GitHub/boringssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reformat the rest of ssl/.

Browse Source 
Change-Id: I7dc264f7e29b3ba8be4c717583467edf71bf8dd9
This commit is contained in:
Adam Langley
2014-12-18 17:42:32 -08:00
parent 4685e87746
commit fcf25833bc
14 changed files with 13909 additions and 14201 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ssl/s3_pkt.c
+986 -1108
View File
File diff suppressed because it is too large Load Diff
ssl/s3_srvr.c
+2325 -2540
View File
File diff suppressed because it is too large Load Diff
ssl/ssl_algs.c
+9 -11
View File
@@ -60,15 +60,13 @@
extern const ERR_STRING_DATA SSL_error_string_data[];
int SSL_library_init(void)
{
CRYPTO_library_init();
SSL_load_error_strings();
return(1);
}
int SSL_library_init(void) {
CRYPTO_library_init();
SSL_load_error_strings();
return 1;
}
void SSL_load_error_strings(void)
{
ERR_load_crypto_strings();
ERR_load_strings(SSL_error_string_data);
}
void SSL_load_error_strings(void) {
ERR_load_crypto_strings();
ERR_load_strings(SSL_error_string_data);
}
ssl/ssl_cert.c
+824 -864
View File
File diff suppressed because it is too large Load Diff
ssl/ssl_ciph.c
+1092 -1118
View File
File diff suppressed because it is too large Load Diff
ssl/ssl_lib.c
+2519 -2658
View File
File diff suppressed because it is too large Load Diff
ssl/ssl_locl.h
+486 -517
View File
File diff suppressed because it is too large Load Diff
ssl/ssl_rsa.c
+634 -687
View File
File diff suppressed because it is too large Load Diff
ssl/ssl_sess.c
+668 -693
View File
File diff suppressed because it is too large Load Diff
ssl/ssl_stat.c
+906 -363
View File
File diff suppressed because it is too large Load Diff
ssl/ssl_txt.c
+120 -92
View File
@@ -89,102 +89,130 @@
#include "ssl_locl.h"
int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
{
BIO *b;
int ret;
if ((b=BIO_new(BIO_s_file())) == NULL)
{
OPENSSL_PUT_ERROR(SSL, SSL_SESSION_print_fp, ERR_R_BUF_LIB);
return(0);
}
BIO_set_fp(b,fp,BIO_NOCLOSE);
ret=SSL_SESSION_print(b,x);
BIO_free(b);
return(ret);
}
int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) {
BIO *b;
int ret;
int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
{
unsigned int i;
const char *s;
b = BIO_new(BIO_s_file());
if (b == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_SESSION_print_fp, ERR_R_BUF_LIB);
return 0;
}
if (x == NULL) goto err;
if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
if (x->ssl_version == SSL3_VERSION)
s="SSLv3";
else if (x->ssl_version == TLS1_2_VERSION)
s="TLSv1.2";
else if (x->ssl_version == TLS1_1_VERSION)
s="TLSv1.1";
else if (x->ssl_version == TLS1_VERSION)
s="TLSv1";
else if (x->ssl_version == DTLS1_VERSION)
s="DTLSv1";
else if (x->ssl_version == DTLS1_2_VERSION)
s="DTLSv1.2";
else
s="unknown";
if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err;
BIO_set_fp(b, fp, BIO_NOCLOSE);
ret = SSL_SESSION_print(b, x);
BIO_free(b);
return ret;
}
if (x->cipher == NULL)
{
if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0)
goto err;
}
else
{
if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
goto err;
}
if (BIO_puts(bp," Session-ID: ") <= 0) goto err;
for (i=0; i<x->session_id_length; i++)
{
if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
}
if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err;
for (i=0; i<x->sid_ctx_length; i++)
{
if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)
goto err;
}
if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err;
for (i=0; i<(unsigned int)x->master_key_length; i++)
{
if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
}
if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err;
if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err;
if (x->tlsext_tick_lifetime_hint)
{
if (BIO_printf(bp,
"\n TLS session ticket lifetime hint: %" PRIu32 " (seconds)",
x->tlsext_tick_lifetime_hint) <=0)
goto err;
}
if (x->tlsext_tick)
{
if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err;
if (BIO_hexdump(bp, x->tlsext_tick, x->tlsext_ticklen, 4) <= 0)
goto err;
}
int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) {
unsigned int i;
const char *s;
if (x->time != 0L)
{
if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err;
}
if (x->timeout != 0L)
{
if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err;
}
if (BIO_puts(bp,"\n") <= 0) goto err;
if (x == NULL ||
BIO_puts(bp, "SSL-Session:\n") <= 0) {
goto err;
}
if (x->ssl_version == SSL3_VERSION) {
s = "SSLv3";
} else if (x->ssl_version == TLS1_2_VERSION) {
s = "TLSv1.2";
} else if (x->ssl_version == TLS1_1_VERSION) {
s = "TLSv1.1";
} else if (x->ssl_version == TLS1_VERSION) {
s = "TLSv1";
} else if (x->ssl_version == DTLS1_VERSION) {
s = "DTLSv1";
} else if (x->ssl_version == DTLS1_2_VERSION) {
s = "DTLSv1.2";
} else {
s = "unknown";
}
if (BIO_printf(bp, " Protocol : %s\n", s) <= 0) {
goto err;
}
if (x->cipher == NULL) {
if (BIO_printf(bp, " Cipher : %06lX\n", x->cipher_id & 0xffffff) <=
0) {
goto err;
}
} else {
if (BIO_printf(bp, " Cipher : %s\n",
((x->cipher == NULL) ? "unknown" : x->cipher->name)) <= 0) {
goto err;
}
}
if (BIO_puts(bp, " Session-ID: ") <= 0) {
goto err;
}
for (i = 0; i < x->session_id_length; i++) {
if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
goto err;
}
if (BIO_puts(bp, "\n Session-ID-ctx: ") <= 0) {
goto err;
}
for (i = 0; i < x->sid_ctx_length; i++) {
if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) {
goto err;
}
}
if (BIO_puts(bp, "\n Master-Key: ") <= 0) {
goto err;
}
for (i = 0; i < (unsigned int)x->master_key_length; i++) {
if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) {
goto err;
}
}
if (BIO_puts(bp, "\n PSK identity: ") <= 0 ||
BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) {
goto err;
}
if (x->tlsext_tick_lifetime_hint &&
BIO_printf(bp, "\n TLS session ticket lifetime hint: %" PRIu32
" (seconds)",
x->tlsext_tick_lifetime_hint) <= 0) {
goto err;
}
if (x->tlsext_tick) {
if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0 ||
BIO_hexdump(bp, x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) {
goto err;
}
}
if (x->time != 0L && BIO_printf(bp, "\n Start Time: %ld", x->time) <= 0) {
goto err;
}
if (x->timeout != 0L &&
BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0) {
goto err;
}
if (BIO_puts(bp, "\n") <= 0 ||
BIO_puts(bp, " Verify return code: ") <= 0 ||
BIO_printf(bp, "%ld (%s)\n", x->verify_result,
X509_verify_cert_error_string(x->verify_result)) <= 0) {
goto err;
}
return 1;
if (BIO_puts(bp, " Verify return code: ") <= 0) goto err;
if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;
return(1);
err:
return(0);
}
return 0;
}
ssl/t1_enc.c
+1016 -1061
View File
File diff suppressed because it is too large Load Diff
ssl/t1_lib.c
+2212 -2362
View File
File diff suppressed because it is too large Load Diff
ssl/t1_reneg.c
+112 -127
View File
@@ -115,148 +115,133 @@
#include "ssl_locl.h"
/* Add the client's renegotiation binding */
int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
int maxlen)
{
if(p)
{
if((s->s3->previous_client_finished_len+1) > maxlen)
{
OPENSSL_PUT_ERROR(SSL, ssl_add_clienthello_renegotiate_ext, SSL_R_RENEGOTIATE_EXT_TOO_LONG);
return 0;
}
/* Length byte */
*p = s->s3->previous_client_finished_len;
p++;
memcpy(p, s->s3->previous_client_finished,
s->s3->previous_client_finished_len);
#ifdef OPENSSL_RI_DEBUG
fprintf(stderr, "%s RI extension sent by client\n",
s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
#endif
}
*len=s->s3->previous_client_finished_len + 1;
return 1;
int maxlen) {
if (p) {
if (s->s3->previous_client_finished_len + 1 > maxlen) {
OPENSSL_PUT_ERROR(SSL, ssl_add_clienthello_renegotiate_ext,
SSL_R_RENEGOTIATE_EXT_TOO_LONG);
return 0;
}
/* Parse the client's renegotiation binding and abort if it's not
right */
int ssl_parse_clienthello_renegotiate_ext(SSL *s, CBS *cbs, int *out_alert)
{
CBS renegotiated_connection;
/* Length byte */
*p = s->s3->previous_client_finished_len;
p++;
if (!CBS_get_u8_length_prefixed(cbs, &renegotiated_connection) ||
CBS_len(cbs) != 0)
{
OPENSSL_PUT_ERROR(SSL, ssl_parse_clienthello_renegotiate_ext, SSL_R_RENEGOTIATION_ENCODING_ERR);
*out_alert = SSL_AD_DECODE_ERROR;
return 0;
}
memcpy(p, s->s3->previous_client_finished,
s->s3->previous_client_finished_len);
}
/* Check that the extension matches */
if (!CBS_mem_equal(&renegotiated_connection,
s->s3->previous_client_finished,
s->s3->previous_client_finished_len))
{
OPENSSL_PUT_ERROR(SSL, ssl_parse_clienthello_renegotiate_ext, SSL_R_RENEGOTIATION_MISMATCH);
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
*len = s->s3->previous_client_finished_len + 1;
s->s3->send_connection_binding = 1;
return 1;
}
return 1;
}
/* Parse the client's renegotiation binding and abort if it's not right */
int ssl_parse_clienthello_renegotiate_ext(SSL *s, CBS *cbs, int *out_alert) {
CBS renegotiated_connection;
if (!CBS_get_u8_length_prefixed(cbs, &renegotiated_connection) ||
CBS_len(cbs) != 0) {
OPENSSL_PUT_ERROR(SSL, ssl_parse_clienthello_renegotiate_ext,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*out_alert = SSL_AD_DECODE_ERROR;
return 0;
}
/* Check that the extension matches */
if (!CBS_mem_equal(&renegotiated_connection, s->s3->previous_client_finished,
s->s3->previous_client_finished_len)) {
OPENSSL_PUT_ERROR(SSL, ssl_parse_clienthello_renegotiate_ext,
SSL_R_RENEGOTIATION_MISMATCH);
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
s->s3->send_connection_binding = 1;
return 1;
}
/* Add the server's renegotiation binding */
int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
int maxlen)
{
if(p)
{
if((s->s3->previous_client_finished_len +
s->s3->previous_server_finished_len + 1) > maxlen)
{
OPENSSL_PUT_ERROR(SSL, ssl_add_serverhello_renegotiate_ext, SSL_R_RENEGOTIATE_EXT_TOO_LONG);
return 0;
}
/* Length byte */
*p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len;
p++;
memcpy(p, s->s3->previous_client_finished,
s->s3->previous_client_finished_len);
p += s->s3->previous_client_finished_len;
memcpy(p, s->s3->previous_server_finished,
s->s3->previous_server_finished_len);
#ifdef OPENSSL_RI_DEBUG
fprintf(stderr, "%s RI extension sent by server\n",
s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
#endif
}
*len=s->s3->previous_client_finished_len
+ s->s3->previous_server_finished_len + 1;
return 1;
int maxlen) {
if (p) {
if (s->s3->previous_client_finished_len +
s->s3->previous_server_finished_len + 1 >
maxlen) {
OPENSSL_PUT_ERROR(SSL, ssl_add_serverhello_renegotiate_ext,
SSL_R_RENEGOTIATE_EXT_TOO_LONG);
return 0;
}
/* Parse the server's renegotiation binding and abort if it's not
right */
int ssl_parse_serverhello_renegotiate_ext(SSL *s, CBS *cbs, int *out_alert)
{
int expected_len=s->s3->previous_client_finished_len
+ s->s3->previous_server_finished_len;
CBS renegotiated_connection;
const uint8_t *d;
/* Length byte */
*p = s->s3->previous_client_finished_len +
s->s3->previous_server_finished_len;
p++;
/* Check for logic errors */
assert(!expected_len || s->s3->previous_client_finished_len);
assert(!expected_len || s->s3->previous_server_finished_len);
memcpy(p, s->s3->previous_client_finished,
s->s3->previous_client_finished_len);
p += s->s3->previous_client_finished_len;
/* Parse out the extension contents. */
if (!CBS_get_u8_length_prefixed(cbs, &renegotiated_connection) ||
CBS_len(cbs) != 0)
{
OPENSSL_PUT_ERROR(SSL, ssl_parse_serverhello_renegotiate_ext, SSL_R_RENEGOTIATION_ENCODING_ERR);
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
/* Check that the extension matches. */
if(CBS_len(&renegotiated_connection) != expected_len)
{
OPENSSL_PUT_ERROR(SSL, ssl_parse_serverhello_renegotiate_ext, SSL_R_RENEGOTIATION_MISMATCH);
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
memcpy(p, s->s3->previous_server_finished,
s->s3->previous_server_finished_len);
}
d = CBS_data(&renegotiated_connection);
if(memcmp(d, s->s3->previous_client_finished,
s->s3->previous_client_finished_len))
{
OPENSSL_PUT_ERROR(SSL, ssl_parse_serverhello_renegotiate_ext, SSL_R_RENEGOTIATION_MISMATCH);
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
d += s->s3->previous_client_finished_len;
*len = s->s3->previous_client_finished_len +
s->s3->previous_server_finished_len + 1;
if(memcmp(d, s->s3->previous_server_finished,
s->s3->previous_server_finished_len))
{
OPENSSL_PUT_ERROR(SSL, ssl_parse_serverhello_renegotiate_ext, SSL_R_RENEGOTIATION_MISMATCH);
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
s->s3->send_connection_binding = 1;
return 1;
}
return 1;
}
/* Parse the server's renegotiation binding and abort if it's not right */
int ssl_parse_serverhello_renegotiate_ext(SSL *s, CBS *cbs, int *out_alert) {
int expected_len =
s->s3->previous_client_finished_len + s->s3->previous_server_finished_len;
CBS renegotiated_connection;
const uint8_t *d;
/* Check for logic errors */
assert(!expected_len || s->s3->previous_client_finished_len);
assert(!expected_len || s->s3->previous_server_finished_len);
/* Parse out the extension contents. */
if (!CBS_get_u8_length_prefixed(cbs, &renegotiated_connection) ||
CBS_len(cbs) != 0) {
OPENSSL_PUT_ERROR(SSL, ssl_parse_serverhello_renegotiate_ext,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
/* Check that the extension matches. */
if (CBS_len(&renegotiated_connection) != expected_len) {
OPENSSL_PUT_ERROR(SSL, ssl_parse_serverhello_renegotiate_ext,
SSL_R_RENEGOTIATION_MISMATCH);
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
d = CBS_data(&renegotiated_connection);
if (memcmp(d, s->s3->previous_client_finished,
s->s3->previous_client_finished_len)) {
OPENSSL_PUT_ERROR(SSL, ssl_parse_serverhello_renegotiate_ext,
SSL_R_RENEGOTIATION_MISMATCH);
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
d += s->s3->previous_client_finished_len;
if (memcmp(d, s->s3->previous_server_finished,
s->s3->previous_server_finished_len)) {
OPENSSL_PUT_ERROR(SSL, ssl_parse_serverhello_renegotiate_ext,
SSL_R_RENEGOTIATION_MISMATCH);
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
s->s3->send_connection_binding = 1;
return 1;
}