" }, }; static const ssl_trace_tbl ssl_psk_kex_modes_tbl[] = { - {TLSEXT_KEX_MODE_KE, "psk_ke"}, - {TLSEXT_KEX_MODE_KE_DHE, "psk_dhe_ke"} + { TLSEXT_KEX_MODE_KE, "psk_ke" }, + { TLSEXT_KEX_MODE_KE_DHE, "psk_dhe_ke" } }; static const ssl_trace_tbl ssl_key_update_tbl[] = { - {SSL_KEY_UPDATE_NOT_REQUESTED, "update_not_requested"}, - {SSL_KEY_UPDATE_REQUESTED, "update_requested"} + { SSL_KEY_UPDATE_NOT_REQUESTED, "update_not_requested" }, + { SSL_KEY_UPDATE_REQUESTED, "update_requested" } }; static void ssl_print_hex(BIO *bio, int indent, const char *name, - const unsigned char *msg, size_t msglen) + const unsigned char *msg, size_t msglen) { size_t i; @@ -624,7 +624,7 @@ static void ssl_print_hex(BIO *bio, int indent, const char *name, } static int ssl_print_hexbuf(BIO *bio, int indent, const char *name, size_t nlen, - const unsigned char **pmsg, size_t *pmsglen) + const unsigned char **pmsg, size_t *pmsglen) { size_t blen; const unsigned char *p = *pmsg; @@ -644,8 +644,8 @@ static int ssl_print_hexbuf(BIO *bio, int indent, const char *name, size_t nlen, } static int ssl_print_version(BIO *bio, int indent, const char *name, - const unsigned char **pmsg, size_t *pmsglen, - unsigned int *version) + const unsigned char **pmsg, size_t *pmsglen, + unsigned int *version) { int vers; @@ -656,14 +656,14 @@ static int ssl_print_version(BIO *bio, int indent, const char *name, *version = vers; BIO_indent(bio, indent, 80); BIO_printf(bio, "%s=0x%x (%s)\n", - name, vers, ssl_trace_str(vers, ssl_version_tbl)); + name, vers, ssl_trace_str(vers, ssl_version_tbl)); *pmsg += 2; *pmsglen -= 2; return 1; } static int ssl_print_random(BIO *bio, int indent, - const unsigned char **pmsg, size_t *pmsglen) + const unsigned char **pmsg, size_t *pmsglen) { unsigned int tm; const unsigned char *p = *pmsg; @@ -671,9 +671,9 @@ static int ssl_print_random(BIO *bio, int indent, if (*pmsglen < 32) return 0; tm = ((unsigned int)p[0] << 24) - | ((unsigned int)p[1] << 16) - | ((unsigned int)p[2] << 8) - | (unsigned int)p[3]; + | ((unsigned int)p[1] << 16) + | ((unsigned int)p[2] << 8) + | (unsigned int)p[3]; p += 4; BIO_indent(bio, indent, 80); BIO_puts(bio, "Random:\n"); @@ -686,7 +686,7 @@ static int ssl_print_random(BIO *bio, int indent, } static int ssl_print_signature(BIO *bio, int indent, const SSL *ssl, - const unsigned char **pmsg, size_t *pmsglen) + const unsigned char **pmsg, size_t *pmsglen) { if (*pmsglen < 2) return 0; @@ -696,7 +696,7 @@ static int ssl_print_signature(BIO *bio, int indent, const SSL *ssl, BIO_indent(bio, indent, 80); BIO_printf(bio, "Signature Algorithm: %s (0x%04x)\n", - ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); + ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); *pmsg += 2; *pmsglen -= 2; } @@ -704,8 +704,8 @@ static int ssl_print_signature(BIO *bio, int indent, const SSL *ssl, } static int ssl_print_extension(BIO *bio, int indent, int server, - unsigned char mt, int extype, - const unsigned char *ext, size_t extlen) + unsigned char mt, int extype, + const unsigned char *ext, size_t extlen) { size_t xlen, share_len; unsigned int sigalg; @@ -713,7 +713,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, BIO_indent(bio, indent, 80); BIO_printf(bio, "extension_type=%s(%d), length=%d\n", - ssl_trace_str(extype, ssl_exts_tbl), extype, (int)extlen); + ssl_trace_str(extype, ssl_exts_tbl), extype, (int)extlen); switch (extype) { case TLSEXT_TYPE_max_fragment_length: if (extlen < 1) @@ -770,7 +770,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, BIO_indent(bio, indent + 2, 80); sigalg = (ext[0] << 8) | ext[1]; BIO_printf(bio, "%s (0x%04x)\n", - ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); + ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); xlen -= 2; ext += 2; } @@ -813,7 +813,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, group_id = (ext[0] << 8) | ext[1]; BIO_indent(bio, indent + 4, 80); BIO_printf(bio, "NamedGroup: %s (%d)\n", - ssl_trace_str(group_id, ssl_groups_tbl), group_id); + ssl_trace_str(group_id, ssl_groups_tbl), group_id); break; } if (extlen < 2) @@ -839,7 +839,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, return 0; BIO_indent(bio, indent + 4, 80); BIO_printf(bio, "NamedGroup: %s (%d)\n", - ssl_trace_str(group_id, ssl_groups_tbl), group_id); + ssl_trace_str(group_id, ssl_groups_tbl), group_id); ssl_print_hex(bio, indent + 4, "key_exchange: ", ext, share_len); } break; @@ -853,7 +853,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, version = (ext[0] << 8) | ext[1]; BIO_indent(bio, indent + 4, 80); BIO_printf(bio, "%s (%d)\n", - ssl_trace_str(version, ssl_version_tbl), version); + ssl_trace_str(version, ssl_version_tbl), version); break; } if (extlen < 1) @@ -862,7 +862,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, if (extlen != xlen + 1) return 0; return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 2, - ssl_version_tbl); + ssl_version_tbl); case TLSEXT_TYPE_psk_kex_modes: if (extlen < 1) @@ -871,7 +871,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, if (extlen != xlen + 1) return 0; return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, - ssl_psk_kex_modes_tbl); + ssl_psk_kex_modes_tbl); case TLSEXT_TYPE_early_data: if (mt != SSL3_MT_NEWSESSION_TICKET) @@ -879,9 +879,9 @@ static int ssl_print_extension(BIO *bio, int indent, int server, if (extlen != 4) return 0; max_early_data = ((unsigned int)ext[0] << 24) - | ((unsigned int)ext[1] << 16) - | ((unsigned int)ext[2] << 8) - | (unsigned int)ext[3]; + | ((unsigned int)ext[1] << 16) + | ((unsigned int)ext[2] << 8) + | (unsigned int)ext[3]; BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "max_early_data=%u\n", max_early_data); break; @@ -893,8 +893,8 @@ static int ssl_print_extension(BIO *bio, int indent, int server, } static int ssl_print_extensions(BIO *bio, int indent, int server, - unsigned char mt, const unsigned char **msgin, - size_t *msginlen) + unsigned char mt, const unsigned char **msgin, + size_t *msginlen) { size_t extslen, msglen = *msginlen; const unsigned char *msg = *msgin; @@ -928,13 +928,13 @@ static int ssl_print_extensions(BIO *bio, int indent, int server, extlen = (msg[2] << 8) | msg[3]; if (extslen < extlen + 4) { BIO_printf(bio, "extensions, extype = %d, extlen = %d\n", extype, - (int)extlen); + (int)extlen); BIO_dump_indent(bio, (const char *)msg, extslen, indent + 2); return 0; } msg += 4; if (!ssl_print_extension(bio, indent + 2, server, mt, extype, msg, - extlen)) + extlen)) return 0; msg += extlen; extslen -= extlen + 4; @@ -946,7 +946,7 @@ static int ssl_print_extensions(BIO *bio, int indent, int server, } static int ssl_print_client_hello(BIO *bio, const SSL *ssl, int indent, - const unsigned char *msg, size_t msglen) + const unsigned char *msg, size_t msglen) { size_t len; unsigned int cs; @@ -974,7 +974,7 @@ static int ssl_print_client_hello(BIO *bio, const SSL *ssl, int indent, cs = (msg[0] << 8) | msg[1]; BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "{0x%02X, 0x%02X} %s\n", - msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); + msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); msg += 2; msglen -= 2; len -= 2; @@ -991,19 +991,19 @@ static int ssl_print_client_hello(BIO *bio, const SSL *ssl, int indent, while (len > 0) { BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "%s (0x%02X)\n", - ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); + ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); msg++; msglen--; len--; } if (!ssl_print_extensions(bio, indent, 0, SSL3_MT_CLIENT_HELLO, &msg, - &msglen)) + &msglen)) return 0; return 1; } static int dtls_print_hello_vfyrequest(BIO *bio, int indent, - const unsigned char *msg, size_t msglen) + const unsigned char *msg, size_t msglen) { if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, NULL)) return 0; @@ -1013,7 +1013,7 @@ static int dtls_print_hello_vfyrequest(BIO *bio, int indent, } static int ssl_print_server_hello(BIO *bio, int indent, - const unsigned char *msg, size_t msglen) + const unsigned char *msg, size_t msglen) { unsigned int cs; unsigned int vers; @@ -1023,14 +1023,14 @@ static int ssl_print_server_hello(BIO *bio, int indent, if (!ssl_print_random(bio, indent, &msg, &msglen)) return 0; if (vers != TLS1_3_VERSION - && !ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) + && !ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) return 0; if (msglen < 2) return 0; cs = (msg[0] << 8) | msg[1]; BIO_indent(bio, indent, 80); BIO_printf(bio, "cipher_suite {0x%02X, 0x%02X} %s\n", - msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); + msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); msg += 2; msglen -= 2; if (vers != TLS1_3_VERSION) { @@ -1038,12 +1038,12 @@ static int ssl_print_server_hello(BIO *bio, int indent, return 0; BIO_indent(bio, indent, 80); BIO_printf(bio, "compression_method: %s (0x%02X)\n", - ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); + ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); msg++; msglen--; } if (!ssl_print_extensions(bio, indent, 1, SSL3_MT_SERVER_HELLO, &msg, - &msglen)) + &msglen)) return 0; return 1; } @@ -1097,7 +1097,7 @@ static int ssl_get_keyex(const char **pname, const SSL *ssl) } static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl, - const unsigned char *msg, size_t msglen) + const unsigned char *msg, size_t msglen) { const char *algname; int id = ssl_get_keyex(&algname, ssl); @@ -1106,7 +1106,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl, BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); if (id & SSL_PSK) { if (!ssl_print_hexbuf(bio, indent + 2, - "psk_identity", 2, &msg, &msglen)) + "psk_identity", 2, &msg, &msglen)) return 0; } switch (id) { @@ -1115,10 +1115,10 @@ static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl, case SSL_kRSAPSK: if (TLS1_get_version(ssl) == SSL3_VERSION) { ssl_print_hex(bio, indent + 2, - "EncryptedPreMasterSecret", msg, msglen); + "EncryptedPreMasterSecret", msg, msglen); } else { if (!ssl_print_hexbuf(bio, indent + 2, - "EncryptedPreMasterSecret", 2, &msg, &msglen)) + "EncryptedPreMasterSecret", 2, &msg, &msglen)) return 0; } break; @@ -1140,7 +1140,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl, break; case SSL_kGOST18: ssl_print_hex(bio, indent + 2, - "GOST-wrapped PreMasterSecret", msg, msglen); + "GOST-wrapped PreMasterSecret", msg, msglen); msglen = 0; break; } @@ -1149,7 +1149,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl, } static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl, - const unsigned char *msg, size_t msglen) + const unsigned char *msg, size_t msglen) { const char *algname; int id = ssl_get_keyex(&algname, ssl); @@ -1158,7 +1158,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl, BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); if (id & SSL_PSK) { if (!ssl_print_hexbuf(bio, indent + 2, - "psk_identity_hint", 2, &msg, &msglen)) + "psk_identity_hint", 2, &msg, &msglen)) return 0; } switch (id) { @@ -1167,7 +1167,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl, if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2, &msg, &msglen)) return 0; if (!ssl_print_hexbuf(bio, indent + 2, "rsa_exponent", 2, - &msg, &msglen)) + &msg, &msglen)) return 0; break; @@ -1196,7 +1196,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl, return 0; curve = (msg[1] << 8) | msg[2]; BIO_printf(bio, "named_curve: %s (%d)\n", - ssl_trace_str(curve, ssl_groups_tbl), curve); + ssl_trace_str(curve, ssl_groups_tbl), curve); msg += 3; msglen -= 3; if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen)) @@ -1217,7 +1217,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl, } static int ssl_print_certificate(BIO *bio, int indent, - const unsigned char **pmsg, size_t *pmsglen) + const unsigned char **pmsg, size_t *pmsglen) { size_t msglen = *pmsglen; size_t clen; @@ -1234,7 +1234,7 @@ static int ssl_print_certificate(BIO *bio, int indent, BIO_printf(bio, "ASN.1Cert, length=%d", (int)clen); x = d2i_X509(NULL, &q, clen); if (!x) - BIO_puts(bio, "<UNPARSEABLE CERTIFICATE>\n"); + BIO_puts(bio, "<UNPARSABLE CERTIFICATE>\n"); else { BIO_puts(bio, "\n------details-----\n"); X509_print_ex(bio, x, XN_FLAG_ONELINE, 0); @@ -1252,13 +1252,13 @@ static int ssl_print_certificate(BIO *bio, int indent, } static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server, - int indent, const unsigned char *msg, - size_t msglen) + int indent, const unsigned char *msg, + size_t msglen) { size_t clen; if (SSL_IS_TLS13(ssl) - && !ssl_print_hexbuf(bio, indent, "context", 1, &msg, &msglen)) + && !ssl_print_hexbuf(bio, indent, "context", 1, &msg, &msglen)) return 0; if (msglen < 3) @@ -1274,15 +1274,14 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server, return 0; if (SSL_IS_TLS13(ssl) && !ssl_print_extensions(bio, indent + 2, server, - SSL3_MT_CERTIFICATE, &msg, &clen)) + SSL3_MT_CERTIFICATE, &msg, &clen)) return 0; - } return 1; } static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl, - const unsigned char *msg, size_t msglen) + const unsigned char *msg, size_t msglen) { size_t xlen; unsigned int sigalg; @@ -1291,7 +1290,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl, if (!ssl_print_hexbuf(bio, indent, "request_context", 1, &msg, &msglen)) return 0; if (!ssl_print_extensions(bio, indent, 1, - SSL3_MT_CERTIFICATE_REQUEST, &msg, &msglen)) + SSL3_MT_CERTIFICATE_REQUEST, &msg, &msglen)) return 0; return 1; } else { @@ -1322,7 +1321,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl, BIO_indent(bio, indent + 2, 80); sigalg = (msg[0] << 8) | msg[1]; BIO_printf(bio, "%s (0x%04x)\n", - ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); + ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); xlen -= 2; msg += 2; } @@ -1353,7 +1352,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl, p = msg; nm = d2i_X509_NAME(NULL, &p, dlen); if (!nm) { - BIO_puts(bio, "<UNPARSEABLE DN>\n"); + BIO_puts(bio, "<UNPARSABLE DN>\n"); } else { X509_NAME_print_ex(bio, nm, 0, XN_FLAG_ONELINE); BIO_puts(bio, "\n"); @@ -1364,14 +1363,14 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl, } if (SSL_IS_TLS13(ssl)) { if (!ssl_print_hexbuf(bio, indent, "request_extensions", 2, - &msg, &msglen)) + &msg, &msglen)) return 0; } return msglen == 0; } static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, - const unsigned char *msg, size_t msglen) + const unsigned char *msg, size_t msglen) { unsigned int tick_life; @@ -1383,9 +1382,9 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, if (msglen < 4) return 0; tick_life = ((unsigned int)msg[0] << 24) - | ((unsigned int)msg[1] << 16) - | ((unsigned int)msg[2] << 8) - | (unsigned int)msg[3]; + | ((unsigned int)msg[1] << 16) + | ((unsigned int)msg[2] << 8) + | (unsigned int)msg[3]; msglen -= 4; msg += 4; BIO_indent(bio, indent + 2, 80); @@ -1395,8 +1394,7 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, if (msglen < 4) return 0; - ticket_age_add = - ((unsigned int)msg[0] << 24) + ticket_age_add = ((unsigned int)msg[0] << 24) | ((unsigned int)msg[1] << 16) | ((unsigned int)msg[2] << 8) | (unsigned int)msg[3]; @@ -1405,14 +1403,14 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "ticket_age_add=%u\n", ticket_age_add); if (!ssl_print_hexbuf(bio, indent + 2, "ticket_nonce", 1, &msg, - &msglen)) + &msglen)) return 0; } if (!ssl_print_hexbuf(bio, indent + 2, "ticket", 2, &msg, &msglen)) return 0; if (SSL_IS_TLS13(ssl) - && !ssl_print_extensions(bio, indent + 2, 0, - SSL3_MT_NEWSESSION_TICKET, &msg, &msglen)) + && !ssl_print_extensions(bio, indent + 2, 0, + SSL3_MT_NEWSESSION_TICKET, &msg, &msglen)) return 0; if (msglen) return 0; @@ -1420,8 +1418,8 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, } static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server, - const unsigned char *msg, size_t msglen, - int indent) + const unsigned char *msg, size_t msglen, + int indent) { size_t hlen; unsigned char htype; @@ -1432,7 +1430,7 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server, hlen = (msg[1] << 16) | (msg[2] << 8) | msg[3]; BIO_indent(bio, indent, 80); BIO_printf(bio, "%s, Length=%d\n", - ssl_trace_str(htype, ssl_handshake_tbl), (int)hlen); + ssl_trace_str(htype, ssl_handshake_tbl), (int)hlen); msg += 4; msglen -= 4; if (SSL_IS_DTLS(ssl)) { @@ -1440,10 +1438,10 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server, return 0; BIO_indent(bio, indent, 80); BIO_printf(bio, "message_seq=%d, fragment_offset=%d, " - "fragment_length=%d\n", - (msg[0] << 8) | msg[1], - (msg[2] << 16) | (msg[3] << 8) | msg[4], - (msg[5] << 16) | (msg[6] << 8) | msg[7]); + "fragment_length=%d\n", + (msg[0] << 8) | msg[1], + (msg[2] << 16) | (msg[3] << 8) | msg[4], + (msg[5] << 16) | (msg[6] << 8) | msg[7]); msg += 8; msglen -= 8; } @@ -1506,7 +1504,7 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server, case SSL3_MT_ENCRYPTED_EXTENSIONS: if (!ssl_print_extensions(bio, indent + 2, 1, - SSL3_MT_ENCRYPTED_EXTENSIONS, &msg, &msglen)) + SSL3_MT_ENCRYPTED_EXTENSIONS, &msg, &msglen)) return 0; break; @@ -1516,7 +1514,7 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server, return 0; } if (!ssl_trace_list(bio, indent + 2, msg, msglen, 1, - ssl_key_update_tbl)) + ssl_key_update_tbl)) return 0; break; @@ -1529,49 +1527,46 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server, } void SSL_trace(int write_p, int version, int content_type, - const void *buf, size_t msglen, SSL *ssl, void *arg) + const void *buf, size_t msglen, SSL *ssl, void *arg) { const unsigned char *msg = buf; BIO *bio = arg; switch (content_type) { - case SSL3_RT_HEADER: - { - int hvers; + case SSL3_RT_HEADER: { + int hvers; - /* avoid overlapping with length at the end of buffer */ - if (msglen < (size_t)(SSL_IS_DTLS(ssl) ? - DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) { - BIO_puts(bio, write_p ? "Sent" : "Received"); - ssl_print_hex(bio, 0, " too short message", msg, msglen); - break; - } - hvers = msg[1] << 8 | msg[2]; + /* avoid overlapping with length at the end of buffer */ + if (msglen < (size_t)(SSL_IS_DTLS(ssl) ? DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) { BIO_puts(bio, write_p ? "Sent" : "Received"); - BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n", - ssl_trace_str(hvers, ssl_version_tbl), hvers); - if (SSL_IS_DTLS(ssl)) { - BIO_printf(bio, - " epoch=%d, sequence_number=%04x%04x%04x\n", - (msg[3] << 8 | msg[4]), - (msg[5] << 8 | msg[6]), - (msg[7] << 8 | msg[8]), (msg[9] << 8 | msg[10])); - } - - BIO_printf(bio, " Content Type = %s (%d)\n Length = %d", - ssl_trace_str(msg[0], ssl_content_tbl), msg[0], - msg[msglen - 2] << 8 | msg[msglen - 1]); + ssl_print_hex(bio, 0, " too short message", msg, msglen); + break; + } + hvers = msg[1] << 8 | msg[2]; + BIO_puts(bio, write_p ? "Sent" : "Received"); + BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n", + ssl_trace_str(hvers, ssl_version_tbl), hvers); + if (SSL_IS_DTLS(ssl)) { + BIO_printf(bio, + " epoch=%d, sequence_number=%04x%04x%04x\n", + (msg[3] << 8 | msg[4]), + (msg[5] << 8 | msg[6]), + (msg[7] << 8 | msg[8]), (msg[9] << 8 | msg[10])); } - break; + + BIO_printf(bio, " Content Type = %s (%d)\n Length = %d", + ssl_trace_str(msg[0], ssl_content_tbl), msg[0], + msg[msglen - 2] << 8 | msg[msglen - 1]); + } break; case SSL3_RT_INNER_CONTENT_TYPE: BIO_printf(bio, " Inner Content Type = %s (%d)", - ssl_trace_str(msg[0], ssl_content_tbl), msg[0]); + ssl_trace_str(msg[0], ssl_content_tbl), msg[0]); break; case SSL3_RT_HANDSHAKE: if (!ssl_print_handshake(bio, ssl, ssl->server ? write_p : !write_p, - msg, msglen, 4)) + msg, msglen, 4)) BIO_printf(bio, "Message length parse error!\n"); break; @@ -1587,10 +1582,9 @@ void SSL_trace(int write_p, int version, int content_type, BIO_puts(bio, " Illegal Alert Length\n"); else { BIO_printf(bio, " Level=%s(%d), description=%s(%d)\n", - SSL_alert_type_string_long(msg[0] << 8), - msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]); + SSL_alert_type_string_long(msg[0] << 8), + msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]); } - } BIO_puts(bio, "\n"); diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index ddcff5eb8911..396bf28f7d6c 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -16,7 +16,7 @@ #include <openssl/kdf.h> #include <openssl/core_names.h> -#define TLS13_MAX_LABEL_LEN 249 +#define TLS13_MAX_LABEL_LEN 249 #ifdef CHARSET_EBCDIC static const unsigned char label_prefix[] = { 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20, 0x00 }; @@ -32,12 +32,12 @@ static const unsigned char label_prefix[] = "tls13 "; * |fatal| is set. Returns 1 on success 0 on failure. */ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, - const unsigned char *label, size_t labellen, - const unsigned char *data, size_t datalen, - unsigned char *out, size_t outlen, int fatal) + const unsigned char *label, size_t labellen, + const unsigned char *data, size_t datalen, + unsigned char *out, size_t outlen, int fatal) { EVP_KDF *kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, - s->ctx->propq); + s->ctx->propq); EVP_KDF_CTX *kctx; OSSL_PARAM params[7], *p = params; int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY; @@ -76,18 +76,18 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, 0); + (char *)mdname, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, - (unsigned char *)secret, hashlen); + (unsigned char *)secret, hashlen); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PREFIX, - (unsigned char *)label_prefix, - sizeof(label_prefix) - 1); + (unsigned char *)label_prefix, + sizeof(label_prefix) - 1); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_LABEL, - (unsigned char *)label, labellen); + (unsigned char *)label, labellen); if (data != NULL) *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_DATA, - (unsigned char *)data, - datalen); + (unsigned char *)data, + datalen); *p++ = OSSL_PARAM_construct_end(); ret = EVP_KDF_derive(kctx, out, outlen, params) <= 0; @@ -108,16 +108,16 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, * success 0 on failure. */ int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret, - unsigned char *key, size_t keylen) + unsigned char *key, size_t keylen) { #ifdef CHARSET_EBCDIC - static const unsigned char keylabel[] ={ 0x6B, 0x65, 0x79, 0x00 }; + static const unsigned char keylabel[] = { 0x6B, 0x65, 0x79, 0x00 }; #else - static const unsigned char keylabel[] = "key"; + static const unsigned char keylabel[] = "key"; #endif return tls13_hkdf_expand(s, md, secret, keylabel, sizeof(keylabel) - 1, - NULL, 0, key, keylen, 1); + NULL, 0, key, keylen, 1); } /* @@ -125,30 +125,30 @@ int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret, * success 0 on failure. */ int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret, - unsigned char *iv, size_t ivlen) + unsigned char *iv, size_t ivlen) { #ifdef CHARSET_EBCDIC - static const unsigned char ivlabel[] = { 0x69, 0x76, 0x00 }; + static const unsigned char ivlabel[] = { 0x69, 0x76, 0x00 }; #else - static const unsigned char ivlabel[] = "iv"; + static const unsigned char ivlabel[] = "iv"; #endif return tls13_hkdf_expand(s, md, secret, ivlabel, sizeof(ivlabel) - 1, - NULL, 0, iv, ivlen, 1); + NULL, 0, iv, ivlen, 1); } int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, - const unsigned char *secret, - unsigned char *fin, size_t finlen) + const unsigned char *secret, + unsigned char *fin, size_t finlen) { #ifdef CHARSET_EBCDIC - static const unsigned char finishedlabel[] = { 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64, 0x00 }; + static const unsigned char finishedlabel[] = { 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64, 0x00 }; #else - static const unsigned char finishedlabel[] = "finished"; + static const unsigned char finishedlabel[] = "finished"; #endif return tls13_hkdf_expand(s, md, secret, finishedlabel, - sizeof(finishedlabel) - 1, NULL, 0, fin, finlen, 1); + sizeof(finishedlabel) - 1, NULL, 0, fin, finlen, 1); } /* @@ -157,10 +157,10 @@ int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, * pointed to by |outsecret|. Returns 1 on success 0 on failure. */ int tls13_generate_secret(SSL *s, const EVP_MD *md, - const unsigned char *prevsecret, - const unsigned char *insecret, - size_t insecretlen, - unsigned char *outsecret) + const unsigned char *prevsecret, + const unsigned char *insecret, + size_t insecretlen, + unsigned char *outsecret) { size_t mdlen; int mdleni; @@ -195,20 +195,20 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, 0); + (char *)mdname, 0); if (insecret != NULL) *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, - (unsigned char *)insecret, - insecretlen); + (unsigned char *)insecret, + insecretlen); if (prevsecret != NULL) *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, - (unsigned char *)prevsecret, mdlen); + (unsigned char *)prevsecret, mdlen); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PREFIX, - (unsigned char *)label_prefix, - sizeof(label_prefix) - 1); + (unsigned char *)label_prefix, + sizeof(label_prefix) - 1); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_LABEL, - (unsigned char *)derived_secret_label, - sizeof(derived_secret_label) - 1); + (unsigned char *)derived_secret_label, + sizeof(derived_secret_label) - 1); *p++ = OSSL_PARAM_construct_end(); ret = EVP_KDF_derive(kctx, outsecret, mdlen, params) <= 0; @@ -226,12 +226,12 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, * generated. Returns 1 on success 0 on failure. */ int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret, - size_t insecretlen) + size_t insecretlen) { /* Calls SSLfatal() if required */ return tls13_generate_secret(s, ssl_handshake_md(s), s->early_secret, - insecret, insecretlen, - (unsigned char *)&s->handshake_secret); + insecret, insecretlen, + (unsigned char *)&s->handshake_secret); } /* @@ -240,8 +240,8 @@ int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret, * failure. */ int tls13_generate_master_secret(SSL *s, unsigned char *out, - unsigned char *prev, size_t prevlen, - size_t *secret_size) + unsigned char *prev, size_t prevlen, + size_t *secret_size) { const EVP_MD *md = ssl_handshake_md(s); @@ -255,7 +255,7 @@ int tls13_generate_master_secret(SSL *s, unsigned char *out, * 0 on error. */ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, - unsigned char *out) + unsigned char *out) { const EVP_MD *md = ssl_handshake_md(s); const char *mdname = EVP_MD_get0_name(md); @@ -271,8 +271,8 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, /* Safe to cast away const here since we're not "getting" any data */ if (s->ctx->propq != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES, - (char *)s->ctx->propq, - 0); + (char *)s->ctx->propq, + 0); *p = OSSL_PARAM_construct_end(); if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) { @@ -286,21 +286,21 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, key = s->client_finished_secret; } else { if (!tls13_derive_finishedkey(s, md, - s->client_app_traffic_secret, - finsecret, hashlen)) + s->client_app_traffic_secret, + finsecret, hashlen)) goto err; key = finsecret; } if (!EVP_Q_mac(s->ctx->libctx, "HMAC", s->ctx->propq, mdname, - params, key, hashlen, hash, hashlen, - /* outsize as per sizeof(peer_finish_md) */ - out, EVP_MAX_MD_SIZE * 2, &len)) { + params, key, hashlen, hash, hashlen, + /* outsize as per sizeof(peer_finish_md) */ + out, EVP_MAX_MD_SIZE * 2, &len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } - err: +err: OPENSSL_cleanse(finsecret, sizeof(finsecret)); return len; } @@ -316,7 +316,7 @@ int tls13_setup_key_block(SSL *s) s->session->cipher = s->s3.tmp.new_cipher; if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, NULL, - 0)) { + 0)) { /* Error is already recorded */ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); return 0; @@ -331,13 +331,13 @@ int tls13_setup_key_block(SSL *s) } static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, - const EVP_CIPHER *ciph, - const unsigned char *insecret, - const unsigned char *hash, - const unsigned char *label, - size_t labellen, unsigned char *secret, - unsigned char *key, unsigned char *iv, - EVP_CIPHER_CTX *ciph_ctx) + const EVP_CIPHER *ciph, + const unsigned char *insecret, + const unsigned char *hash, + const unsigned char *label, + size_t labellen, unsigned char *secret, + unsigned char *key, unsigned char *iv, + EVP_CIPHER_CTX *ciph_ctx) { size_t ivlen, keylen, taglen; int hashleni = EVP_MD_get_size(md); @@ -351,7 +351,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, hashlen = (size_t)hashleni; if (!tls13_hkdf_expand(s, md, insecret, label, labellen, hash, hashlen, - secret, hashlen, 1)) { + secret, hashlen, 1)) { /* SSLfatal() already called */ return 0; } @@ -375,7 +375,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, } if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8)) taglen = EVP_CCM8_TLS_TAG_LEN; - else + else taglen = EVP_CCM_TLS_TAG_LEN; } else { ivlen = EVP_CIPHER_get_iv_length(ciph); @@ -383,15 +383,14 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, } if (!tls13_derive_key(s, md, secret, key, keylen) - || !tls13_derive_iv(s, md, secret, iv, ivlen)) { + || !tls13_derive_iv(s, md, secret, iv, ivlen)) { /* SSLfatal() already called */ return 0; } if (EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL, sending) <= 0 || EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) <= 0 - || (taglen != 0 && EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, - taglen, NULL) <= 0) + || (taglen != 0 && EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) <= 0) || EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, -1) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); return 0; @@ -403,14 +402,14 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, int tls13_change_cipher_state(SSL *s, int which) { #ifdef CHARSET_EBCDIC - static const unsigned char client_early_traffic[] = {0x63, 0x20, 0x65, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; - static const unsigned char client_handshake_traffic[] = {0x63, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; - static const unsigned char client_application_traffic[] = {0x63, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; - static const unsigned char server_handshake_traffic[] = {0x73, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; - static const unsigned char server_application_traffic[] = {0x73, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; - static const unsigned char exporter_master_secret[] = {0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; - static const unsigned char resumption_master_secret[] = {0x72, 0x65, 0x73, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; - static const unsigned char early_exporter_master_secret[] = {0x65, 0x20, 0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; + static const unsigned char client_early_traffic[] = { 0x63, 0x20, 0x65, 0x20, /*traffic*/ 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00 }; + static const unsigned char client_handshake_traffic[] = { 0x63, 0x20, 0x68, 0x73, 0x20, /*traffic*/ 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00 }; + static const unsigned char client_application_traffic[] = { 0x63, 0x20, 0x61, 0x70, 0x20, /*traffic*/ 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00 }; + static const unsigned char server_handshake_traffic[] = { 0x73, 0x20, 0x68, 0x73, 0x20, /*traffic*/ 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00 }; + static const unsigned char server_application_traffic[] = { 0x73, 0x20, 0x61, 0x70, 0x20, /*traffic*/ 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00 }; + static const unsigned char exporter_master_secret[] = { 0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00 }; + static const unsigned char resumption_master_secret[] = { 0x72, 0x65, 0x73, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00 }; + static const unsigned char early_exporter_master_secret[] = { 0x65, 0x20, 0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00 }; #else static const unsigned char client_early_traffic[] = "c e traffic"; static const unsigned char client_handshake_traffic[] = "c hs traffic"; @@ -473,7 +472,7 @@ int tls13_change_cipher_state(SSL *s, int which) } if (((which & SSL3_CC_CLIENT) && (which & SSL3_CC_WRITE)) - || ((which & SSL3_CC_SERVER) && (which & SSL3_CC_READ))) { + || ((which & SSL3_CC_SERVER) && (which & SSL3_CC_READ))) { if (which & SSL3_CC_EARLY) { EVP_MD_CTX *mdctx = NULL; long handlen; @@ -493,16 +492,15 @@ int tls13_change_cipher_state(SSL *s, int which) } if (s->early_data_state == SSL_EARLY_DATA_CONNECTING - && s->max_early_data > 0 - && s->session->ext.max_early_data == 0) { + && s->max_early_data > 0 + && s->session->ext.max_early_data == 0) { /* * If we are attempting to send early data, and we've decided to * actually do it but max_early_data in s->session is 0 then we * must be using an external PSK. */ if (!ossl_assert(s->psksession != NULL - && s->max_early_data == - s->psksession->ext.max_early_data)) { + && s->max_early_data == s->psksession->ext.max_early_data)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -537,8 +535,8 @@ int tls13_change_cipher_state(SSL *s, int which) md = ssl_md(s->ctx, sslcipher->algorithm2); if (md == NULL || !EVP_DigestInit_ex(mdctx, md, NULL) - || !EVP_DigestUpdate(mdctx, hdata, handlen) - || !EVP_DigestFinal_ex(mdctx, hashval, &hashlenui)) { + || !EVP_DigestUpdate(mdctx, hdata, handlen) + || !EVP_DigestFinal_ex(mdctx, hashval, &hashlenui)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); EVP_MD_CTX_free(mdctx); goto err; @@ -547,17 +545,17 @@ int tls13_change_cipher_state(SSL *s, int which) EVP_MD_CTX_free(mdctx); if (!tls13_hkdf_expand(s, md, insecret, - early_exporter_master_secret, - sizeof(early_exporter_master_secret) - 1, - hashval, hashlen, - s->early_exporter_master_secret, hashlen, - 1)) { + early_exporter_master_secret, + sizeof(early_exporter_master_secret) - 1, + hashval, hashlen, + s->early_exporter_master_secret, hashlen, + 1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } if (!ssl_log_secret(s, EARLY_EXPORTER_SECRET_LABEL, - s->early_exporter_master_secret, hashlen)) { + s->early_exporter_master_secret, hashlen)) { /* SSLfatal() already called */ goto err; } @@ -612,7 +610,7 @@ int tls13_change_cipher_state(SSL *s, int which) md = ssl_handshake_md(s); cipher = s->s3.tmp.new_sym_enc; if (!ssl3_digest_cached_records(s, 1) - || !ssl_handshake_hash(s, hashval, sizeof(hashval), &hashlen)) { + || !ssl_handshake_hash(s, hashval, sizeof(hashval), &hashlen)) { /* SSLfatal() already called */; goto err; } @@ -634,22 +632,22 @@ int tls13_change_cipher_state(SSL *s, int which) * hash for the whole handshake including the Client Finished */ if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret, - resumption_master_secret, - sizeof(resumption_master_secret) - 1, - hashval, hashlen, s->resumption_master_secret, - hashlen, 1)) { + resumption_master_secret, + sizeof(resumption_master_secret) - 1, + hashval, hashlen, s->resumption_master_secret, + hashlen, 1)) { /* SSLfatal() already called */ goto err; } } /* check whether cipher is known */ - if(!ossl_assert(cipher != NULL)) + if (!ossl_assert(cipher != NULL)) goto err; if (!derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher, - insecret, hash, label, labellen, secret, key, - iv, ciph_ctx)) { + insecret, hash, label, labellen, secret, key, + iv, ciph_ctx)) { /* SSLfatal() already called */ goto err; } @@ -658,16 +656,16 @@ int tls13_change_cipher_state(SSL *s, int which) memcpy(s->server_app_traffic_secret, secret, hashlen); /* Now we create the exporter master secret */ if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret, - exporter_master_secret, - sizeof(exporter_master_secret) - 1, - hash, hashlen, s->exporter_master_secret, - hashlen, 1)) { + exporter_master_secret, + sizeof(exporter_master_secret) - 1, + hash, hashlen, s->exporter_master_secret, + hashlen, 1)) { /* SSLfatal() already called */ goto err; } if (!ssl_log_secret(s, EXPORTER_SECRET_LABEL, s->exporter_master_secret, - hashlen)) { + hashlen)) { /* SSLfatal() already called */ goto err; } @@ -680,8 +678,8 @@ int tls13_change_cipher_state(SSL *s, int which) } if (finsecret != NULL - && !tls13_derive_finishedkey(s, ssl_handshake_md(s), secret, - finsecret, finsecretlen)) { + && !tls13_derive_finishedkey(s, ssl_handshake_md(s), secret, + finsecret, finsecretlen)) { /* SSLfatal() already called */ goto err; } @@ -691,10 +689,10 @@ int tls13_change_cipher_state(SSL *s, int which) else s->statem.enc_write_state = ENC_WRITE_STATE_VALID; #ifndef OPENSSL_NO_KTLS -# if defined(OPENSSL_KTLS_TLS13) +#if defined(OPENSSL_KTLS_TLS13) if (!(which & SSL3_CC_WRITE) - || !(which & SSL3_CC_APPLICATION) - || (s->options & SSL_OP_ENABLE_KTLS) == 0) + || !(which & SSL3_CC_APPLICATION) + || (s->options & SSL_OP_ENABLE_KTLS) == 0) goto skip_ktls; /* ktls supports only the maximum fragment size */ @@ -722,18 +720,18 @@ int tls13_change_cipher_state(SSL *s, int which) /* configure kernel crypto structure */ if (!ktls_configure_crypto(s, cipher, ciph_ctx, - RECORD_LAYER_get_write_sequence(&s->rlayer), - &crypto_info, NULL, iv, key, NULL, 0)) + RECORD_LAYER_get_write_sequence(&s->rlayer), + &crypto_info, NULL, iv, key, NULL, 0)) goto skip_ktls; /* ktls works with user provided buffers directly */ if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) ssl3_release_write_buffer(s); skip_ktls: -# endif +#endif #endif ret = 1; - err: +err: if ((which & SSL3_CC_EARLY) != 0) { /* We up-refed this so now we need to down ref */ ssl_evp_cipher_free(cipher); @@ -746,9 +744,9 @@ skip_ktls: int tls13_update_key(SSL *s, int sending) { #ifdef CHARSET_EBCDIC - static const unsigned char application_traffic[] = { 0x74, 0x72 ,0x61 ,0x66 ,0x66 ,0x69 ,0x63 ,0x20 ,0x75 ,0x70 ,0x64, 0x00}; + static const unsigned char application_traffic[] = { 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x20, 0x75, 0x70, 0x64, 0x00 }; #else - static const unsigned char application_traffic[] = "traffic upd"; + static const unsigned char application_traffic[] = "traffic upd"; #endif const EVP_MD *md = ssl_handshake_md(s); size_t hashlen; @@ -782,10 +780,10 @@ int tls13_update_key(SSL *s, int sending) } if (!derive_secret_key_and_iv(s, sending, md, - s->s3.tmp.new_sym_enc, insecret, NULL, - application_traffic, - sizeof(application_traffic) - 1, secret, key, - iv, ciph_ctx)) { + s->s3.tmp.new_sym_enc, insecret, NULL, + application_traffic, + sizeof(application_traffic) - 1, secret, key, + iv, ciph_ctx)) { /* SSLfatal() already called */ goto err; } @@ -801,7 +799,7 @@ int tls13_update_key(SSL *s, int sending) s->statem.enc_write_state = ENC_WRITE_STATE_VALID; ret = 1; - err: +err: OPENSSL_cleanse(key, sizeof(key)); OPENSSL_cleanse(secret, sizeof(secret)); return ret; @@ -817,13 +815,13 @@ int tls13_alert_code(int code) } int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *context, - size_t contextlen, int use_context) + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context) { unsigned char exportsecret[EVP_MAX_MD_SIZE]; #ifdef CHARSET_EBCDIC - static const unsigned char exporterlabel[] = {0x65, 0x78, 0x70, 0x6F, 0x72, 0x74, 0x65, 0x72, 0x00}; + static const unsigned char exporterlabel[] = { 0x65, 0x78, 0x70, 0x6F, 0x72, 0x74, 0x65, 0x72, 0x00 }; #else static const unsigned char exporterlabel[] = "exporter"; #endif @@ -840,33 +838,33 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, contextlen = 0; if (EVP_DigestInit_ex(ctx, md, NULL) <= 0 - || EVP_DigestUpdate(ctx, context, contextlen) <= 0 - || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0 - || EVP_DigestInit_ex(ctx, md, NULL) <= 0 - || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0 - || !tls13_hkdf_expand(s, md, s->exporter_master_secret, - (const unsigned char *)label, llen, - data, datalen, exportsecret, hashsize, 0) - || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel, - sizeof(exporterlabel) - 1, hash, hashsize, - out, olen, 0)) + || EVP_DigestUpdate(ctx, context, contextlen) <= 0 + || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0 + || EVP_DigestInit_ex(ctx, md, NULL) <= 0 + || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0 + || !tls13_hkdf_expand(s, md, s->exporter_master_secret, + (const unsigned char *)label, llen, + data, datalen, exportsecret, hashsize, 0) + || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel, + sizeof(exporterlabel) - 1, hash, hashsize, + out, olen, 0)) goto err; ret = 1; - err: +err: EVP_MD_CTX_free(ctx); return ret; } int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *context, - size_t contextlen) + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen) { #ifdef CHARSET_EBCDIC - static const unsigned char exporterlabel[] = {0x65, 0x78, 0x70, 0x6F, 0x72, 0x74, 0x65, 0x72, 0x00}; + static const unsigned char exporterlabel[] = { 0x65, 0x78, 0x70, 0x6F, 0x72, 0x74, 0x65, 0x72, 0x00 }; #else - static const unsigned char exporterlabel[] = "exporter"; + static const unsigned char exporterlabel[] = "exporter"; #endif unsigned char exportsecret[EVP_MAX_MD_SIZE]; unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE]; @@ -880,7 +878,7 @@ int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, goto err; if (!s->server && s->max_early_data > 0 - && s->session->ext.max_early_data == 0) + && s->session->ext.max_early_data == 0) sslcipher = SSL_SESSION_get0_cipher(s->psksession); else sslcipher = SSL_SESSION_get0_cipher(s->session); @@ -903,21 +901,21 @@ int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, * Here Transcript-Hash is the cipher suite hash algorithm. */ if (md == NULL - || EVP_DigestInit_ex(ctx, md, NULL) <= 0 - || EVP_DigestUpdate(ctx, context, contextlen) <= 0 - || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0 - || EVP_DigestInit_ex(ctx, md, NULL) <= 0 - || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0 - || !tls13_hkdf_expand(s, md, s->early_exporter_master_secret, - (const unsigned char *)label, llen, - data, datalen, exportsecret, hashsize, 0) - || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel, - sizeof(exporterlabel) - 1, hash, hashsize, - out, olen, 0)) + || EVP_DigestInit_ex(ctx, md, NULL) <= 0 + || EVP_DigestUpdate(ctx, context, contextlen) <= 0 + || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0 + || EVP_DigestInit_ex(ctx, md, NULL) <= 0 + || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0 + || !tls13_hkdf_expand(s, md, s->early_exporter_master_secret, + (const unsigned char *)label, llen, + data, datalen, exportsecret, hashsize, 0) + || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel, + sizeof(exporterlabel) - 1, hash, hashsize, + out, olen, 0)) goto err; ret = 1; - err: +err: EVP_MD_CTX_free(ctx); return ret; } diff --git a/ssl/tls_depr.c b/ssl/tls_depr.c index 1761ba1d8ef1..496272033d2a 100644 --- a/ssl/tls_depr.c +++ b/ssl/tls_depr.c @@ -67,8 +67,8 @@ const EVP_MD *tls_get_digest_from_engine(int nid) int tls_engine_load_ssl_client_cert(SSL *s, X509 **px509, EVP_PKEY **ppkey) { return ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, - SSL_get_client_CA_list(s), - px509, ppkey, NULL, NULL, NULL); + SSL_get_client_CA_list(s), + px509, ppkey, NULL, NULL, NULL); } #endif @@ -148,7 +148,7 @@ HMAC_CTX *ssl_hmac_get0_HMAC_CTX(SSL_HMAC *ctx) /* Some deprecated public APIs pass DH objects */ EVP_PKEY *ssl_dh_to_pkey(DH *dh) { -# ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_DH EVP_PKEY *ret; if (dh == NULL) @@ -159,16 +159,16 @@ EVP_PKEY *ssl_dh_to_pkey(DH *dh) return NULL; } return ret; -# else +#else return NULL; -# endif +#endif } /* Some deprecated public APIs pass EC_KEY objects */ int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen, - void *key) + void *key) { -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC const EC_GROUP *group = EC_KEY_get0_group((const EC_KEY *)key); int nid; @@ -180,9 +180,9 @@ int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen, if (nid == NID_undef) return 0; return tls1_set_groups(pext, pextlen, &nid, 1); -# else +#else return 0; -# endif +#endif } /* @@ -190,18 +190,17 @@ int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen, * ctx: the SSL context. * dh: the callback */ -# if !defined(OPENSSL_NO_DH) +#if !defined(OPENSSL_NO_DH) void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, - DH *(*dh) (SSL *ssl, int is_export, - int keylength)) + DH *(*dh)(SSL *ssl, int is_export, + int keylength)) { SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); } -void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, - int keylength)) +void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, int keylength)) { SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); } -# endif +#endif #endif /* OPENSSL_NO_DEPRECATED */ diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c index 872d1b66f8af..df4cb67500db 100644 --- a/ssl/tls_srp.c +++ b/ssl/tls_srp.c @@ -23,7 +23,7 @@ #include "ssl_local.h" #ifndef OPENSSL_NO_SRP -# include <openssl/srp.h> +#include <openssl/srp.h> /* * The public API SSL_CTX_SRP_CTX_free() is deprecated so we use @@ -96,50 +96,30 @@ int ssl_srp_ctx_init_intern(SSL *s) s->srp_ctx.SRP_cb_arg = ctx->srp_ctx.SRP_cb_arg; /* set client Hello login callback */ - s->srp_ctx.TLS_ext_srp_username_callback = - ctx->srp_ctx.TLS_ext_srp_username_callback; + s->srp_ctx.TLS_ext_srp_username_callback = ctx->srp_ctx.TLS_ext_srp_username_callback; /* set SRP N/g param callback for verification */ - s->srp_ctx.SRP_verify_param_callback = - ctx->srp_ctx.SRP_verify_param_callback; + s->srp_ctx.SRP_verify_param_callback = ctx->srp_ctx.SRP_verify_param_callback; /* set SRP client passwd callback */ - s->srp_ctx.SRP_give_srp_client_pwd_callback = - ctx->srp_ctx.SRP_give_srp_client_pwd_callback; + s->srp_ctx.SRP_give_srp_client_pwd_callback = ctx->srp_ctx.SRP_give_srp_client_pwd_callback; s->srp_ctx.strength = ctx->srp_ctx.strength; - if (((ctx->srp_ctx.N != NULL) && - ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) || - ((ctx->srp_ctx.g != NULL) && - ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) || - ((ctx->srp_ctx.s != NULL) && - ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) || - ((ctx->srp_ctx.B != NULL) && - ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) || - ((ctx->srp_ctx.A != NULL) && - ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) || - ((ctx->srp_ctx.a != NULL) && - ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) || - ((ctx->srp_ctx.v != NULL) && - ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) || - ((ctx->srp_ctx.b != NULL) && - ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) { + if (((ctx->srp_ctx.N != NULL) && ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) || ((ctx->srp_ctx.g != NULL) && ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) || ((ctx->srp_ctx.s != NULL) && ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) || ((ctx->srp_ctx.B != NULL) && ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) || ((ctx->srp_ctx.A != NULL) && ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) || ((ctx->srp_ctx.a != NULL) && ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) || ((ctx->srp_ctx.v != NULL) && ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) || ((ctx->srp_ctx.b != NULL) && ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) { ERR_raise(ERR_LIB_SSL, ERR_R_BN_LIB); goto err; } - if ((ctx->srp_ctx.login != NULL) && - ((s->srp_ctx.login = OPENSSL_strdup(ctx->srp_ctx.login)) == NULL)) { + if ((ctx->srp_ctx.login != NULL) && ((s->srp_ctx.login = OPENSSL_strdup(ctx->srp_ctx.login)) == NULL)) { ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); goto err; } - if ((ctx->srp_ctx.info != NULL) && - ((s->srp_ctx.info = OPENSSL_strdup(ctx->srp_ctx.info)) == NULL)) { + if ((ctx->srp_ctx.info != NULL) && ((s->srp_ctx.info = OPENSSL_strdup(ctx->srp_ctx.info)) == NULL)) { ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); goto err; } s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask; return 1; - err: +err: OPENSSL_free(s->srp_ctx.login); OPENSSL_free(s->srp_ctx.info); BN_free(s->srp_ctx.N); @@ -190,17 +170,11 @@ int ssl_srp_server_param_with_username_intern(SSL *s, int *ad) int al; *ad = SSL_AD_UNKNOWN_PSK_IDENTITY; - if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) && - ((al = - s->srp_ctx.TLS_ext_srp_username_callback(s, ad, - s->srp_ctx.SRP_cb_arg)) != - SSL_ERROR_NONE)) + if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) && ((al = s->srp_ctx.TLS_ext_srp_username_callback(s, ad, s->srp_ctx.SRP_cb_arg)) != SSL_ERROR_NONE)) return al; *ad = SSL_AD_INTERNAL_ERROR; - if ((s->srp_ctx.N == NULL) || - (s->srp_ctx.g == NULL) || - (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL)) + if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) || (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL)) return SSL3_AL_FATAL; if (RAND_priv_bytes_ex(s->ctx->libctx, b, sizeof(b), 0) <= 0) @@ -210,10 +184,11 @@ int ssl_srp_server_param_with_username_intern(SSL *s, int *ad) /* Calculate: B = (kv + g^b) % N */ - return ((s->srp_ctx.B = - SRP_Calc_B_ex(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, - s->srp_ctx.v, s->ctx->libctx, s->ctx->propq)) != - NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL; + return ((s->srp_ctx.B = SRP_Calc_B_ex(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, + s->srp_ctx.v, s->ctx->libctx, s->ctx->propq)) + != NULL) + ? SSL_ERROR_NONE + : SSL3_AL_FATAL; } int SSL_srp_server_param_with_username(SSL *s, int *ad) @@ -226,7 +201,7 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad) * fly */ int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, - const char *grp) + const char *grp) { SRP_gN *GN = SRP_get_default_gN(grp); if (GN == NULL) @@ -238,15 +213,15 @@ int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, BN_clear_free(s->srp_ctx.s); s->srp_ctx.s = NULL; if (!SRP_create_verifier_BN_ex(user, pass, &s->srp_ctx.s, &s->srp_ctx.v, - s->srp_ctx.N, s->srp_ctx.g, s->ctx->libctx, - s->ctx->propq)) + s->srp_ctx.N, s->srp_ctx.g, s->ctx->libctx, + s->ctx->propq)) return -1; return 1; } int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, - BIGNUM *sa, BIGNUM *v, char *info) + BIGNUM *sa, BIGNUM *v, char *info) { if (N != NULL) { if (s->srp_ctx.N != NULL) { @@ -291,8 +266,7 @@ int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, return -1; } - if (!(s->srp_ctx.N) || - !(s->srp_ctx.g) || !(s->srp_ctx.s) || !(s->srp_ctx.v)) + if (!(s->srp_ctx.N) || !(s->srp_ctx.g) || !(s->srp_ctx.s) || !(s->srp_ctx.v)) return -1; return 1; @@ -307,10 +281,12 @@ int srp_generate_server_master_secret(SSL *s) if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N)) goto err; if ((u = SRP_Calc_u_ex(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N, - s->ctx->libctx, s->ctx->propq)) == NULL) + s->ctx->libctx, s->ctx->propq)) + == NULL) goto err; if ((K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b, - s->srp_ctx.N)) == NULL) + s->srp_ctx.N)) + == NULL) goto err; tmp_len = BN_num_bytes(K); @@ -321,7 +297,7 @@ int srp_generate_server_master_secret(SSL *s) BN_bn2bin(K, tmp); /* Calls SSLfatal() as required */ ret = ssl_generate_master_secret(s, tmp, tmp_len, 1); - err: +err: BN_clear_free(K); BN_clear_free(u); return ret; @@ -339,26 +315,28 @@ int srp_generate_client_master_secret(SSL *s) * Checks if b % n == 0 */ if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0 - || (u = SRP_Calc_u_ex(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N, - s->ctx->libctx, s->ctx->propq)) - == NULL - || s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) { + || (u = SRP_Calc_u_ex(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N, + s->ctx->libctx, s->ctx->propq)) + == NULL + || s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s, - s->srp_ctx.SRP_cb_arg)) - == NULL) { + s->srp_ctx.SRP_cb_arg)) + == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CALLBACK_FAILED); goto err; } if ((x = SRP_Calc_x_ex(s->srp_ctx.s, s->srp_ctx.login, passwd, - s->ctx->libctx, s->ctx->propq)) == NULL - || (K = SRP_Calc_client_key_ex(s->srp_ctx.N, s->srp_ctx.B, - s->srp_ctx.g, x, - s->srp_ctx.a, u, - s->ctx->libctx, - s->ctx->propq)) == NULL) { + s->ctx->libctx, s->ctx->propq)) + == NULL + || (K = SRP_Calc_client_key_ex(s->srp_ctx.N, s->srp_ctx.B, + s->srp_ctx.g, x, + s->srp_ctx.a, u, + s->ctx->libctx, + s->ctx->propq)) + == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -371,7 +349,7 @@ int srp_generate_client_master_secret(SSL *s) BN_bn2bin(K, tmp); /* Calls SSLfatal() as required */ ret = ssl_generate_master_secret(s, tmp, tmp_len, 1); - err: +err: BN_clear_free(K); BN_clear_free(x); if (passwd != NULL) @@ -405,7 +383,7 @@ int srp_verify_server_param(SSL *s) } } else if (!SRP_check_known_gN_param(srp->g, srp->N)) { SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, - SSL_R_INSUFFICIENT_SECURITY); + SSL_R_INSUFFICIENT_SECURITY); return 0; } @@ -464,8 +442,8 @@ char *SSL_get_srp_userinfo(SSL *s) return s->ctx->srp_ctx.info; } -# define tls1_ctx_ctrl ssl3_ctx_ctrl -# define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl +#define tls1_ctx_ctrl ssl3_ctx_ctrl +#define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name) { @@ -480,14 +458,14 @@ int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password) int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength) { return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH, strength, - NULL); + NULL); } int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, - int (*cb) (SSL *, void *)) + int (*cb)(SSL *, void *)) { return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_VERIFY_PARAM_CB, - (void (*)(void))cb); + (void (*)(void))cb); } int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg) @@ -496,17 +474,17 @@ int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg) } int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, - int (*cb) (SSL *, int *, void *)) + int (*cb)(SSL *, int *, void *)) { return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB, - (void (*)(void))cb); + (void (*)(void))cb); } int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, - char *(*cb) (SSL *, void *)) + char *(*cb)(SSL *, void *)) { return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB, - (void (*)(void))cb); + (void (*)(void))cb); } #endif |