From e8aa8b6c8f6d4e2b2bbd5e5721d977b0a6aa3cee Mon Sep 17 00:00:00 2001 From: FdaSilvaYY Date: Wed, 29 Jun 2016 00:18:50 +0200 Subject: [PATCH] Fix a few if(, for(, while( inside code. Fix some indentation at the same time Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1292) --- apps/apps.c | 4 +- apps/s_server.c | 6 +- crypto/aes/aes_core.c | 8 +- crypto/async/arch/async_win.c | 2 +- crypto/async/async.c | 4 +- crypto/bio/bss_mem.c | 8 +- crypto/bn/bn_lcl.h | 30 ++--- crypto/include/internal/evp_int.h | 37 +++--- crypto/o_fopen.c | 2 +- crypto/x509/x_x509a.c | 2 +- include/openssl/engine.h | 14 +-- ssl/d1_lib.c | 12 +- ssl/record/rec_layer_s3.c | 4 +- ssl/record/ssl3_record.c | 10 +- ssl/ssl_lib.c | 14 +-- ssl/ssl_sess.c | 4 +- ssl/statem/statem.c | 28 ++--- ssl/statem/statem_dtls.c | 2 +- ssl/statem/statem_lib.c | 11 +- ssl/statem/statem_srvr.c | 192 +++++++++++++++--------------- test/asynctest.c | 2 +- test/verify_extra_test.c | 2 +- 22 files changed, 201 insertions(+), 197 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 32304255f7..746f565a90 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1193,7 +1193,7 @@ X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath) if (store == NULL) goto end; - if(CAfile != NULL || !noCAfile) { + if (CAfile != NULL || !noCAfile) { lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); if (lookup == NULL) goto end; @@ -1206,7 +1206,7 @@ X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath) X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); } - if(CApath != NULL || !noCApath) { + if (CApath != NULL || !noCApath) { lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); if (lookup == NULL) goto end; diff --git a/apps/s_server.c b/apps/s_server.c index d545546f29..cd7155bf93 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2465,7 +2465,7 @@ static int init_ssl_connection(SSL *con) int retry = 0; #ifndef OPENSSL_NO_DTLS - if(dtlslisten) { + if (dtlslisten) { BIO_ADDR *client = NULL; if ((client = BIO_ADDR_new()) == NULL) { @@ -2478,11 +2478,11 @@ static int init_ssl_connection(SSL *con) int fd = -1; wbio = SSL_get_wbio(con); - if(wbio) { + if (wbio) { BIO_get_fd(wbio, &fd); } - if(!wbio || BIO_connect(fd, client, 0) == 0) { + if (!wbio || BIO_connect(fd, client, 0) == 0) { BIO_printf(bio_err, "ERROR - unable to connect\n"); BIO_ADDR_free(client); return 0; diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index 69be3d85c7..bd5c7793be 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -644,9 +644,9 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk = key->rd_key; - if (bits==128) + if (bits == 128) key->rounds = 10; - else if (bits==192) + else if (bits == 192) key->rounds = 12; else key->rounds = 14; @@ -1222,9 +1222,9 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk = key->rd_key; - if (bits==128) + if (bits == 128) key->rounds = 10; - else if (bits==192) + else if (bits == 192) key->rounds = 12; else key->rounds = 14; diff --git a/crypto/async/arch/async_win.c b/crypto/async/arch/async_win.c index 37a3111052..077d56ced0 100644 --- a/crypto/async/arch/async_win.c +++ b/crypto/async/arch/async_win.c @@ -25,7 +25,7 @@ void async_local_cleanup(void) async_ctx *ctx = async_get_ctx(); if (ctx != NULL) { async_fibre *fibre = &ctx->dispatcher; - if(fibre != NULL && fibre->fibre != NULL && fibre->converted) { + if (fibre != NULL && fibre->fibre != NULL && fibre->converted) { ConvertFiberToThread(); fibre->fibre = NULL; } diff --git a/crypto/async/async.c b/crypto/async/async.c index 965a1954f9..8c699af78e 100644 --- a/crypto/async/async.c +++ b/crypto/async/async.c @@ -396,7 +396,7 @@ ASYNC_JOB *ASYNC_get_current_job(void) async_ctx *ctx; ctx = async_get_ctx(); - if(ctx == NULL) + if (ctx == NULL) return NULL; return ctx->currjob; @@ -428,6 +428,6 @@ void ASYNC_unblock_pause(void) */ return; } - if(ctx->blocked > 0) + if (ctx->blocked > 0) ctx->blocked--; } diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index 80da3a1e09..a61ab7cc64 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -144,12 +144,12 @@ static int mem_buf_free(BIO *a, int free_all) BUF_MEM *b; BIO_BUF_MEM *bb = (BIO_BUF_MEM *)a->ptr; - if(bb != NULL) { + if (bb != NULL) { b = bb->buf; if (a->flags & BIO_FLAGS_MEM_RDONLY) b->data = NULL; BUF_MEM_free(b); - if(free_all) { + if (free_all) { OPENSSL_free(bb->readp); OPENSSL_free(bb); } @@ -165,10 +165,10 @@ static int mem_buf_free(BIO *a, int free_all) */ static int mem_buf_sync(BIO *b) { - if((b != NULL) && (b->init) && (b->ptr != NULL)) { + if (b != NULL && b->init != 0 && b->ptr != NULL) { BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; - if(bbm->readp->data != bbm->buf->data) { + if (bbm->readp->data != bbm->buf->data) { memmove(bbm->buf->data, bbm->readp->data, bbm->readp->length); bbm->buf->length = bbm->readp->length; bbm->readp->data = bbm->buf->data; diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index ebf17b068d..157dadc872 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -157,18 +157,18 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); # endif # define bn_pollute(a) \ do { \ - const BIGNUM *_bnum1 = (a); \ - if(_bnum1->top < _bnum1->dmax) { \ - unsigned char _tmp_char; \ - /* We cast away const without the compiler knowing, any \ - * *genuinely* constant variables that aren't mutable \ - * wouldn't be constructed with top!=dmax. */ \ - BN_ULONG *_not_const; \ - memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \ - RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\ - memset(_not_const + _bnum1->top, _tmp_char, \ - sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \ - } \ + const BIGNUM *_bnum1 = (a); \ + if (_bnum1->top < _bnum1->dmax) { \ + unsigned char _tmp_char; \ + /* We cast away const without the compiler knowing, any \ + * *genuinely* constant variables that aren't mutable \ + * wouldn't be constructed with top!=dmax. */ \ + BN_ULONG *_not_const; \ + memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \ + RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\ + memset(_not_const + _bnum1->top, _tmp_char, \ + sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \ + } \ } while(0) # ifdef BN_DEBUG_TRIX # undef RAND_pseudo_bytes @@ -257,9 +257,9 @@ struct bn_gencb_st { unsigned int ver; /* To handle binary (in)compatibility */ void *arg; /* callback-specific data */ union { - /* if(ver==1) - handles old style callbacks */ + /* if (ver==1) - handles old style callbacks */ void (*cb_1) (int, int, void *); - /* if(ver==2) - new callback style */ + /* if (ver==2) - new callback style */ int (*cb_2) (int, int, BN_GENCB *); } cb; }; @@ -678,7 +678,7 @@ static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits) if (bits > (INT_MAX - BN_BITS2 + 1)) return NULL; - if(((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) + if (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) return a; return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2); diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index 1c35319921..2e4ca02eab 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -138,9 +138,9 @@ struct evp_cipher_st { #define BLOCK_CIPHER_ecb_loop() \ size_t i, bl; \ bl = EVP_CIPHER_CTX_cipher(ctx)->block_size; \ - if(inl < bl) return 1;\ + if (inl < bl) return 1;\ inl -= bl; \ - for(i=0; i <= inl; i+=bl) + for (i=0; i <= inl; i+=bl) #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ @@ -189,20 +189,25 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ {\ - size_t chunk=EVP_MAXCHUNK;\ - if (cbits==1) chunk>>=3;\ - if (inl=chunk)\ - {\ - int num = EVP_CIPHER_CTX_num(ctx);\ - cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx)); \ - EVP_CIPHER_CTX_set_num(ctx, num);\ - inl-=chunk;\ - in +=chunk;\ - out+=chunk;\ - if(inl>= 3;\ + if (inl < chunk) chunk = inl;\ + while (inl && inl >= chunk)\ + {\ + int num = EVP_CIPHER_CTX_num(ctx);\ + cprefix##_cfb##cbits##_encrypt(in, out, (long) \ + ((cbits == 1) \ + && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \ + ? inl*8 : inl), \ + &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\ + &num, EVP_CIPHER_CTX_encrypting(ctx));\ + EVP_CIPHER_CTX_set_num(ctx, num);\ + inl -= chunk;\ + in += chunk;\ + out += chunk;\ + if (inl < chunk) chunk = inl;\ + }\ + return 1;\ } #define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ diff --git a/crypto/o_fopen.c b/crypto/o_fopen.c index 0bdb53fe53..a3a006574d 100644 --- a/crypto/o_fopen.c +++ b/crypto/o_fopen.c @@ -69,7 +69,7 @@ FILE *openssl_fopen(const char *filename, const char *mode) if (newname == NULL) return NULL; - for(iterator = newname, lastchar = '\0'; + for (iterator = newname, lastchar = '\0'; *filename; filename++, iterator++) { if (lastchar == '/' && filename[0] == '.' && filename[1] != '.' && filename[1] != '/') { diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c index 2efa214cb2..67b01a72a8 100644 --- a/crypto/x509/x_x509a.c +++ b/crypto/x509/x_x509a.c @@ -76,7 +76,7 @@ int X509_keyid_set1(X509 *x, unsigned char *id, int len) } if ((aux = aux_get(x)) == NULL) return 0; - if (aux->keyid ==NULL + if (aux->keyid == NULL && (aux->keyid = ASN1_OCTET_STRING_new()) == NULL) return 0; return ASN1_STRING_set(aux->keyid, id, len); diff --git a/include/openssl/engine.h b/include/openssl/engine.h index b1e5c1f7d2..21c6961286 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -696,7 +696,7 @@ typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); # define IMPLEMENT_DYNAMIC_CHECK_FN() \ OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ - if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ + if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ return 0; } /* @@ -724,13 +724,13 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ OPENSSL_EXPORT \ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ - if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ - CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ - fns->mem_fns.realloc_fn, \ - fns->mem_fns.free_fn); \ + if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ + CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ + fns->mem_fns.realloc_fn, \ + fns->mem_fns.free_fn); \ skip_cbs: \ - if(!fn(e,id)) return 0; \ - return 1; } + if (!fn(e, id)) return 0; \ + return 1; } /* * If the loading application (or library) and the loaded ENGINE library diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index a20f30a5c2..0a985551b8 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -433,7 +433,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) rbio = SSL_get_rbio(s); wbio = SSL_get_wbio(s); - if(!rbio || !wbio) { + if (!rbio || !wbio) { SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BIO_NOT_SET); return -1; } @@ -487,7 +487,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH); if (n <= 0) { - if(BIO_should_retry(rbio)) { + if (BIO_should_retry(rbio)) { /* Non-blocking IO */ goto end; } @@ -581,7 +581,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) } /* Message sequence number can only be 0 or 1 */ - if(msgseq > 2) { + if (msgseq > 2) { SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_INVALID_SEQUENCE_NUMBER); goto end; } @@ -752,14 +752,14 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) * maybe they're not. We ignore errors here - some BIOs do not * support this. */ - if(BIO_dgram_get_peer(rbio, tmpclient) > 0) { + if (BIO_dgram_get_peer(rbio, tmpclient) > 0) { (void)BIO_dgram_set_peer(wbio, tmpclient); } BIO_ADDR_free(tmpclient); tmpclient = NULL; if (BIO_write(wbio, buf, reclen) < (int)reclen) { - if(BIO_should_retry(wbio)) { + if (BIO_should_retry(wbio)) { /* * Non-blocking IO...but we're stateless, so we're just * going to drop this packet. @@ -770,7 +770,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) } if (BIO_flush(wbio) <= 0) { - if(BIO_should_retry(wbio)) { + if (BIO_should_retry(wbio)) { /* * Non-blocking IO...but we're stateless, so we're just * going to drop this packet. diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 9461284195..b56291359b 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -60,7 +60,7 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl) rl->wpend_buf = NULL; SSL3_BUFFER_clear(&rl->rbuf); - for(pipes = 0; pipes < rl->numwpipes; pipes++) + for (pipes = 0; pipes < rl->numwpipes; pipes++) SSL3_BUFFER_clear(&rl->wbuf[pipes]); rl->numwpipes = 0; rl->numrpipes = 0; @@ -1186,7 +1186,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, goto f_err; } - if(s->method->version == TLS_ANY_VERSION + if (s->method->version == TLS_ANY_VERSION && (s->server || rr->type != SSL3_RT_ALERT)) { /* * If we've got this far and still haven't decided on what version diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 3630cd900a..b4d89811fe 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -291,7 +291,7 @@ int ssl3_get_record(SSL *s) * or s->packet_length == SSL2_RT_HEADER_LENGTH + rr->length * and we have that many bytes in s->packet */ - if(rr[num_recs].rec_version == SSL2_VERSION) { + if (rr[num_recs].rec_version == SSL2_VERSION) { rr[num_recs].input = &(RECORD_LAYER_get_packet(&s->rlayer)[SSL2_RT_HEADER_LENGTH]); } else { @@ -703,8 +703,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ds)); if (n_recs > 1) { - if(!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) - & EVP_CIPH_FLAG_PIPELINE)) { + if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) + & EVP_CIPH_FLAG_PIPELINE)) { /* * We shouldn't have been called with pipeline data if the * cipher doesn't support pipelining @@ -777,7 +777,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) unsigned char *data[SSL_MAX_PIPELINES]; /* Set the output buffers */ - for(ctr = 0; ctr < n_recs; ctr++) { + for (ctr = 0; ctr < n_recs; ctr++) { data[ctr] = recs[ctr].data; } if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS, @@ -785,7 +785,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE); } /* Set the input buffers */ - for(ctr = 0; ctr < n_recs; ctr++) { + for (ctr = 0; ctr < n_recs; ctr++) { data[ctr] = recs[ctr].input; } if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4fafd18987..bf63a6c4b8 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1393,7 +1393,7 @@ int SSL_check_private_key(const SSL *ssl) int SSL_waiting_for_async(SSL *s) { - if(s->job) + if (s->job) return 1; return 0; @@ -1452,7 +1452,7 @@ static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, if (s->waitctx == NULL) return -1; } - switch(ASYNC_start_job(&s->job, s->waitctx, &ret, func, args, + switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args, sizeof(struct ssl_async_args))) { case ASYNC_ERR: s->rwstate = SSL_NOTHING; @@ -1509,7 +1509,7 @@ int SSL_read(SSL *s, void *buf, int num) return (0); } - if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; args.s = s; @@ -1534,7 +1534,7 @@ int SSL_peek(SSL *s, void *buf, int num) if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { return (0); } - if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; args.s = s; @@ -1562,7 +1562,7 @@ int SSL_write(SSL *s, const void *buf, int num) return (-1); } - if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; args.s = s; @@ -1592,7 +1592,7 @@ int SSL_shutdown(SSL *s) } if (!SSL_in_init(s)) { - if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; args.s = s; @@ -2983,7 +2983,7 @@ int SSL_do_handshake(SSL *s) s->method->ssl_renegotiate_check(s); if (SSL_in_init(s) || SSL_in_before(s)) { - if((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; args.s = s; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 74250c2d13..44bc8a377b 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -174,7 +174,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) } #endif - if(src->ciphers != NULL) { + if (src->ciphers != NULL) { dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); if (dest->ciphers == NULL) goto err; @@ -210,7 +210,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) if (ticket != 0) { dest->tlsext_tick = OPENSSL_memdup(src->tlsext_tick, src->tlsext_ticklen); - if(dest->tlsext_tick == NULL) + if (dest->tlsext_tick == NULL) goto err; } else { dest->tlsext_tick_lifetime_hint = 0; diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index c34110b0ca..9bfd29dcd1 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -380,8 +380,8 @@ static int state_machine(SSL *s, int server) st->read_state_first_init = 1; } - while(st->state != MSG_FLOW_FINISHED) { - if(st->state == MSG_FLOW_READING) { + while (st->state != MSG_FLOW_FINISHED) { + if (st->state == MSG_FLOW_READING) { ssret = read_state_machine(s); if (ssret == SUB_STATE_FINISHED) { st->state = MSG_FLOW_WRITING; @@ -484,7 +484,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) { cb = get_callback(s); - if(s->server) { + if (s->server) { transition = ossl_statem_server_read_transition; process_message = ossl_statem_server_process_message; max_message_size = ossl_statem_server_max_message_size; @@ -501,8 +501,8 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) { st->read_state_first_init = 0; } - while(1) { - switch(st->read_state) { + while (1) { + switch (st->read_state) { case READ_STATE_HEADER: /* Get the state the peer wants to move to */ if (SSL_IS_DTLS(s)) { @@ -530,7 +530,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) { * Validate that we are allowed to move to the new state and move * to that state if so */ - if(!transition(s, mt)) { + if (!transition(s, mt)) { ossl_statem_set_error(s); return SUB_STATE_ERROR; } @@ -586,7 +586,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) { case READ_STATE_POST_PROCESS: st->read_state_work = post_process_message(s, st->read_state_work); - switch(st->read_state_work) { + switch (st->read_state_work) { default: return SUB_STATE_ERROR; @@ -683,7 +683,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) cb = get_callback(s); - if(s->server) { + if (s->server) { transition = ossl_statem_server_write_transition; pre_work = ossl_statem_server_pre_work; post_work = ossl_statem_server_post_work; @@ -695,8 +695,8 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) construct_message = ossl_statem_client_construct_message; } - while(1) { - switch(st->write_state) { + while (1) { + switch (st->write_state) { case WRITE_STATE_TRANSITION: if (cb != NULL) { /* Notify callback of an impending state change */ @@ -705,7 +705,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) else cb(s, SSL_CB_CONNECT_LOOP, 1); } - switch(transition(s)) { + switch (transition(s)) { case WRITE_TRAN_CONTINUE: st->write_state = WRITE_STATE_PRE_WORK; st->write_state_work = WORK_MORE_A; @@ -721,7 +721,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) break; case WRITE_STATE_PRE_WORK: - switch(st->write_state_work = pre_work(s, st->write_state_work)) { + switch (st->write_state_work = pre_work(s, st->write_state_work)) { default: return SUB_STATE_ERROR; @@ -732,7 +732,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) case WORK_FINISHED_STOP: return SUB_STATE_END_HANDSHAKE; } - if(construct_message(s) == 0) + if (construct_message(s) == 0) return SUB_STATE_ERROR; /* Fall through */ @@ -750,7 +750,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) /* Fall through */ case WRITE_STATE_POST_WORK: - switch(st->write_state_work = post_work(s, st->write_state_work)) { + switch (st->write_state_work = post_work(s, st->write_state_work)) { default: return SUB_STATE_ERROR; diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 3979bf3835..5929113b30 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -728,7 +728,7 @@ static int dtls_get_reassembled_message(SSL *s, long *len) *len = i; return 0; } - if(recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) { + if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) { if (wire[0] != SSL3_MT_CCS) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 258b897a52..df07800e65 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -401,15 +401,14 @@ int tls_get_message_header(SSL *s, int *mt) *mt = *p; s->s3->tmp.message_type = *(p++); - if(RECORD_LAYER_is_sslv2_record(&s->rlayer)) { + if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) { /* * Only happens with SSLv3+ in an SSLv2 backward compatible * ClientHello + * + * Total message size is the remaining record bytes to read + * plus the SSL3_HM_HEADER_LENGTH bytes that we already read */ - /* - * Total message size is the remaining record bytes to read - * plus the SSL3_HM_HEADER_LENGTH bytes that we already read - */ l = RECORD_LAYER_get_rrec_length(&s->rlayer) + SSL3_HM_HEADER_LENGTH; if (l && !BUF_MEM_grow_clean(s->init_buf, (int)l)) { @@ -482,7 +481,7 @@ int tls_get_message_body(SSL *s, unsigned long *len) #endif /* Feed this message into MAC computation. */ - if(RECORD_LAYER_is_sslv2_record(&s->rlayer)) { + if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) { if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num)) { SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 07a80f9147..e56d79121d 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -81,7 +81,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) { OSSL_STATEM *st = &s->statem; - switch(st->hand_state) { + switch (st->hand_state) { case TLS_ST_BEFORE: case DTLS_ST_SW_HELLO_VERIFY_REQUEST: if (mt == SSL3_MT_CLIENT_HELLO) { @@ -311,113 +311,113 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) { OSSL_STATEM *st = &s->statem; - switch(st->hand_state) { - case TLS_ST_BEFORE: - /* Just go straight to trying to read from the client */; - return WRITE_TRAN_FINISHED; - - case TLS_ST_OK: - /* We must be trying to renegotiate */ - st->hand_state = TLS_ST_SW_HELLO_REQ; - return WRITE_TRAN_CONTINUE; - - case TLS_ST_SW_HELLO_REQ: - st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); - return WRITE_TRAN_CONTINUE; + switch (st->hand_state) { + case TLS_ST_BEFORE: + /* Just go straight to trying to read from the client */; + return WRITE_TRAN_FINISHED; - case TLS_ST_SR_CLNT_HELLO: - if (SSL_IS_DTLS(s) && !s->d1->cookie_verified - && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) - st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST; - else - st->hand_state = TLS_ST_SW_SRVR_HELLO; - return WRITE_TRAN_CONTINUE; + case TLS_ST_OK: + /* We must be trying to renegotiate */ + st->hand_state = TLS_ST_SW_HELLO_REQ; + return WRITE_TRAN_CONTINUE; - case DTLS_ST_SW_HELLO_VERIFY_REQUEST: - return WRITE_TRAN_FINISHED; + case TLS_ST_SW_HELLO_REQ: + st->hand_state = TLS_ST_OK; + ossl_statem_set_in_init(s, 0); + return WRITE_TRAN_CONTINUE; - case TLS_ST_SW_SRVR_HELLO: - if (s->hit) { - if (s->tlsext_ticket_expected) - st->hand_state = TLS_ST_SW_SESSION_TICKET; - else - st->hand_state = TLS_ST_SW_CHANGE; - } else { - /* Check if it is anon DH or anon ECDH, */ - /* normal PSK or SRP */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & - (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { - st->hand_state = TLS_ST_SW_CERT; - } else if (send_server_key_exchange(s)) { - st->hand_state = TLS_ST_SW_KEY_EXCH; - } else if (send_certificate_request(s)) { - st->hand_state = TLS_ST_SW_CERT_REQ; - } else { - st->hand_state = TLS_ST_SW_SRVR_DONE; - } - } - return WRITE_TRAN_CONTINUE; + case TLS_ST_SR_CLNT_HELLO: + if (SSL_IS_DTLS(s) && !s->d1->cookie_verified + && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) + st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST; + else + st->hand_state = TLS_ST_SW_SRVR_HELLO; + return WRITE_TRAN_CONTINUE; - case TLS_ST_SW_CERT: - if (s->tlsext_status_expected) { - st->hand_state = TLS_ST_SW_CERT_STATUS; - return WRITE_TRAN_CONTINUE; - } - /* Fall through */ + case DTLS_ST_SW_HELLO_VERIFY_REQUEST: + return WRITE_TRAN_FINISHED; - case TLS_ST_SW_CERT_STATUS: - if (send_server_key_exchange(s)) { + case TLS_ST_SW_SRVR_HELLO: + if (s->hit) { + if (s->tlsext_ticket_expected) + st->hand_state = TLS_ST_SW_SESSION_TICKET; + else + st->hand_state = TLS_ST_SW_CHANGE; + } else { + /* Check if it is anon DH or anon ECDH, */ + /* normal PSK or SRP */ + if (!(s->s3->tmp.new_cipher->algorithm_auth & + (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { + st->hand_state = TLS_ST_SW_CERT; + } else if (send_server_key_exchange(s)) { st->hand_state = TLS_ST_SW_KEY_EXCH; - return WRITE_TRAN_CONTINUE; - } - /* Fall through */ - - case TLS_ST_SW_KEY_EXCH: - if (send_certificate_request(s)) { + } else if (send_certificate_request(s)) { st->hand_state = TLS_ST_SW_CERT_REQ; - return WRITE_TRAN_CONTINUE; + } else { + st->hand_state = TLS_ST_SW_SRVR_DONE; } - /* Fall through */ + } + return WRITE_TRAN_CONTINUE; - case TLS_ST_SW_CERT_REQ: - st->hand_state = TLS_ST_SW_SRVR_DONE; + case TLS_ST_SW_CERT: + if (s->tlsext_status_expected) { + st->hand_state = TLS_ST_SW_CERT_STATUS; return WRITE_TRAN_CONTINUE; + } + /* Fall through */ - case TLS_ST_SW_SRVR_DONE: - return WRITE_TRAN_FINISHED; - - case TLS_ST_SR_FINISHED: - if (s->hit) { - st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); - return WRITE_TRAN_CONTINUE; - } else if (s->tlsext_ticket_expected) { - st->hand_state = TLS_ST_SW_SESSION_TICKET; - } else { - st->hand_state = TLS_ST_SW_CHANGE; - } + case TLS_ST_SW_CERT_STATUS: + if (send_server_key_exchange(s)) { + st->hand_state = TLS_ST_SW_KEY_EXCH; return WRITE_TRAN_CONTINUE; + } + /* Fall through */ - case TLS_ST_SW_SESSION_TICKET: - st->hand_state = TLS_ST_SW_CHANGE; + case TLS_ST_SW_KEY_EXCH: + if (send_certificate_request(s)) { + st->hand_state = TLS_ST_SW_CERT_REQ; return WRITE_TRAN_CONTINUE; + } + /* Fall through */ - case TLS_ST_SW_CHANGE: - st->hand_state = TLS_ST_SW_FINISHED; - return WRITE_TRAN_CONTINUE; + case TLS_ST_SW_CERT_REQ: + st->hand_state = TLS_ST_SW_SRVR_DONE; + return WRITE_TRAN_CONTINUE; - case TLS_ST_SW_FINISHED: - if (s->hit) { - return WRITE_TRAN_FINISHED; - } + case TLS_ST_SW_SRVR_DONE: + return WRITE_TRAN_FINISHED; + + case TLS_ST_SR_FINISHED: + if (s->hit) { st->hand_state = TLS_ST_OK; ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; + } else if (s->tlsext_ticket_expected) { + st->hand_state = TLS_ST_SW_SESSION_TICKET; + } else { + st->hand_state = TLS_ST_SW_CHANGE; + } + return WRITE_TRAN_CONTINUE; + + case TLS_ST_SW_SESSION_TICKET: + st->hand_state = TLS_ST_SW_CHANGE; + return WRITE_TRAN_CONTINUE; - default: - /* Shouldn't happen */ - return WRITE_TRAN_ERROR; + case TLS_ST_SW_CHANGE: + st->hand_state = TLS_ST_SW_FINISHED; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_SW_FINISHED: + if (s->hit) { + return WRITE_TRAN_FINISHED; + } + st->hand_state = TLS_ST_OK; + ossl_statem_set_in_init(s, 0); + return WRITE_TRAN_CONTINUE; + + default: + /* Shouldn't happen */ + return WRITE_TRAN_ERROR; } } @@ -429,7 +429,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) { OSSL_STATEM *st = &s->statem; - switch(st->hand_state) { + switch (st->hand_state) { case TLS_ST_SW_HELLO_REQ: s->shutdown = 0; if (SSL_IS_DTLS(s)) @@ -510,7 +510,7 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) s->init_num = 0; - switch(st->hand_state) { + switch (st->hand_state) { case TLS_ST_SW_HELLO_REQ: if (statem_flush(s) != 1) return WORK_MORE_A; @@ -621,7 +621,7 @@ int ossl_statem_server_construct_message(SSL *s) { OSSL_STATEM *st = &s->statem; - switch(st->hand_state) { + switch (st->hand_state) { case DTLS_ST_SW_HELLO_VERIFY_REQUEST: return dtls_construct_hello_verify_request(s); @@ -698,7 +698,7 @@ unsigned long ossl_statem_server_max_message_size(SSL *s) { OSSL_STATEM *st = &s->statem; - switch(st->hand_state) { + switch (st->hand_state) { case TLS_ST_SR_CLNT_HELLO: return CLIENT_HELLO_MAX_LENGTH; @@ -737,7 +737,7 @@ MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt) { OSSL_STATEM *st = &s->statem; - switch(st->hand_state) { + switch (st->hand_state) { case TLS_ST_SR_CLNT_HELLO: return tls_process_client_hello(s, pkt); @@ -777,7 +777,7 @@ WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst) { OSSL_STATEM *st = &s->statem; - switch(st->hand_state) { + switch (st->hand_state) { case TLS_ST_SR_CLNT_HELLO: return tls_post_process_client_hello(s, wst); @@ -968,7 +968,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) * use version from inside client hello, not from record header (may * differ: see RFC 2246, Appendix E, second paragraph) */ - if(!PACKET_get_net_2(pkt, (unsigned int *)&s->client_version)) { + if (!PACKET_get_net_2(pkt, (unsigned int *)&s->client_version)) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); goto f_err; @@ -3236,7 +3236,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, if ((skp == NULL) || (*skp == NULL)) { sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */ - if(sk == NULL) { + if (sk == NULL) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); *al = SSL_AD_INTERNAL_ERROR; return NULL; diff --git a/test/asynctest.c b/test/asynctest.c index 026536b065..5057ce1d46 100644 --- a/test/asynctest.c +++ b/test/asynctest.c @@ -56,7 +56,7 @@ static int waitfd(void *args) waitctx = ASYNC_get_wait_ctx(job); if (waitctx == NULL) return 0; - if(!ASYNC_WAIT_CTX_set_wait_fd(waitctx, waitctx, MAGIC_WAIT_FD, NULL, NULL)) + if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, waitctx, MAGIC_WAIT_FD, NULL, NULL)) return 0; ASYNC_pause_job(); diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c index cbc6d8cc80..cc05bc2ef1 100644 --- a/test/verify_extra_test.c +++ b/test/verify_extra_test.c @@ -122,7 +122,7 @@ static int test_alt_chains_cert_forgery(const char *roots_f, i = X509_verify_cert(sctx); - if(i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) { + if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) { /* This is the result we were expecting: Test passed */ ret = 1; } -- 2.25.1