diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-12-16 17:30:42 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-12-16 17:30:42 +0100 |
| commit | 6eb6bbfe8e504a611145f454f4045e8f49fd5e44 (patch) | |
| tree | baba850cc86ee2d9d61de89da1cdfe408ad8694a /lib/gnutls_cipher.c | |
| parent | bdcfdac13179eccee6294402f2654fece149f82b (diff) | |
| download | gnutls-6eb6bbfe8e504a611145f454f4045e8f49fd5e44.tar.gz | |
Indented code. Use same indentation but with -nut to avoid usage of tabs. In several editors tabs can be configured not to be 8 spaces and this produces artifacts with the current indentation that is a mixture of tabs and spaces.
Diffstat (limited to 'lib/gnutls_cipher.c')
| -rw-r--r-- | lib/gnutls_cipher.c | 266 |
1 files changed, 133 insertions, 133 deletions
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index b94055f754..22d02f64f0 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -74,10 +74,10 @@ is_read_comp_null (gnutls_session_t session) */ int _gnutls_encrypt (gnutls_session_t session, const opaque * headers, - size_t headers_size, const opaque * data, - size_t data_size, opaque * ciphertext, - size_t ciphertext_size, content_type_t type, int random_pad, - record_parameters_st * params) + size_t headers_size, const opaque * data, + size_t data_size, opaque * ciphertext, + size_t ciphertext_size, content_type_t type, int random_pad, + record_parameters_st * params) { gnutls_datum_t plain; gnutls_datum_t comp; @@ -99,15 +99,15 @@ _gnutls_encrypt (gnutls_session_t session, const opaque * headers, */ ret = _gnutls_m_plaintext2compressed (session, &comp, &plain, params); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } ret = _gnutls_compressed2ciphertext (session, &ciphertext[headers_size], - ciphertext_size - headers_size, - comp, type, random_pad, params); + ciphertext_size - headers_size, + comp, type, random_pad, params); if (free_comp) _gnutls_free_datum (&comp); @@ -131,9 +131,9 @@ _gnutls_encrypt (gnutls_session_t session, const opaque * headers, */ int _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext, - size_t ciphertext_size, uint8_t * data, - size_t max_data_size, content_type_t type, - record_parameters_st * params) + size_t ciphertext_size, uint8_t * data, + size_t max_data_size, content_type_t type, + record_parameters_st * params) { gnutls_datum_t gtxt; gnutls_datum_t gcipher; @@ -147,7 +147,7 @@ _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext, ret = _gnutls_ciphertext2compressed (session, data, max_data_size, - gcipher, type, params); + gcipher, type, params); if (ret < 0) { return ret; @@ -169,27 +169,27 @@ _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext, gcomp.size = ret; ret = _gnutls_m_compressed2plaintext (session, >xt, &gcomp, params); if (ret < 0) - { - return ret; - } + { + return ret; + } if (gtxt.size > MAX_RECORD_RECV_SIZE) - { - gnutls_assert (); - _gnutls_free_datum (>xt); - /* This shouldn't have happen and - * is a TLS fatal error. - */ - return GNUTLS_E_DECOMPRESSION_FAILED; - } + { + gnutls_assert (); + _gnutls_free_datum (>xt); + /* This shouldn't have happen and + * is a TLS fatal error. + */ + return GNUTLS_E_DECOMPRESSION_FAILED; + } /* This check is not really needed */ if (max_data_size < MAX_RECORD_RECV_SIZE) - { - gnutls_assert (); - _gnutls_free_datum (>xt); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + _gnutls_free_datum (>xt); + return GNUTLS_E_INTERNAL_ERROR; + } memcpy (data, gtxt.data, gtxt.size); ret = gtxt.size; @@ -202,7 +202,7 @@ _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext, static inline int mac_init (digest_hd_st * td, gnutls_mac_algorithm_t mac, opaque * secret, - int secret_size, int ver) + int secret_size, int ver) { int ret = 0; @@ -212,11 +212,11 @@ mac_init (digest_hd_st * td, gnutls_mac_algorithm_t mac, opaque * secret, } if (ver == GNUTLS_SSL3) - { /* SSL 3.0 */ + { /* SSL 3.0 */ ret = _gnutls_mac_init_ssl3 (td, mac, secret, secret_size); } else - { /* TLS 1.x */ + { /* TLS 1.x */ ret = _gnutls_hmac_init (td, mac, secret, secret_size); } @@ -227,7 +227,7 @@ static inline void mac_hash (digest_hd_st * td, void *data, int data_size, int ver) { if (ver == GNUTLS_SSL3) - { /* SSL 3.0 */ + { /* SSL 3.0 */ _gnutls_hash (td, data, data_size); } else @@ -240,7 +240,7 @@ static inline void mac_deinit (digest_hd_st * td, opaque * res, int ver) { if (ver == GNUTLS_SSL3) - { /* SSL 3.0 */ + { /* SSL 3.0 */ _gnutls_mac_deinit_ssl3 (td, res); } else @@ -251,8 +251,8 @@ mac_deinit (digest_hd_st * td, opaque * res, int ver) inline static int calc_enc_length (gnutls_session_t session, int data_size, - int hash_size, uint8_t * pad, int random_pad, - cipher_type_t block_algo, uint16_t blocksize) + int hash_size, uint8_t * pad, int random_pad, + cipher_type_t block_algo, uint16_t blocksize) { uint8_t rnd; int length, ret; @@ -268,26 +268,26 @@ calc_enc_length (gnutls_session_t session, int data_size, case CIPHER_BLOCK: ret = _gnutls_rnd (GNUTLS_RND_NONCE, &rnd, 1); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } /* make rnd a multiple of blocksize */ if (session->security_parameters.version == GNUTLS_SSL3 || - random_pad == 0) - { - rnd = 0; - } + random_pad == 0) + { + rnd = 0; + } else - { - rnd = (rnd / blocksize) * blocksize; - /* added to avoid the case of pad calculated 0 - * seen below for pad calculation. - */ - if (rnd > blocksize) - rnd -= blocksize; - } + { + rnd = (rnd / blocksize) * blocksize; + /* added to avoid the case of pad calculated 0 + * seen below for pad calculation. + */ + if (rnd > blocksize) + rnd -= blocksize; + } length = data_size + hash_size; @@ -295,8 +295,8 @@ calc_enc_length (gnutls_session_t session, int data_size, length += *pad; if (_gnutls_version_has_explicit_iv - (session->security_parameters.version)) - length += blocksize; /* for the IV */ + (session->security_parameters.version)) + length += blocksize; /* for the IV */ break; default: @@ -310,7 +310,7 @@ calc_enc_length (gnutls_session_t session, int data_size, #define PREAMBLE_SIZE 16 static inline int make_preamble (opaque * uint64_data, opaque type, uint16_t c_length, - opaque ver, opaque * preamble) + opaque ver, opaque * preamble) { opaque minor = _gnutls_version_get_minor (ver); opaque major = _gnutls_version_get_major (ver); @@ -321,7 +321,7 @@ make_preamble (opaque * uint64_data, opaque type, uint16_t c_length, *p = type; p++; if (_gnutls_version_has_variable_padding (ver)) - { /* TLS 1.0 or higher */ + { /* TLS 1.0 or higher */ *p = major; p++; *p = minor; @@ -339,10 +339,10 @@ make_preamble (opaque * uint64_data, opaque type, uint16_t c_length, */ int _gnutls_compressed2ciphertext (gnutls_session_t session, - opaque * cipher_data, int cipher_size, - gnutls_datum_t compressed, - content_type_t _type, int random_pad, - record_parameters_st * params) + opaque * cipher_data, int cipher_size, + gnutls_datum_t compressed, + content_type_t _type, int random_pad, + record_parameters_st * params) { uint8_t MAC[MAX_HASH_SIZE]; uint16_t c_length; @@ -364,22 +364,22 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, c_length = _gnutls_conv_uint16 (compressed.size); if (params->mac_algorithm != GNUTLS_MAC_NULL) - { /* actually when the algorithm in not the NULL one */ + { /* actually when the algorithm in not the NULL one */ digest_hd_st td; ret = mac_init (&td, params->mac_algorithm, - params->write.mac_secret.data, - params->write.mac_secret.size, ver); + params->write.mac_secret.data, + params->write.mac_secret.size, ver); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } preamble_size = - make_preamble (UINT64DATA - (params->write.sequence_number), - type, c_length, ver, preamble); + make_preamble (UINT64DATA + (params->write.sequence_number), + type, c_length, ver, preamble); mac_hash (&td, preamble, preamble_size, ver); mac_hash (&td, compressed.data, compressed.size, ver); mac_deinit (&td, MAC, ver); @@ -390,7 +390,7 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, */ length = calc_enc_length (session, compressed.size, hash_size, &pad, - random_pad, block_algo, blocksize); + random_pad, block_algo, blocksize); if (length < 0) { gnutls_assert (); @@ -413,10 +413,10 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, */ ret = _gnutls_rnd (GNUTLS_RND_NONCE, data_ptr, blocksize); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } data_ptr += blocksize; } @@ -454,10 +454,10 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, */ int _gnutls_ciphertext2compressed (gnutls_session_t session, - opaque * compress_data, - int compress_size, - gnutls_datum_t ciphertext, uint8_t type, - record_parameters_st * params) + opaque * compress_data, + int compress_size, + gnutls_datum_t ciphertext, uint8_t type, + record_parameters_st * params) { uint8_t MAC[MAX_HASH_SIZE]; uint16_t c_length; @@ -479,71 +479,71 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, { case CIPHER_STREAM: if ((ret = - _gnutls_cipher_decrypt (¶ms->read.cipher_state, - ciphertext.data, ciphertext.size)) < 0) - { - gnutls_assert (); - return ret; - } + _gnutls_cipher_decrypt (¶ms->read.cipher_state, + ciphertext.data, ciphertext.size)) < 0) + { + gnutls_assert (); + return ret; + } length = ciphertext.size - hash_size; break; case CIPHER_BLOCK: if ((ciphertext.size < blocksize) || (ciphertext.size % blocksize != 0)) - { - gnutls_assert (); - return GNUTLS_E_DECRYPTION_FAILED; - } + { + gnutls_assert (); + return GNUTLS_E_DECRYPTION_FAILED; + } if ((ret = - _gnutls_cipher_decrypt (¶ms->read.cipher_state, - ciphertext.data, ciphertext.size)) < 0) - { - gnutls_assert (); - return ret; - } + _gnutls_cipher_decrypt (¶ms->read.cipher_state, + ciphertext.data, ciphertext.size)) < 0) + { + gnutls_assert (); + return ret; + } /* ignore the IV in TLS 1.1. */ if (_gnutls_version_has_explicit_iv - (session->security_parameters.version)) - { - ciphertext.size -= blocksize; - ciphertext.data += blocksize; + (session->security_parameters.version)) + { + ciphertext.size -= blocksize; + ciphertext.data += blocksize; - if (ciphertext.size == 0) - { - gnutls_assert (); - return GNUTLS_E_DECRYPTION_FAILED; - } - } + if (ciphertext.size == 0) + { + gnutls_assert (); + return GNUTLS_E_DECRYPTION_FAILED; + } + } - pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */ + pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */ if ((int) pad > (int) ciphertext.size - hash_size) - { - gnutls_assert (); - _gnutls_record_log - ("REC[%p]: Short record length %d > %d - %d (under attack?)\n", - session, pad, ciphertext.size, hash_size); - /* We do not fail here. We check below for the - * the pad_failed. If zero means success. - */ - pad_failed = GNUTLS_E_DECRYPTION_FAILED; - } + { + gnutls_assert (); + _gnutls_record_log + ("REC[%p]: Short record length %d > %d - %d (under attack?)\n", + session, pad, ciphertext.size, hash_size); + /* We do not fail here. We check below for the + * the pad_failed. If zero means success. + */ + pad_failed = GNUTLS_E_DECRYPTION_FAILED; + } length = ciphertext.size - hash_size - pad; /* Check the pading bytes (TLS 1.x) */ if (_gnutls_version_has_variable_padding (ver) && pad_failed == 0) - for (i = 2; i < pad; i++) - { - if (ciphertext.data[ciphertext.size - i] != - ciphertext.data[ciphertext.size - 1]) - pad_failed = GNUTLS_E_DECRYPTION_FAILED; - } + for (i = 2; i < pad; i++) + { + if (ciphertext.data[ciphertext.size - i] != + ciphertext.data[ciphertext.size - 1]) + pad_failed = GNUTLS_E_DECRYPTION_FAILED; + } break; default: gnutls_assert (); @@ -562,22 +562,22 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, digest_hd_st td; ret = mac_init (&td, params->mac_algorithm, - params->read.mac_secret.data, - params->read.mac_secret.size, ver); + params->read.mac_secret.data, + params->read.mac_secret.size, ver); if (ret < 0) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } preamble_size = - make_preamble (UINT64DATA - (params->read.sequence_number), type, - c_length, ver, preamble); + make_preamble (UINT64DATA + (params->read.sequence_number), type, + c_length, ver, preamble); mac_hash (&td, preamble, preamble_size, ver); if (length > 0) - mac_hash (&td, ciphertext.data, length, ver); + mac_hash (&td, ciphertext.data, length, ver); mac_deinit (&td, MAC, ver); } |