summaryrefslogtreecommitdiff
path: root/lib/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/authcert.c6
-rw-r--r--lib/ssl/cmpcert.c9
-rw-r--r--lib/ssl/derive.c91
-rw-r--r--lib/ssl/dtlscon.c44
-rw-r--r--lib/ssl/os2_err.c2
-rw-r--r--lib/ssl/ssl3con.c511
-rw-r--r--lib/ssl/ssl3ecc.c35
-rw-r--r--lib/ssl/ssl3ext.c77
-rw-r--r--lib/ssl/ssl3gthr.c27
-rw-r--r--lib/ssl/sslauth.c12
-rw-r--r--lib/ssl/sslcon.c91
-rw-r--r--lib/ssl/ssldef.c3
-rw-r--r--lib/ssl/sslgathr.c18
-rw-r--r--lib/ssl/sslinfo.c11
-rw-r--r--lib/ssl/sslmutex.h6
-rw-r--r--lib/ssl/sslnonce.c43
-rw-r--r--lib/ssl/sslsecur.c51
-rw-r--r--lib/ssl/sslsnce.c54
-rw-r--r--lib/ssl/sslsock.c186
-rw-r--r--lib/ssl/ssltrace.c18
-rw-r--r--lib/ssl/tls13con.c35
-rw-r--r--lib/ssl/tls13hkdf.c6
22 files changed, 472 insertions, 864 deletions
diff --git a/lib/ssl/authcert.c b/lib/ssl/authcert.c
index 85bbe8bbb..88c7c084a 100644
--- a/lib/ssl/authcert.c
+++ b/lib/ssl/authcert.c
@@ -45,13 +45,11 @@ NSS_GetClientAuthData(void *arg,
privkey = PK11_FindKeyByAnyCert(cert, proto_win);
if (privkey) {
rv = SECSuccess;
- }
- else {
+ } else {
CERT_DestroyCertificate(cert);
}
}
- }
- else { /* no name given, automatically find the right cert. */
+ } else { /* no name given, automatically find the right cert. */
CERTCertNicknames *names;
int i;
diff --git a/lib/ssl/cmpcert.c b/lib/ssl/cmpcert.c
index 168a6983c..e6edbee83 100644
--- a/lib/ssl/cmpcert.c
+++ b/lib/ssl/cmpcert.c
@@ -52,8 +52,7 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
if (rv == SECSuccess) {
compatIssuerName.data = &issuerName.data[headerlen];
compatIssuerName.len = issuerName.len - headerlen;
- }
- else {
+ } else {
compatIssuerName.data = NULL;
compatIssuerName.len = 0;
}
@@ -64,8 +63,7 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
rv = SECSuccess;
CERT_DestroyCertificate(curcert);
goto done;
- }
- else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) {
+ } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) {
rv = SECSuccess;
CERT_DestroyCertificate(curcert);
goto done;
@@ -79,8 +77,7 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
&curcert->derIssuer);
CERT_DestroyCertificate(oldcert);
depth++;
- }
- else {
+ } else {
CERT_DestroyCertificate(curcert);
curcert = NULL;
}
diff --git a/lib/ssl/derive.c b/lib/ssl/derive.c
index d32547051..026dbd2e0 100644
--- a/lib/ssl/derive.c
+++ b/lib/ssl/derive.c
@@ -160,8 +160,7 @@ ssl3_KeyAndMacDeriveBypass(
if (isTLS12) {
status = TLS_P_hash(HASH_AlgSHA256, &pwSpec->msItem,
"key expansion", &srcr, &keyblk, isFIPS);
- }
- else {
+ } else {
status = TLS_PRF(&pwSpec->msItem, "key expansion", &srcr, &keyblk,
isFIPS);
}
@@ -169,8 +168,7 @@ ssl3_KeyAndMacDeriveBypass(
goto key_and_mac_derive_fail;
}
block_bytes = keyblk.len;
- }
- else {
+ } else {
/* key_block =
* MD5(master_secret + SHA('A' + master_secret +
* ServerHello.random + ClientHello.random)) +
@@ -215,41 +213,40 @@ ssl3_KeyAndMacDeriveBypass(
* The key_block is partitioned as follows:
* client_write_MAC_secret[CipherSpec.hash_size]
*/
- buildSSLKey(&key_block[i], macSize, &pwSpec->client.write_mac_key_item, \
+ buildSSLKey(&key_block[i], macSize, &pwSpec->client.write_mac_key_item,
"Client Write MAC Secret");
i += macSize;
/*
* server_write_MAC_secret[CipherSpec.hash_size]
*/
- buildSSLKey(&key_block[i], macSize, &pwSpec->server.write_mac_key_item, \
+ buildSSLKey(&key_block[i], macSize, &pwSpec->server.write_mac_key_item,
"Server Write MAC Secret");
i += macSize;
if (!keySize) {
/* only MACing */
- buildSSLKey(NULL, 0, &pwSpec->client.write_key_item, \
+ buildSSLKey(NULL, 0, &pwSpec->client.write_key_item,
"Client Write Key (MAC only)");
- buildSSLKey(NULL, 0, &pwSpec->server.write_key_item, \
+ buildSSLKey(NULL, 0, &pwSpec->server.write_key_item,
"Server Write Key (MAC only)");
- buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item, \
+ buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item,
"Client Write IV (MAC only)");
- buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item, \
+ buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item,
"Server Write IV (MAC only)");
- }
- else if (!isExport) {
+ } else if (!isExport) {
/*
** Generate Domestic write keys and IVs.
** client_write_key[CipherSpec.key_material]
*/
- buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item, \
+ buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item,
"Domestic Client Write Key");
i += keySize;
/*
** server_write_key[CipherSpec.key_material]
*/
- buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item, \
+ buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item,
"Domestic Server Write Key");
i += keySize;
@@ -257,34 +254,32 @@ ssl3_KeyAndMacDeriveBypass(
if (explicitIV) {
static unsigned char zero_block[32];
PORT_Assert(IVSize <= sizeof zero_block);
- buildSSLKey(&zero_block[0], IVSize, \
- &pwSpec->client.write_iv_item, \
+ buildSSLKey(&zero_block[0], IVSize,
+ &pwSpec->client.write_iv_item,
"Domestic Client Write IV");
- buildSSLKey(&zero_block[0], IVSize, \
- &pwSpec->server.write_iv_item, \
+ buildSSLKey(&zero_block[0], IVSize,
+ &pwSpec->server.write_iv_item,
"Domestic Server Write IV");
- }
- else {
+ } else {
/*
** client_write_IV[CipherSpec.IV_size]
*/
- buildSSLKey(&key_block[i], IVSize, \
- &pwSpec->client.write_iv_item, \
+ buildSSLKey(&key_block[i], IVSize,
+ &pwSpec->client.write_iv_item,
"Domestic Client Write IV");
i += IVSize;
/*
** server_write_IV[CipherSpec.IV_size]
*/
- buildSSLKey(&key_block[i], IVSize, \
- &pwSpec->server.write_iv_item, \
+ buildSSLKey(&key_block[i], IVSize,
+ &pwSpec->server.write_iv_item,
"Domestic Server Write IV");
i += IVSize;
}
}
PORT_Assert(i <= block_bytes);
- }
- else if (!isTLS) {
+ } else if (!isTLS) {
/*
** Generate SSL3 Export write keys and IVs.
*/
@@ -300,7 +295,7 @@ ssl3_KeyAndMacDeriveBypass(
MD5_Update(md5Ctx, crsr.data, crsr.len);
MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
i += effKeySize;
- buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \
+ buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item,
"SSL3 Export Client Write Key");
key_block2 += keySize;
@@ -314,7 +309,7 @@ ssl3_KeyAndMacDeriveBypass(
MD5_Update(md5Ctx, srcr.data, srcr.len);
MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
i += effKeySize;
- buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \
+ buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item,
"SSL3 Export Server Write Key");
key_block2 += keySize;
PORT_Assert(i <= block_bytes);
@@ -327,7 +322,7 @@ ssl3_KeyAndMacDeriveBypass(
MD5_Begin(md5Ctx);
MD5_Update(md5Ctx, crsr.data, crsr.len);
MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
- buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item, \
+ buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item,
"SSL3 Export Client Write IV");
key_block2 += IVSize;
@@ -338,14 +333,13 @@ ssl3_KeyAndMacDeriveBypass(
MD5_Begin(md5Ctx);
MD5_Update(md5Ctx, srcr.data, srcr.len);
MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
- buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item, \
+ buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item,
"SSL3 Export Server Write IV");
key_block2 += IVSize;
}
PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);
- }
- else {
+ } else {
/*
** Generate TLS Export write keys and IVs.
*/
@@ -369,7 +363,7 @@ ssl3_KeyAndMacDeriveBypass(
if (status != SECSuccess) {
goto key_and_mac_derive_fail;
}
- buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \
+ buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item,
"TLS Export Client Write Key");
key_block2 += keySize;
@@ -388,7 +382,7 @@ ssl3_KeyAndMacDeriveBypass(
if (status != SECSuccess) {
goto key_and_mac_derive_fail;
}
- buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \
+ buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item,
"TLS Export Server Write Key");
key_block2 += keySize;
@@ -406,11 +400,11 @@ ssl3_KeyAndMacDeriveBypass(
if (status != SECSuccess) {
goto key_and_mac_derive_fail;
}
- buildSSLKey(key_block2, IVSize, \
- &pwSpec->client.write_iv_item, \
+ buildSSLKey(key_block2, IVSize,
+ &pwSpec->client.write_iv_item,
"TLS Export Client Write IV");
- buildSSLKey(key_block2 + IVSize, IVSize, \
- &pwSpec->server.write_iv_item, \
+ buildSSLKey(key_block2 + IVSize, IVSize,
+ &pwSpec->server.write_iv_item,
"TLS Export Server Write IV");
key_block2 += 2 * IVSize;
}
@@ -485,15 +479,13 @@ ssl3_MasterSecretDeriveBypass(
if (isTLS12) {
rv = TLS_P_hash(HASH_AlgSHA256, pms, "master secret", &crsr,
&master, isFIPS);
- }
- else {
+ } else {
rv = TLS_PRF(pms, "master secret", &crsr, &master, isFIPS);
}
if (rv != SECSuccess) {
PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
}
- }
- else {
+ } else {
int i;
unsigned int made = 0;
for (i = 0; i < 3; i++) {
@@ -552,8 +544,7 @@ ssl_canExtractMS(PK11SymKey *pms, PRBool isTLS, PRBool isDH, PRBool *pcbp)
master_derive = CKM_TLS_MASTER_KEY_DERIVE;
key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
keyFlags = CKF_SIGN | CKF_VERIFY;
- }
- else {
+ } else {
if (isDH)
master_derive = CKM_SSL3_MASTER_KEY_DERIVE_DH;
else
@@ -689,8 +680,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
if (protocolmask & SSL_CBP_SSL3) {
isTLS = PR_FALSE;
protocolmask ^= SSL_CBP_SSL3;
- }
- else {
+ } else {
isTLS = PR_TRUE;
protocolmask ^= SSL_CBP_TLS1_0;
}
@@ -700,8 +690,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
*pcanbypass = PR_FALSE;
rv = SECSuccess;
break;
- }
- else
+ } else
testrsa = PR_TRUE;
}
for (; privKeytype == rsaKey && testrsa;) {
@@ -781,8 +770,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
if (privKeytype == ecKey && testecdhe) {
/* TLS_ECDHE_ECDSA */
pecParams = &srvPubkey->u.ec.DEREncodedParams;
- }
- else if (privKeytype == rsaKey && testecdhe) {
+ } else if (privKeytype == rsaKey && testecdhe) {
/* TLS_ECDHE_RSA */
ECName ec_curve;
int serverKeyStrengthInBits;
@@ -830,8 +818,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
rv = SECFailure;
break;
}
- }
- else {
+ } else {
/* TLS_ECDH_ECDSA */
keapub = srvPubkey;
keapriv = srvPrivkey;
diff --git a/lib/ssl/dtlscon.c b/lib/ssl/dtlscon.c
index 5044c7c80..35d995e91 100644
--- a/lib/ssl/dtlscon.c
+++ b/lib/ssl/dtlscon.c
@@ -287,16 +287,14 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
/* Do not attempt to process rest of messages in this record */
break;
}
- }
- else {
+ } else {
if (message_seq < ss->ssl3.hs.recvMessageSeq) {
/* Case 3: we do an immediate retransmit if we're
* in a waiting state*/
if (ss->ssl3.hs.rtTimerCb == NULL) {
/* Ignore */
- }
- else if (ss->ssl3.hs.rtTimerCb ==
- dtls_RetransmitTimerExpiredCb) {
+ } else if (ss->ssl3.hs.rtTimerCb ==
+ dtls_RetransmitTimerExpiredCb) {
SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected",
SSL_GETPID(), ss->fd));
/* Check to see if we retransmitted recently. If so,
@@ -316,16 +314,14 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
dtls_RetransmitTimerExpiredCb(ss);
rv = SECSuccess;
break;
- }
- else {
+ } else {
SSL_TRC(30,
("%d: SSL3[%d]: We just retransmitted. Ignoring.",
SSL_GETPID(), ss->fd));
rv = SECSuccess;
break;
}
- }
- else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
+ } else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
/* Retransmit the messages and re-arm the timer
* Note that we are not backing off the timer here.
* The spec isn't clear and my reasoning is that this
@@ -340,8 +336,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
return rv;
break;
}
- }
- else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
+ } else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
/* Case 2
*
* Ignore this message. This means we don't handle out of
@@ -350,8 +345,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
*
* XXX OK for now. Maybe do something smarter at some point?
*/
- }
- else {
+ } else {
/* Case 1
*
* Buffer the fragment for reassembly
@@ -410,8 +404,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
* fragment */
ss->ssl3.hs.recvdHighWater = fragment_offset +
fragment_length;
- }
- else {
+ } else {
for (offset = fragment_offset;
offset < fragment_offset + fragment_length;
offset++) {
@@ -429,8 +422,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
if (ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] &
OFFSET_MASK(offset)) {
ss->ssl3.hs.recvdHighWater++;
- }
- else {
+ } else {
break;
}
}
@@ -491,8 +483,7 @@ dtls_QueueMessage(sslSocket *ss, SSL3ContentType type,
if (!msg) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
rv = SECFailure;
- }
- else {
+ } else {
PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight);
}
@@ -659,8 +650,7 @@ dtls_TransmitMessageFlight(sslSocket *ss)
}
room_left = ss->ssl3.mtu - ss->pendingBuf.len;
- }
- else {
+ } else {
/* The message will not fit, so fragment.
*
* XXX OK for now. Arrange to coalesce the last fragment
@@ -825,8 +815,7 @@ dtls_CompressMACEncryptRecord(sslSocket *ss,
cwSpec = ss->ssl3.pwSpec;
else
cwSpec = NULL;
- }
- else {
+ } else {
cwSpec = ss->ssl3.cwSpec;
}
@@ -835,12 +824,10 @@ dtls_CompressMACEncryptRecord(sslSocket *ss,
rv = ssl3_CompressMACEncryptRecord(cwSpec, ss->sec.isServer, PR_TRUE,
PR_FALSE, type, pIn, contentLen,
wrBuf);
- }
- else {
+ } else {
rv = tls13_ProtectRecord(ss, type, pIn, contentLen, wrBuf);
}
- }
- else {
+ } else {
PR_NOT_REACHED("Couldn't find a cipher spec matching epoch");
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
}
@@ -1160,8 +1147,7 @@ DTLS_GetHandshakeTimeout(PRFileDesc *socket, PRIntervalTime *timeout)
if (elapsed > desired) {
/* Timer expired */
*timeout = PR_INTERVAL_NO_WAIT;
- }
- else {
+ } else {
*timeout = desired - elapsed;
}
diff --git a/lib/ssl/os2_err.c b/lib/ssl/os2_err.c
index ae566f687..6e3d423f4 100644
--- a/lib/ssl/os2_err.c
+++ b/lib/ssl/os2_err.c
@@ -148,7 +148,7 @@ nss_MD_os2_map_send_error(PRInt32 err)
{
PRErrorCode prError;
switch (err) {
- // case WSAEMSGSIZE: prError = PR_INVALID_ARGUMENT_ERROR; break;
+ // case WSAEMSGSIZE: prError = PR_INVALID_ARGUMENT_ERROR; break;
default:
nss_MD_os2_map_default_error(err);
return;
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
index 444d5c008..aa9fef507 100644
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -692,8 +692,7 @@ SSL_AtomicIncrementLong(long *x)
{
if ((sizeof *x) == sizeof(PRInt32)) {
PR_ATOMIC_INCREMENT((PRInt32 *)x);
- }
- else {
+ } else {
tooLong *tl = (tooLong *)x;
if (PR_ATOMIC_INCREMENT(&tl->low) == 0)
PR_ATOMIC_INCREMENT(&tl->high);
@@ -1042,8 +1041,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf,
if (hash->hashAlg == ssl_hash_none) {
hashItem.data = hash->u.s.sha;
hashItem.len = sizeof(hash->u.s.sha);
- }
- else {
+ } else {
hashItem.data = hash->u.raw;
hashItem.len = hash->len;
}
@@ -1056,8 +1054,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf,
if (hash->hashAlg == ssl_hash_none) {
hashItem.data = hash->u.s.sha;
hashItem.len = sizeof(hash->u.s.sha);
- }
- else {
+ } else {
hashItem.data = hash->u.raw;
hashItem.len = hash->len;
}
@@ -1082,15 +1079,13 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf,
goto done; /* error code was set. */
rv = PK11_Sign(key, buf, &hashItem);
- }
- else {
+ } else {
SECOidTag hashOID = ssl3_TLSHashAlgorithmToOID(hash->hashAlg);
rv = SGN_Digest(key, hashOID, buf, &hashItem);
}
if (rv != SECSuccess) {
ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
- }
- else if (doDerEncode) {
+ } else if (doDerEncode) {
SECItem derSig = { siBuffer, NULL, 0 };
/* This also works for an ECDSA signature */
@@ -1098,8 +1093,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf,
if (rv == SECSuccess) {
PORT_Free(buf->data); /* discard unencoded signature. */
*buf = derSig; /* give caller encoded signature. */
- }
- else if (derSig.data) {
+ } else if (derSig.data) {
PORT_Free(derSig.data);
}
}
@@ -1148,8 +1142,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert,
if (hash->hashAlg == ssl_hash_none) {
hashItem.data = hash->u.s.sha;
hashItem.len = sizeof(hash->u.s.sha);
- }
- else {
+ } else {
hashItem.data = hash->u.raw;
hashItem.len = hash->len;
}
@@ -1177,8 +1170,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert,
hashAlg = SEC_OID_SHA1;
hashItem.data = hash->u.s.sha;
hashItem.len = sizeof(hash->u.s.sha);
- }
- else {
+ } else {
hashItem.data = hash->u.raw;
hashItem.len = hash->len;
}
@@ -1201,8 +1193,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert,
* present. Thus DSA signatures are always verified with PK11_Verify.
*/
rv = PK11_Verify(key, buf, &hashItem, pwArg);
- }
- else {
+ } else {
rv = VFY_VerifyDigestDirect(&hashItem, key, buf, encAlg, hashAlg,
pwArg);
}
@@ -1237,29 +1228,23 @@ ssl3_ComputeCommonKeyHash(SSLHashType hashAlg,
MD5_HashBuf(hashes->u.s.md5, hashBuf, bufLen);
SHA1_HashBuf(hashes->u.s.sha, hashBuf, bufLen);
hashes->len = MD5_LENGTH + SHA1_LENGTH;
- }
- else if (hashAlg == ssl_hash_sha1) {
+ } else if (hashAlg == ssl_hash_sha1) {
SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen);
hashes->len = SHA1_LENGTH;
- }
- else if (hashAlg == ssl_hash_sha256) {
+ } else if (hashAlg == ssl_hash_sha256) {
SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen);
hashes->len = SHA256_LENGTH;
- }
- else if (hashAlg == ssl_hash_sha384) {
+ } else if (hashAlg == ssl_hash_sha384) {
SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen);
hashes->len = SHA384_LENGTH;
- }
- else if (hashAlg == ssl_hash_sha512) {
+ } else if (hashAlg == ssl_hash_sha512) {
SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen);
hashes->len = SHA512_LENGTH;
- }
- else {
+ } else {
PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
return SECFailure;
}
- }
- else
+ } else
#endif
{
if (hashAlg == ssl_hash_none) {
@@ -1274,8 +1259,7 @@ ssl3_ComputeCommonKeyHash(SSLHashType hashAlg,
return rv;
}
hashes->len = MD5_LENGTH + SHA1_LENGTH;
- }
- else {
+ } else {
hashOID = ssl3_TLSHashAlgorithmToOID(hashAlg);
hashes->len = HASH_ResultLenByOidTag(hashOID);
if (hashes->len == 0 || hashes->len > sizeof(hashes->u.raw)) {
@@ -1312,8 +1296,7 @@ ssl3_ComputeExportRSAKeyHash(SSLHashType hashAlg,
bufLen = 2 * SSL3_RANDOM_LENGTH + 2 + modulus.len + 2 + publicExponent.len;
if (bufLen <= sizeof buf) {
hashBuf = buf;
- }
- else {
+ } else {
hashBuf = PORT_Alloc(bufLen);
if (!hashBuf) {
return SECFailure;
@@ -1345,8 +1328,7 @@ ssl3_ComputeExportRSAKeyHash(SSLHashType hashAlg,
hashes->u.s.md5, MD5_LENGTH));
PRINT_BUF(95, (NULL, "RSAkey hash: SHA1 result",
hashes->u.s.sha, SHA1_LENGTH));
- }
- else {
+ } else {
PRINT_BUF(95, (NULL, "RSAkey hash: result",
hashes->u.raw, hashes->len));
}
@@ -1373,8 +1355,7 @@ ssl3_ComputeDHKeyHash(SSLHashType hashAlg,
bufLen = 2 * SSL3_RANDOM_LENGTH + 2 + dh_p.len + 2 + dh_g.len + 2 + dh_Ys.len;
if (bufLen <= sizeof buf) {
hashBuf = buf;
- }
- else {
+ } else {
hashBuf = PORT_Alloc(bufLen);
if (!hashBuf) {
return SECFailure;
@@ -1411,8 +1392,7 @@ ssl3_ComputeDHKeyHash(SSLHashType hashAlg,
hashes->u.s.md5, MD5_LENGTH));
PRINT_BUF(95, (NULL, "DHkey hash: SHA1 result",
hashes->u.s.sha, SHA1_LENGTH));
- }
- else {
+ } else {
PRINT_BUF(95, (NULL, "DHkey hash: result",
hashes->u.raw, hashes->len));
}
@@ -1965,8 +1945,7 @@ ssl3_BuildRecordPseudoHeader(unsigned char *out,
dtls_version = dtls_TLSVersionToDTLSVersion(version);
out[9] = MSB(dtls_version);
out[10] = LSB(dtls_version);
- }
- else {
+ } else {
out[9] = MSB(version);
out[10] = LSB(version);
}
@@ -2004,8 +1983,7 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,
in += explicitNonceLen;
inlen -= explicitNonceLen;
*outlen = 0;
- }
- else {
+ } else {
if (maxout < explicitNonceLen) {
PORT_SetError(SEC_ERROR_INPUT_LEN);
return SECFailure;
@@ -2030,8 +2008,7 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,
if (doDecrypt) {
rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
maxout, in, inlen);
- }
- else {
+ } else {
rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
maxout, in, inlen);
}
@@ -2075,8 +2052,7 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys,
in += explicitNonceLen;
inlen -= explicitNonceLen;
*outlen = 0;
- }
- else {
+ } else {
if (maxout < explicitNonceLen) {
PORT_SetError(SEC_ERROR_INPUT_LEN);
return SECFailure;
@@ -2105,8 +2081,7 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys,
}
if (doDecrypt) {
rv = AES_Decrypt(cx, out, &uOutLen, maxout, in, inlen);
- }
- else {
+ } else {
rv = AES_Encrypt(cx, out, &uOutLen, maxout, in, inlen);
}
AES_DestroyContext(cx, PR_FALSE);
@@ -2156,8 +2131,7 @@ ssl3_ChaCha20Poly1305(ssl3KeyMaterial *keys, PRBool doDecrypt,
if (doDecrypt) {
rv = PK11_Decrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, &param,
out, &uOutLen, maxout, in, inlen);
- }
- else {
+ } else {
rv = PK11_Encrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, &param,
out, &uOutLen, maxout, in, inlen);
}
@@ -2401,16 +2375,14 @@ ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms)
if (rv == SECSuccess) {
rv = ssl3_InitPendingContextsBypass(ss);
}
- }
- else
+ } else
#endif
if (pwSpec->master_secret) {
rv = ssl3_DeriveConnectionKeysPKCS11(ss);
if (rv == SECSuccess) {
rv = ssl3_InitPendingContextsPKCS11(ss);
}
- }
- else {
+ } else {
PORT_Assert(pwSpec->master_secret);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
rv = SECFailure;
@@ -2422,8 +2394,7 @@ ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms)
/* Generic behaviors -- common to all crypto methods */
if (!IS_DTLS(ss)) {
pwSpec->read_seq_num.high = pwSpec->write_seq_num.high = 0;
- }
- else {
+ } else {
if (cwSpec->epoch == PR_UINT16_MAX) {
/* The problem here is that we have rehandshaked too many
* times (you are not allowed to wrap the epoch). The
@@ -2568,15 +2539,13 @@ ssl3_ComputeRecordMAC(
hashObj->update(write_mac_context, temp, tempLen);
hashObj->end(write_mac_context, outbuf, outLength, spec->mac_size);
rv = SECSuccess;
- }
- else { /* is TLS */
+ } else { /* is TLS */
#define cx ((HMACContext *)write_mac_context)
if (useServerMacKey) {
rv = HMAC_Init(cx, hashObj,
spec->server.write_mac_key_item.data,
spec->server.write_mac_key_item.len, PR_FALSE);
- }
- else {
+ } else {
rv = HMAC_Init(cx, hashObj,
spec->client.write_mac_key_item.data,
spec->client.write_mac_key_item.len, PR_FALSE);
@@ -2590,8 +2559,7 @@ ssl3_ComputeRecordMAC(
}
#undef cx
}
- }
- else
+ } else
#endif
{
PK11Context *mac_context =
@@ -2825,8 +2793,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec *cwSpec,
PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
return SECFailure;
}
- }
- else {
+ } else {
/*
* Add the MAC
*/
@@ -2869,8 +2836,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec *cwSpec,
if (p1Len < 256) {
oddLen = p1Len;
p1Len = 0;
- }
- else {
+ } else {
p1Len -= oddLen;
}
if (oddLen) {
@@ -2887,7 +2853,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec *cwSpec,
&cipherBytesPart1, /* actual outlen */
p1Len, /* max outlen */
pIn,
- p1Len); /* input, and inputlen */
+ p1Len); /* input, and inputlen */
PORT_Assert(rv == SECSuccess && cipherBytesPart1 == (int)p1Len);
if (rv != SECSuccess || cipherBytesPart1 != (int)p1Len) {
PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
@@ -2932,8 +2898,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec *cwSpec,
wrBuf->buf[10] = (unsigned char)(cwSpec->write_seq_num.low >> 0);
wrBuf->buf[11] = MSB(cipherBytes);
wrBuf->buf[12] = LSB(cipherBytes);
- }
- else {
+ } else {
SSL3ProtocolVersion version = cwSpec->version;
if (capRecordVersion || version >= SSL_LIBRARY_VERSION_TLS_1_3) {
@@ -3052,8 +3017,7 @@ ssl3_SendRecord(sslSocket *ss,
* as explained in the documentation for SSL_CBC_RANDOM_IV in ssl.h
*/
numRecords = 2;
- }
- else {
+ } else {
numRecords = 1;
}
@@ -3098,8 +3062,7 @@ ssl3_SendRecord(sslSocket *ss,
secondRecord.buf, secondRecord.len));
wrBuf->len += secondRecord.len;
}
- }
- else {
+ } else {
if (!IS_DTLS(ss)) {
if (ss->ssl3.cwSpec->version < SSL_LIBRARY_VERSION_TLS_1_3) {
rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec,
@@ -3108,13 +3071,11 @@ ssl3_SendRecord(sslSocket *ss,
capRecordVersion,
type, pIn,
contentLen, wrBuf);
- }
- else {
+ } else {
rv = tls13_ProtectRecord(ss, type, pIn,
contentLen, wrBuf);
}
- }
- else {
+ } else {
/* TLS <= 1.2 and TLS 1.3 cases are both handled in
* dtls_CompressMACEncryptRecord. */
rv = dtls_CompressMACEncryptRecord(ss, epoch,
@@ -3165,8 +3126,7 @@ ssl3_SendRecord(sslSocket *ss,
flags |= ssl_SEND_FLAG_FORCE_INTO_BUFFER;
}
}
- }
- else if (wrBuf->len > 0) {
+ } else if (wrBuf->len > 0) {
PRInt32 sent;
ss->handshakeBegun = 1;
sent = ssl_DefSend(ss, wrBuf->buf, wrBuf->len,
@@ -3312,8 +3272,7 @@ ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags)
{
if (IS_DTLS(ss)) {
return dtls_FlushHandshakeMessages(ss, flags);
- }
- else {
+ } else {
return ssl3_FlushHandshakeMessages(ss, flags);
}
}
@@ -3343,8 +3302,7 @@ ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags)
if ((flags & ~allowedFlags) != 0) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
- }
- else {
+ } else {
count = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf,
ss->sec.ci.sendBuf.len, flags);
}
@@ -3355,14 +3313,12 @@ ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags)
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
}
rv = SECFailure;
- }
- else if ((unsigned int)count < ss->sec.ci.sendBuf.len) {
+ } else if ((unsigned int)count < ss->sec.ci.sendBuf.len) {
/* short write should never happen */
PORT_Assert((unsigned int)count >= ss->sec.ci.sendBuf.len);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
rv = SECFailure;
- }
- else {
+ } else {
rv = SECSuccess;
}
@@ -3752,8 +3708,7 @@ ssl3_SendChangeCipherSpecs(sslSocket *ss)
if (sent < 0) {
return (SECStatus)sent; /* error code set by ssl3_SendRecord */
}
- }
- else {
+ } else {
rv = dtls_QueueMessage(ss, content_change_cipher_spec, &change, 1);
if (rv != SECSuccess) {
return rv;
@@ -3777,8 +3732,7 @@ ssl3_SendChangeCipherSpecs(sslSocket *ss)
if (ss->ssl3.prSpec == ss->ssl3.pwSpec) {
if (!IS_DTLS(ss)) {
ssl3_DestroyCipherSpec(ss->ssl3.pwSpec, PR_FALSE /*freeSrvName*/);
- }
- else {
+ } else {
/* With DTLS, we need to set a holddown timer in case the final
* message got lost */
ss->ssl3.hs.rtTimeoutMs = DTLS_FINISHED_TIMER_MS;
@@ -3907,8 +3861,7 @@ ssl3_ComputeMasterSecretFinish(sslSocket *ss,
if (msp) {
*msp = ms;
- }
- else {
+ } else {
PK11_FreeSymKey(ms);
}
@@ -3956,16 +3909,14 @@ ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
master_derive = CKM_TLS12_MASTER_KEY_DERIVE;
key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
keyFlags = CKF_SIGN | CKF_VERIFY;
- }
- else if (isTLS) {
+ } else if (isTLS) {
if (isDH)
master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH;
else
master_derive = CKM_TLS_MASTER_KEY_DERIVE;
key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
keyFlags = CKF_SIGN | CKF_VERIFY;
- }
- else {
+ } else {
if (isDH)
master_derive = CKM_SSL3_MASTER_KEY_DERIVE_DH;
else
@@ -3986,8 +3937,7 @@ ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
if (isTLS12) {
master_params.prfHashMechanism = CKM_SHA256;
master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS);
- }
- else {
+ } else {
/* prfHashMechanism is not relevant with this PRF */
master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS);
}
@@ -4037,8 +3987,7 @@ tls_ComputeExtendedMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
if (isDH) {
master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH;
- }
- else {
+ } else {
master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE;
pms_version_ptr = &pms_version;
}
@@ -4047,8 +3996,7 @@ tls_ComputeExtendedMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
/* TLS 1.2 */
extended_master_params.prfHashMechanism = CKM_SHA256;
key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
- }
- else {
+ } else {
/* TLS < 1.2 */
extended_master_params.prfHashMechanism = CKM_TLS_PRF;
key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
@@ -4080,8 +4028,7 @@ ssl3_ComputeMasterSecret(sslSocket *ss, PK11SymKey *pms,
if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
return tls_ComputeExtendedMasterSecretInt(ss, pms, msp);
- }
- else {
+ } else {
return ssl3_ComputeMasterSecretInt(ss, pms, msp);
}
}
@@ -4132,8 +4079,7 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms)
memcpy(pwSpec->raw_master_secret, keydata->data, keydata->len);
pwSpec->msItem.data = pwSpec->raw_master_secret;
pwSpec->msItem.len = keydata->len;
- }
- else {
+ } else {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
@@ -4234,12 +4180,10 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss)
key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
key_material_params.prfHashMechanism = CKM_SHA256;
key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS);
- }
- else if (isTLS) {
+ } else if (isTLS) {
key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS);
- }
- else {
+ } else {
key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE;
key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS);
}
@@ -4320,14 +4264,12 @@ ssl3_InitHandshakeHashes(sslSocket *ss)
ss->ssl3.hs.sha_clone = (void (*)(void *, void *))SHA256_Clone;
ss->ssl3.hs.hashType = handshake_hash_single;
ss->ssl3.hs.sha_obj->begin(ss->ssl3.hs.sha_cx);
- }
- else {
+ } else {
ss->ssl3.hs.hashType = handshake_hash_combo;
MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx);
SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx);
}
- }
- else
+ } else
#endif
{
PORT_Assert(!ss->ssl3.hs.md5 && !ss->ssl3.hs.sha);
@@ -4372,8 +4314,7 @@ ssl3_InitHandshakeHashes(sslSocket *ss)
return SECFailure;
}
}
- }
- else {
+ } else {
/* Both ss->ssl3.hs.md5 and ss->ssl3.hs.sha should be NULL or
* created successfully. */
ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_MD5);
@@ -4470,8 +4411,7 @@ ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b,
if (ss->opt.bypassPKCS11) {
if (ss->ssl3.hs.hashType == handshake_hash_single) {
ss->ssl3.hs.sha_obj->update(ss->ssl3.hs.sha_cx, b, l);
- }
- else {
+ } else {
MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l);
SHA1_Update((SHA1Context *)ss->ssl3.hs.sha_cx, b, l);
}
@@ -4491,8 +4431,7 @@ ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b,
return rv;
}
}
- }
- else {
+ } else {
rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l);
if (rv != SECSuccess) {
ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
@@ -5007,8 +4946,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss,
* then this will need to be updated. */
hashes->hashAlg = ssl_hash_sha256;
rv = SECSuccess;
- }
- else if (ss->opt.bypassPKCS11) {
+ } else if (ss->opt.bypassPKCS11) {
/* compute them without PKCS11 */
PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS];
PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS];
@@ -5091,8 +5029,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss,
rv = SECSuccess;
#undef md5cx
#undef shacx
- }
- else
+ } else
#endif
if (ss->ssl3.hs.hashType == handshake_hash_single) {
/* compute hashes with PKCS11 */
@@ -5130,8 +5067,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss,
PORT_ZFree(stateBuf, stateLen);
}
}
- }
- else {
+ } else {
/* compute hashes with PKCS11 */
PK11Context *md5;
PK11Context *sha = NULL;
@@ -5436,8 +5372,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
}
if (slot == NULL) {
sidOK = PR_FALSE;
- }
- else {
+ } else {
PK11SymKey *wrapKey = NULL;
if (!PK11_IsPresent(slot) ||
((wrapKey = PK11_GetWrapKey(slot,
@@ -5481,12 +5416,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
if (sid->version >= ss->vrange.min &&
sid->version <= ss->clientHelloVersion) {
ss->version = ss->clientHelloVersion;
- }
- else {
+ } else {
sidOK = PR_FALSE;
}
- }
- else {
+ } else {
/*
* Check sid->version is OK first.
* Previously, we would cap the version based on sid->version,
@@ -5496,8 +5429,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
if (sid->version < ss->vrange.min ||
sid->version > ss->vrange.max) {
sidOK = PR_FALSE;
- }
- else {
+ } else {
rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED,
PR_TRUE);
if (rv != SECSuccess) {
@@ -5524,8 +5456,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
sid->u.ssl3.sessionIDLength));
ss->ssl3.policy = sid->u.ssl3.policy;
- }
- else {
+ } else {
SSL_AtomicIncrementLong(&ssl3stats.sch_sid_cache_misses);
/*
@@ -5538,8 +5469,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
*/
if (ss->firstHsDone) {
ss->version = ss->clientHelloVersion;
- }
- else {
+ } else {
rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED,
PR_TRUE);
if (rv != SECSuccess)
@@ -5683,8 +5613,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length);
total_exten_len += paddingExtensionLen;
length += paddingExtensionLen;
- }
- else {
+ } else {
paddingExtensionLen = 0;
}
@@ -5707,8 +5636,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
version = dtls_TLSVersionToDTLSVersion(ss->clientHelloVersion);
rv = ssl3_AppendHandshakeNumber(ss, version, 2);
- }
- else {
+ } else {
rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2);
}
if (rv != SECSuccess) {
@@ -6480,8 +6408,7 @@ sendRSAClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
}
if (isTLS) {
rv = ssl3_AppendHandshakeVariable(ss, enc_pms.data, enc_pms.len, 2);
- }
- else {
+ } else {
rv = ssl3_AppendHandshake(ss, enc_pms.data, enc_pms.len);
}
if (rv != SECSuccess) {
@@ -6625,8 +6552,7 @@ ssl3_SendClientKeyExchange(sslSocket *ss)
ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
return SECFailure;
}
- }
- else {
+ } else {
serverKey = ss->sec.peerKey;
ss->sec.peerKey = NULL; /* we're done with it now */
}
@@ -6719,19 +6645,16 @@ ssl3_SendCertificateVerify(sslSocket *ss, SECKEYPrivateKey *privKey)
if (isTLS13) {
/* rv is already set to SECFailure */
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- }
- else {
+ } else {
rv = ssl3_ComputeBackupHandshakeHashes(ss, &hashes);
}
- }
- else {
+ } else {
ssl3CipherSpec *spec;
if (isTLS13) {
/* In TLS 1.3, we are already encrypted. */
spec = ss->ssl3.cwSpec;
- }
- else {
+ } else {
spec = ss->ssl3.pwSpec;
}
@@ -6999,8 +6922,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
goto alert_loser;
}
ss->ssl3.hs.compression = (SSLCompressionMethod)temp;
- }
- else {
+ } else {
ss->ssl3.hs.compression = ssl_compression_null;
}
@@ -7019,8 +6941,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
if (rv != SECSuccess || length != 0) {
if (isTLS)
goto alert_loser;
- }
- else {
+ } else {
rv = ssl3_HandleHelloExtensions(ss, &extensions.data,
&extensions.len, server_hello);
if (rv != SECSuccess)
@@ -7151,8 +7072,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
break; /* errorCode set just after call to UnwrapSymKey. */
}
#ifndef NO_PKCS11_BYPASS
- }
- else if (ss->opt.bypassPKCS11) {
+ } else if (ss->opt.bypassPKCS11) {
/* MS is not wrapped */
wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
@@ -7160,8 +7080,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
pwSpec->msItem.data = pwSpec->raw_master_secret;
pwSpec->msItem.len = wrappedMS.len;
#endif
- }
- else {
+ } else {
/* We CAN restart a bypass session in a non-bypass socket. */
/* need to import the raw master secret to session object */
PK11SlotInfo *slot = PK11_GetInternalSlot();
@@ -7245,13 +7164,11 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
if (rv != SECSuccess)
goto alert_loser;
TLS13_SET_HS_STATE(ss, wait_encrypted_extensions);
- }
- else if (ss->ssl3.hs.kea_def->signKeyType != ssl_sign_null) {
+ } else if (ss->ssl3.hs.kea_def->signKeyType != ssl_sign_null) {
/* All current cipher suites other than those with ssl_sign_null (i.e.,
* (EC)DH_anon_* suites) require a certificate, so use that signal. */
ss->ssl3.hs.ws = wait_server_cert;
- }
- else {
+ } else {
/* All the remaining cipher suites must be (EC)DH_anon_* and so
* must be ephemeral. Note, if we ever add PSK this might
* change. */
@@ -7578,8 +7495,7 @@ ssl3_ExtractClientKeyInfo(sslSocket *ss,
*/
if (pubk->keyType == rsaKey || pubk->keyType == dsaKey) {
*preferSha1 = SECKEY_PublicKeyStrength(pubk) <= 128;
- }
- else {
+ } else {
*preferSha1 = PR_FALSE;
}
@@ -7625,8 +7541,7 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss,
if (algorithms->data[i + 1] == sigAlg) {
if (algorithms->data[i] == ssl_hash_sha1) {
supportsSha1 = PR_TRUE;
- }
- else if (algorithms->data[i] == ssl_hash_sha256) {
+ } else if (algorithms->data[i] == ssl_hash_sha256) {
supportsSha256 = PR_TRUE;
}
}
@@ -7832,12 +7747,11 @@ ssl3_CompleteHandleCertificateRequest(sslSocket *ss, SECItem *algorithms,
PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
ssl_preinfo_all);
/* XXX Should pass cert_types and algorithms in this call!! */
- rv = (SECStatus) (*ss->getClientAuthData)(ss->getClientAuthDataArg,
- ss->fd, ca_list,
- &ss->ssl3.clientCertificate,
- &ss->ssl3.clientPrivateKey);
- }
- else {
+ rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg,
+ ss->fd, ca_list,
+ &ss->ssl3.clientCertificate,
+ &ss->ssl3.clientPrivateKey);
+ } else {
rv = SECFailure; /* force it to send a no_certificate alert */
}
switch (rv) {
@@ -7884,8 +7798,7 @@ ssl3_CompleteHandleCertificateRequest(sslSocket *ss, SECItem *algorithms,
send_no_certificate:
if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) {
ss->ssl3.sendEmptyCert = PR_TRUE;
- }
- else {
+ } else {
(void)SSL3_SendAlert(ss, alert_warning, no_certificate);
}
rv = SECSuccess;
@@ -7905,8 +7818,7 @@ ssl3_CheckFalseStart(sslSocket *ss)
if (!ss->canFalseStartCallback) {
SSL_TRC(3, ("%d: SSL[%d]: no false start callback so no false start",
SSL_GETPID(), ss->fd));
- }
- else {
+ } else {
PRBool maybeFalseStart;
SECStatus rv;
@@ -7921,8 +7833,7 @@ ssl3_CheckFalseStart(sslSocket *ss)
if (!maybeFalseStart) {
SSL_TRC(3, ("%d: SSL[%d]: no false start due to weak cipher",
SSL_GETPID(), ss->fd));
- }
- else {
+ } else {
PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
ssl_preinfo_all);
rv = (ss->canFalseStartCallback)(ss->fd,
@@ -7931,11 +7842,9 @@ ssl3_CheckFalseStart(sslSocket *ss)
if (rv == SECSuccess) {
SSL_TRC(3, ("%d: SSL[%d]: false start callback returned %s",
SSL_GETPID(), ss->fd,
- ss->ssl3.hs.canFalseStart ?
- "TRUE"
+ ss->ssl3.hs.canFalseStart ? "TRUE"
: "FALSE"));
- }
- else {
+ } else {
SSL_TRC(3, ("%d: SSL[%d]: false start callback failed (%s)",
SSL_GETPID(), ss->fd,
PR_ErrorToName(PR_GetError())));
@@ -8071,8 +7980,7 @@ ssl3_SendClientSecondRound(sslSocket *ss)
if (rv != SECSuccess) {
goto loser; /* error code is set. */
}
- }
- else if (sendClientCert) {
+ } else if (sendClientCert) {
rv = ssl3_SendCertificate(ss);
if (rv != SECSuccess) {
goto loser; /* error code is set. */
@@ -8131,8 +8039,7 @@ ssl3_SendClientSecondRound(sslSocket *ss)
if (rv != SECSuccess) {
goto loser;
}
- }
- else {
+ } else {
/* The certificate authentication and the server's Finished
* message are racing each other. If the certificate
* authentication wins, then we will try to false start in
@@ -8316,22 +8223,19 @@ ssl3_SendServerHelloSequence(sslSocket *ss)
keyLen * BPB <= kea_def->key_size_limit) {
/* XXX AND cert is not signing only!! */
/* just fall through and use it. */
- }
- else if (ss->stepDownKeyPair != NULL) {
+ } else if (ss->stepDownKeyPair != NULL) {
ss->ssl3.hs.usedStepDownKey = PR_TRUE;
rv = ssl3_SendServerKeyExchange(ss);
if (rv != SECSuccess) {
return rv; /* err code was set. */
}
- }
- else {
+ } else {
#ifndef HACKED_EXPORT_SERVER
PORT_SetError(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED);
return rv;
#endif
}
- }
- else if (kea_def->ephemeral) {
+ } else if (kea_def->ephemeral) {
rv = ssl3_SendServerKeyExchange(ss);
if (rv != SECSuccess) {
return rv; /* err code was set. */
@@ -8465,8 +8369,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
if (IS_DTLS(ss)) {
ss->clientHelloVersion = version =
dtls_DTLSVersionToTLSVersion((SSL3ProtocolVersion)tmp);
- }
- else {
+ } else {
ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp;
}
@@ -8656,14 +8559,12 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
if (ssl_sid_lookup) {
sid = (*ssl_sid_lookup)(&ss->sec.ci.peer, sidBytes.data,
sidBytes.len, ss->dbHandle);
- }
- else {
+ } else {
errCode = SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED;
goto loser;
}
}
- }
- else if (ss->statelessResume) {
+ } else if (ss->statelessResume) {
/* Fill in the client's session ID if doing a stateless resume.
* (When doing stateless resumes, server echos client's SessionID.)
*/
@@ -8675,8 +8576,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data,
sidBytes.len);
sid->u.ssl3.sessionIDLength = sidBytes.len;
- }
- else {
+ } else {
sid->u.ssl3.sessionIDLength = 0;
}
ss->sec.ci.sid = NULL;
@@ -8910,8 +8810,7 @@ compression_found:
if (!sid->u.ssl3.keys.extendedMasterSecretUsed) {
break; /* not an error */
}
- }
- else {
+ } else {
if (sid->u.ssl3.keys.extendedMasterSecretUsed) {
/* Note: we do not destroy the session */
desc = handshake_failure;
@@ -8972,16 +8871,14 @@ compression_found:
break; /* not an error */
}
#ifndef NO_PKCS11_BYPASS
- }
- else if (ss->opt.bypassPKCS11) {
+ } else if (ss->opt.bypassPKCS11) {
wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
memcpy(pwSpec->raw_master_secret, wrappedMS.data, wrappedMS.len);
pwSpec->msItem.data = pwSpec->raw_master_secret;
pwSpec->msItem.len = wrappedMS.len;
#endif
- }
- else {
+ } else {
/* We CAN restart a bypass session in a non-bypass socket. */
/* need to import the raw master secret to session object */
PK11SlotInfo *slot;
@@ -9117,10 +9014,10 @@ compression_found:
/* If extension is negotiated, the len of names should > 0. */
if (ss->xtnData.sniNameArrSize) {
/* Calling client callback to reconfigure the socket. */
- ret = (SECStatus) (*ss->sniSocketConfig)(ss->fd,
- ss->xtnData.sniNameArr,
- ss->xtnData.sniNameArrSize,
- ss->sniSocketConfigArg);
+ ret = (SECStatus)(*ss->sniSocketConfig)(ss->fd,
+ ss->xtnData.sniNameArr,
+ ss->xtnData.sniNameArrSize,
+ ss->sniSocketConfigArg);
}
if (ret <= SSL_SNI_SEND_ALERT) {
/* Application does not know the name or was not able to
@@ -9128,8 +9025,7 @@ compression_found:
errCode = SSL_ERROR_UNRECOGNIZED_NAME_ALERT;
desc = unrecognized_name;
break;
- }
- else if (ret == SSL_SNI_CURRENT_CONFIG_IS_USED) {
+ } else if (ret == SSL_SNI_CURRENT_CONFIG_IS_USED) {
SECStatus rv = SECSuccess;
SECItem *cwsName, *pwsName;
@@ -9161,8 +9057,7 @@ compression_found:
ret = SSL_SNI_SEND_ALERT;
break;
}
- }
- else if ((unsigned int)ret < ss->xtnData.sniNameArrSize) {
+ } else if ((unsigned int)ret < ss->xtnData.sniNameArrSize) {
/* Application has configured new socket info. Lets check it
* and save the name. */
SECStatus rv;
@@ -9211,8 +9106,7 @@ compression_found:
*/
ssl3_RegisterServerHelloExtensionSender(ss, ssl_server_name_xtn,
ssl3_SendServerNameXtn);
- }
- else {
+ } else {
/* Callback returned index outside of the boundary. */
PORT_Assert((unsigned int)ret < ss->xtnData.sniNameArrSize);
errCode = SSL_ERROR_INTERNAL_ERROR_ALERT;
@@ -9278,8 +9172,7 @@ compression_found:
ssl_GetXmitBufLock(ss);
if (isTLS13) {
rv = tls13_SendServerHelloSequence(ss);
- }
- else {
+ } else {
rv = ssl3_SendServerHelloSequence(ss);
}
ssl_ReleaseXmitBufLock(ss);
@@ -9558,8 +9451,7 @@ ssl3_SendServerHello(sslSocket *ss)
PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
return SECFailure;
}
- }
- else {
+ } else {
PORT_Assert(MSB(ss->version) == MSB(SSL_LIBRARY_VERSION_DTLS_1_0));
if (MSB(ss->version) != MSB(SSL_LIBRARY_VERSION_DTLS_1_0)) {
@@ -9594,8 +9486,7 @@ ssl3_SendServerHello(sslSocket *ss)
if (IS_DTLS(ss)) {
version = dtls_TLSVersionToDTLSVersion(ss->version);
- }
- else {
+ } else {
version = ss->version;
}
@@ -9614,8 +9505,7 @@ ssl3_SendServerHello(sslSocket *ss)
if (sid) {
rv = ssl3_AppendHandshakeVariable(
ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
- }
- else {
+ } else {
rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
}
if (rv != SECSuccess) {
@@ -10274,8 +10164,7 @@ ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
temp = dtls_TLSVersionToDTLSVersion(ss->clientHelloVersion);
version.major = MSB(temp);
version.minor = LSB(temp);
- }
- else {
+ } else {
version.major = MSB(ss->clientHelloVersion);
version.minor = LSB(ss->clientHelloVersion);
}
@@ -10346,8 +10235,7 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss,
#ifndef NO_PKCS11_BYPASS
isTLS = PR_TRUE;
#endif
- }
- else {
+ } else {
#ifndef NO_PKCS11_BYPASS
isTLS = (PRBool)(ss->ssl3.hs.kea_def->tls_keygen != 0);
#endif
@@ -10375,8 +10263,7 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss,
if (rv != SECSuccess) {
/* triple bypass failed. Let's try for a double bypass. */
goto double_bypass;
- }
- else if (ss->opt.detectRollBack) {
+ } else if (ss->opt.detectRollBack) {
SSL3ProtocolVersion client_version =
(rsaPmsBuf[0] << 8) | rsaPmsBuf[1];
@@ -10398,8 +10285,7 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss,
PK11_GenerateRandom(pwSpec->msItem.data, pwSpec->msItem.len);
}
rv = ssl3_InitPendingCipherSpec(ss, NULL);
- }
- else
+ } else
#endif
{
PK11SymKey *tmpPms[2] = { NULL, NULL };
@@ -10602,8 +10488,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
}
serverKeyPair = ss->stepDownKeyPair;
ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB;
- }
- else
+ } else
skip:
if (kea_def->kea == kea_dhe_dss ||
kea_def->kea == kea_dhe_rsa) {
@@ -10614,8 +10499,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
SECKEY_PublicKeyStrengthInBits(serverKeyPair->pubKey);
}
}
- }
- else
+ } else
#ifndef NSS_DISABLE_ECC
/* XXX Using SSLKEAType to index server certifiates
* does not work for (EC)DHE ciphers. Until we have
@@ -10632,8 +10516,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
SECKEY_PublicKeyStrengthInBits(serverKeyPair->pubKey);
}
}
- }
- else
+ } else
#endif
{
sslServerCerts *sc = ss->serverCerts + kea_def->exchKeyType;
@@ -10902,8 +10785,7 @@ ssl3_SendCertificate(sslSocket *ss)
if ((ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) ||
(ss->ssl3.hs.kea_def->kea == kea_dhe_rsa)) {
certIndex = kt_rsa;
- }
- else {
+ } else {
certIndex = ss->ssl3.hs.kea_def->exchKeyType;
}
sc = ss->serverCerts + certIndex;
@@ -10911,8 +10793,7 @@ ssl3_SendCertificate(sslSocket *ss)
ss->sec.authKeyBits = sc->serverKeyBits;
ss->sec.authAlgorithm = ss->ssl3.hs.kea_def->signKeyType;
ss->sec.localCert = CERT_DupCertificate(sc->serverCert);
- }
- else {
+ } else {
certChain = ss->ssl3.clientCertChain;
ss->sec.localCert = CERT_DupCertificate(ss->ssl3.clientCertificate);
}
@@ -10932,8 +10813,7 @@ ssl3_SendCertificate(sslSocket *ss)
#ifdef NISCC_TEST
if (fakeCert.len > 0 && i == ndex) {
certChainLen += fakeCert.len + 3;
- }
- else {
+ } else {
certChainLen += certChain->certs[i].len + 3;
}
#else
@@ -10951,8 +10831,7 @@ ssl3_SendCertificate(sslSocket *ss)
if (isTLS13) {
if (ss->sec.isServer) {
rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
- }
- else {
+ } else {
rv = ssl3_AppendHandshakeVariable(ss,
ss->ssl3.hs.certReqContext,
ss->ssl3.hs.certReqContextLen, 1);
@@ -10973,8 +10852,7 @@ ssl3_SendCertificate(sslSocket *ss)
rv = ssl3_AppendHandshakeVariable(ss, fakeCert.data,
fakeCert.len, 3);
SECITEM_FreeItem(&fakeCert, PR_FALSE);
- }
- else {
+ } else {
rv = ssl3_AppendHandshakeVariable(ss, certChain->certs[i].data,
certChain->certs[i].len, 3);
}
@@ -11017,8 +10895,7 @@ ssl3_SendCertificateStatus(sslSocket *ss)
if ((ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) ||
(ss->ssl3.hs.kea_def->kea == kea_dhe_rsa)) {
certIndex = kt_rsa;
- }
- else {
+ } else {
certIndex = ss->ssl3.hs.kea_def->exchKeyType;
}
if (ss->certStatusArray[certIndex] && ss->certStatusArray[certIndex]->len) {
@@ -11209,8 +11086,7 @@ ssl3_CompleteHandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
ss->ssl3.hs.ws = wait_client_key;
- }
- else {
+ } else {
TLS13_SET_HS_STATE(ss, wait_finished);
}
return SECSuccess;
@@ -11281,8 +11157,7 @@ ssl3_CompleteHandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
c->next = NULL;
if (lastCert) {
lastCert->next = c;
- }
- else {
+ } else {
ss->ssl3.peerCertChain = c;
}
lastCert = c;
@@ -11296,8 +11171,7 @@ ssl3_CompleteHandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
if (!isServer && ssl3_ExtensionNegotiated(ss, ssl_cert_status_xtn)) {
ss->ssl3.hs.ws = wait_certificate_status;
rv = SECSuccess;
- }
- else {
+ } else {
rv = ssl3_AuthCertificate(ss); /* sets ss->ssl3.hs.ws */
}
@@ -11343,8 +11217,8 @@ ssl3_AuthCertificate(sslSocket *ss)
/*
* Ask caller-supplied callback function to validate cert chain.
*/
- rv = (SECStatus) (*ss->authCertificate)(ss->authCertificateArg, ss->fd,
- PR_TRUE, isServer);
+ rv = (SECStatus)(*ss->authCertificate)(ss->authCertificateArg, ss->fd,
+ PR_TRUE, isServer);
if (rv != SECSuccess) {
errCode = PORT_GetError();
if (rv != SECWouldBlock) {
@@ -11446,8 +11320,7 @@ ssl3_AuthCertificate(sslSocket *ss)
if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
TLS13_SET_HS_STATE(ss, wait_cert_verify);
- }
- else {
+ } else {
/* Ephemeral suites require ServerKeyExchange. Export cipher suites
* with RSA key exchange also require ServerKeyExchange if the
* authentication key exceeds the key size limit. */
@@ -11457,8 +11330,7 @@ ssl3_AuthCertificate(sslSocket *ss)
ss->sec.authKeyBits > ss->ssl3.hs.kea_def->key_size_limit)) {
/* require server_key_exchange */
ss->ssl3.hs.ws = wait_server_key;
- }
- else {
+ } else {
/* disallow server_key_exchange */
ss->ssl3.hs.ws = wait_cert_request;
/* This is static RSA key exchange so set the key bits to
@@ -11466,13 +11338,11 @@ ssl3_AuthCertificate(sslSocket *ss)
ss->sec.keaKeyBits = ss->sec.authKeyBits;
}
}
- }
- else {
+ } else {
/* Server */
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
ss->ssl3.hs.ws = wait_client_key;
- }
- else {
+ } else {
TLS13_SET_HS_STATE(ss, wait_cert_verify);
}
}
@@ -11529,8 +11399,7 @@ ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error)
ss->ssl3.hs.restartTarget = ssl3_AlwaysFail;
ssl3_SendAlertForCertError(ss, error);
rv = SECSuccess;
- }
- else if (ss->ssl3.hs.restartTarget != NULL) {
+ } else if (ss->ssl3.hs.restartTarget != NULL) {
sslRestartTarget target = ss->ssl3.hs.restartTarget;
ss->ssl3.hs.restartTarget = NULL;
@@ -11548,8 +11417,7 @@ ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error)
if (rv == SECWouldBlock) {
rv = SECSuccess;
}
- }
- else {
+ } else {
SSL_TRC(3, ("%d: SSL3[%p]: certificate authentication won the race with"
" peer's finished message",
SSL_GETPID(), ss->fd));
@@ -11566,8 +11434,7 @@ ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error)
* haven't received all of the server's second round yet.
*/
rv = ssl3_CheckFalseStart(ss);
- }
- else {
+ } else {
rv = SECSuccess;
}
}
@@ -11602,8 +11469,7 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) {
tls_mac_params.prfMechanism = CKM_TLS_PRF;
- }
- else {
+ } else {
tls_mac_params.prfMechanism = CKM_SHA256;
}
tls_mac_params.ulMacLength = 12;
@@ -11658,8 +11524,7 @@ ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label,
PORT_Assert(rv != SECSuccess || retLen == outLen);
PK11_DestroyContext(prf_context, PR_TRUE);
- }
- else {
+ } else {
/* bypass PKCS11 */
#ifdef NO_PKCS11_BYPASS
PORT_Assert(spec->master_secret);
@@ -11677,8 +11542,7 @@ ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label,
if (spec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
rv = TLS_P_hash(HASH_AlgSHA256, &spec->msItem, label, &inData,
&outData, isFIPS);
- }
- else {
+ } else {
rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS);
}
PORT_Assert(rv != SECSuccess || outData.len == outLen);
@@ -11828,8 +11692,7 @@ ssl3_SendFinished(sslSocket *ss, PRInt32 flags)
rv = ssl3_AppendHandshake(ss, &tlsFinished, sizeof tlsFinished);
if (rv != SECSuccess)
goto fail; /* err set by AppendHandshake. */
- }
- else {
+ } else {
if (isServer)
ss->ssl3.hs.finishedMsgs.sFinished[1] = hashes.u.s;
else
@@ -11891,8 +11754,7 @@ ssl3_CacheWrappedMasterSecret(sslSocket *ss, sslSessionID *sid,
pwArg);
if (wrappingKey) {
mechanism = PK11_GetMechanism(wrappingKey); /* can't fail. */
- }
- else {
+ } else {
int keyLength;
/* if the wrappingKey doesn't exist, attempt to create it.
* Note: we intentionally ignore errors here. If we cannot
@@ -11910,8 +11772,7 @@ ssl3_CacheWrappedMasterSecret(sslSocket *ss, sslSessionID *sid,
PK11_SetWrapKey(symKeySlot, wrapKeyIndex, wrappingKey);
}
}
- }
- else {
+ } else {
/* server socket using session cache. */
mechanism = PK11_GetBestWrapMechanism(symKeySlot);
if (mechanism != CKM_INVALID_MECHANISM) {
@@ -11996,8 +11857,7 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
return SECFailure;
}
- }
- else {
+ } else {
if (length != sizeof(SSL3Finished)) {
(void)ssl3_IllegalParameter(ss);
PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED);
@@ -12082,8 +11942,7 @@ xmit_loser:
if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
effectiveExchKeyType = kt_rsa;
- }
- else {
+ } else {
effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
}
@@ -12116,8 +11975,7 @@ xmit_loser:
sid->u.ssl3.masterValid = PR_TRUE;
sid->u.ssl3.keys.msIsWrapped = PR_FALSE;
rv = SECSuccess;
- }
- else {
+ } else {
rv = ssl3_CacheWrappedMasterSecret(ss, ss->sec.ci.sid,
ss->ssl3.crSpec,
effectiveExchKeyType);
@@ -12219,13 +12077,11 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
(ss->ssl3.hs.ws == wait_cert_verify))) {
computeHashes = PR_TRUE;
}
- }
- else {
+ } else {
if (type == certificate_verify) {
computeHashes =
TLS13_IN_HS_STATE(ss, wait_cert_verify);
- }
- else if (type == finished) {
+ } else if (type == finished) {
computeHashes =
TLS13_IN_HS_STATE(ss, wait_cert_request, wait_finished);
}
@@ -12234,10 +12090,8 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
ssl_GetSpecReadLock(ss); /************************************/
if (computeHashes) {
SSL3Sender sender = (SSL3Sender)0;
- ssl3CipherSpec *rSpec = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 ?
- ss->ssl3.crSpec
- :
- ss->ssl3.prSpec;
+ ssl3CipherSpec *rSpec = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 ? ss->ssl3.crSpec
+ : ss->ssl3.prSpec;
if (type == finished) {
sender = ss->sec.isServer ? sender_client : sender_server;
@@ -12341,8 +12195,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
default:
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
rv = ssl3_HandlePostHelloHandshakeMessage(ss, b, length, hashesPtr);
- }
- else {
+ } else {
rv = tls13_HandlePostHelloHandshakeMessage(ss, b, length,
hashesPtr);
}
@@ -12529,8 +12382,7 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
if (rv != SECSuccess) { /* return if SECWouldBlock. */
return rv;
}
- }
- else {
+ } else {
/* must be copied to msg_body and dealt with from there */
unsigned int bytes;
@@ -12569,8 +12421,7 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
if (rv != SECSuccess) { /* return if SECWouldBlock. */
return rv;
}
- }
- else {
+ } else {
PORT_Assert(buf->len == 0);
break;
}
@@ -12801,8 +12652,7 @@ ssl3_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext,
/* With >= TLS 1.1, CBC records have an explicit IV. */
minLength += cipher_def->iv_size;
}
- }
- else if (cipher_def->type == type_aead) {
+ } else if (cipher_def->type == type_aead) {
minLength = cipher_def->explicit_nonce_size + cipher_def->tag_size;
}
@@ -12878,8 +12728,7 @@ ssl3_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext,
if (rv != SECSuccess) {
good = 0;
}
- }
- else {
+ } else {
if (cipher_def->type == type_block &&
((cText->buf->len - ivLen) % cipher_def->block_size) != 0) {
goto decrypt_loser;
@@ -12905,8 +12754,7 @@ ssl3_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext,
if (!isTLS) {
good &= SECStatusToMask(ssl_RemoveSSLv3CBCPadding(
plaintext, blockSize, macSize));
- }
- else {
+ } else {
good &= SECStatusToMask(ssl_RemoveTLSCBCPadding(
plaintext, macSize));
}
@@ -12933,8 +12781,7 @@ ssl3_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext,
* plaintext->len if the result has enough space for the MAC and we
* tested the unadjusted size against minLength, above. */
plaintext->len -= crSpec->mac_size;
- }
- else {
+ } else {
/* This is safe because we checked the minLength above. */
plaintext->len -= crSpec->mac_size;
@@ -13046,8 +12893,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
temp_buf.buf = NULL;
temp_buf.space = 0;
plaintext = &temp_buf;
- }
- else {
+ } else {
plaintext = databuf;
}
@@ -13071,8 +12917,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
crSpec->cipher_def->calg == ssl_calg_null) {
/* Unencrypted TLS 1.3 records use the pre-TLS 1.3 format. */
rv = ssl3_UnprotectRecord(ss, cText, plaintext, &alert);
- }
- else {
+ } else {
rv = tls13_UnprotectRecord(ss, cText, plaintext, &alert);
}
@@ -13088,8 +12933,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
* PORT_SetError(). */
PORT_SetError(errCode);
return SECFailure;
- }
- else {
+ } else {
/* Silently drop the packet */
databuf->len = 0; /* Needed to ensure data not left around */
return SECSuccess;
@@ -13099,8 +12943,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
/* SECSuccess */
if (!IS_DTLS(ss)) {
ssl3_BumpSequenceNumber(&crSpec->read_seq_num);
- }
- else {
+ } else {
dtls_RecordSetRecvd(&crSpec->recvdRecords, dtls_seq_num);
}
@@ -13141,8 +12984,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
if (rv != SECSuccess) {
int err = ssl_MapLowLevelError(SSL_ERROR_DECOMPRESSION_FAILURE);
SSL3_SendAlert(ss, alert_fatal,
- isTLS ?
- decompression_failure
+ isTLS ? decompression_failure
: bad_record_mac);
/* There appears to be a bug with (at least) Apache + OpenSSL where
@@ -13214,8 +13056,7 @@ process_it:
case content_handshake:
if (!IS_DTLS(ss)) {
rv = ssl3_HandleHandshake(ss, databuf);
- }
- else {
+ } else {
rv = dtls_HandleHandshake(ss, databuf);
}
break;
@@ -13447,8 +13288,7 @@ ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *oPolicy)
if (suite) {
policy = suite->policy;
rv = SECSuccess;
- }
- else {
+ } else {
policy = SSL_NOT_ALLOWED;
rv = SECFailure; /* err code was set by Lookup. */
}
@@ -13482,8 +13322,7 @@ ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *enabled)
if (suite) {
pref = suite->enabled;
rv = SECSuccess;
- }
- else {
+ } else {
pref = SSL_NOT_ALLOWED;
rv = SECFailure; /* err code was set by Lookup. */
}
@@ -13515,8 +13354,7 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled)
if (suite) {
pref = suite->enabled;
rv = SECSuccess;
- }
- else {
+ } else {
pref = SSL_NOT_ALLOWED;
rv = SECFailure; /* err code was set by Lookup. */
}
@@ -13720,8 +13558,7 @@ ssl3_DestroySSL3Info(sslSocket *ss)
if (ss->ssl3.hs.hashType == handshake_hash_combo) {
SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE);
MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE);
- }
- else if (ss->ssl3.hs.hashType == handshake_hash_single) {
+ } else if (ss->ssl3.hs.hashType == handshake_hash_single) {
ss->ssl3.hs.sha_obj->destroy(ss->ssl3.hs.sha_cx, PR_FALSE);
}
}
diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c
index e26a556db..c8e9d06b5 100644
--- a/lib/ssl/ssl3ecc.c
+++ b/lib/ssl/ssl3ecc.c
@@ -252,8 +252,7 @@ ssl3_ComputeECDHKeyHash(SSLHashType hashAlg,
bufLen = 2 * SSL3_RANDOM_LENGTH + ec_params.len + 1 + server_ecpoint.len;
if (bufLen <= sizeof buf) {
hashBuf = buf;
- }
- else {
+ } else {
hashBuf = PORT_Alloc(bufLen);
if (!hashBuf) {
return SECFailure;
@@ -322,11 +321,9 @@ ssl3_SendECDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
if (isTLS12) {
target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
- }
- else if (isTLS) {
+ } else if (isTLS) {
target = CKM_TLS_MASTER_KEY_DERIVE_DH;
- }
- else {
+ } else {
target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
}
@@ -449,11 +446,9 @@ ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b,
if (isTLS12) {
target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
- }
- else if (isTLS) {
+ } else if (isTLS) {
target = CKM_TLS_MASTER_KEY_DERIVE_DH;
- }
- else {
+ } else {
target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
}
@@ -603,8 +598,7 @@ ssl3_GetCurveNameForServerSocket(sslSocket *ss)
return ec_noName;
}
signatureKeyStrength = curve2bits[ec_curve];
- }
- else {
+ } else {
/* RSA is our signing cert */
int serverKeyStrengthInBits;
@@ -931,8 +925,7 @@ ssl3_SendECDHServerKeyExchange(
if (ss->opt.reuseServerECDHEKey) {
rv = ssl3_CreateECDHEphemeralKeys(ss, curve);
- }
- else {
+ } else {
rv = ssl3_CreateECDHEphemeralKeyPair(curve, &ss->ephemeralECDHKeyPair);
}
if (rv != SECSuccess) {
@@ -953,8 +946,7 @@ ssl3_SendECDHServerKeyExchange(
ec_params.data[0] = ec_type_named;
ec_params.data[1] = 0x00;
ec_params.data[2] = curve;
- }
- else {
+ } else {
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
goto loser;
}
@@ -1153,8 +1145,7 @@ ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss)
if (!svrCert) {
ssl3_DisableECCSuites(ss, ecdh_suites);
ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
- }
- else {
+ } else {
SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature);
switch (sigTag) {
@@ -1224,12 +1215,14 @@ static const PRUint8 suiteBECList[] = {
/* Prefabricated TLS client hello extension, Elliptic Curves List,
* offers curves 1-25.
*/
+/* clang-format off */
static const PRUint8 tlsECList[] = {
1, 2, 3, 4, 5, 6, 7, 8,
9, 10, 11, 12, 13, 14, 15, 16,
17, 18, 19, 20, 21, 22, 23, 24,
25
};
+/* clang-format on */
static const PRUint8 ecPtFmt[6] = {
BE(11), /* Extension type */
@@ -1295,8 +1288,7 @@ ssl3_SendSupportedCurvesXtn(
APPEND_CURVE(suiteBECList[i]);
}
ecListSize = pos;
- }
- else {
+ } else {
for (i = 0; i < sizeof(tlsECList); i++) {
APPEND_CURVE(tlsECList[i]);
}
@@ -1343,8 +1335,7 @@ ssl3_GetSupportedECCurveMask(sslSocket *ss)
if (ssl3_SuiteBOnly(ss)) {
curves = SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
- }
- else {
+ } else {
curves = SSL3_ALL_SUPPORTED_CURVES_MASK;
}
diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
index bf204198f..2e99a40fc 100644
--- a/lib/ssl/ssl3ext.c
+++ b/lib/ssl/ssl3ext.c
@@ -570,12 +570,11 @@ ssl3_SendSessionTicketXtn(
if (session_ticket->ticket.data) {
if (ss->xtnData.ticketTimestampVerified) {
extension_length += session_ticket->ticket.len;
- }
- else if (!append &&
- (session_ticket->ticket_lifetime_hint == 0 ||
- (session_ticket->ticket_lifetime_hint +
- session_ticket->received_timestamp >
- ssl_Time()))) {
+ } else if (!append &&
+ (session_ticket->ticket_lifetime_hint == 0 ||
+ (session_ticket->ticket_lifetime_hint +
+ session_ticket->received_timestamp >
+ ssl_Time()))) {
extension_length += session_ticket->ticket.len;
ss->xtnData.ticketTimestampVerified = PR_TRUE;
}
@@ -598,8 +597,7 @@ ssl3_SendSessionTicketXtn(
session_ticket->ticket.len, 2);
ss->xtnData.ticketTimestampVerified = PR_FALSE;
ss->xtnData.sentSessionTicketInClientHello = PR_TRUE;
- }
- else {
+ } else {
rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
}
if (rv != SECSuccess)
@@ -906,8 +904,7 @@ ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
if (i <= len) {
memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i);
memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i);
- }
- else {
+ } else {
/* This seems to be invalid data so we'll send as-is. */
memcpy(alpn_protos, ss->opt.nextProtoNego.data, len);
}
@@ -1015,8 +1012,7 @@ ssl3_ServerSendStatusRequestXtn(
if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
effectiveExchKeyType = ssl_kea_rsa;
- }
- else {
+ } else {
effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
}
@@ -1170,8 +1166,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
if (ss->opt.bypassPKCS11) {
rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
&mac_key, &mac_key_length);
- }
- else
+ } else
#endif
{
rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
@@ -1185,8 +1180,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
ms_item.data = ss->ssl3.pwSpec->msItem.data;
ms_item.len = ss->ssl3.pwSpec->msItem.len;
ms_is_wrapped = PR_FALSE;
- }
- else {
+ } else {
/* Extract the master secret wrapped. */
sslSessionID sid;
PORT_Memset(&sid, 0, sizeof(sslSessionID));
@@ -1194,8 +1188,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
effectiveExchKeyType = kt_rsa;
- }
- else {
+ } else {
effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
}
@@ -1209,8 +1202,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
ms_item.data = wrapped_ms;
ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len;
msWrapMech = sid.u.ssl3.masterWrapMech;
- }
- else {
+ } else {
/* TODO: else send an empty ticket. */
goto loser;
}
@@ -1326,8 +1318,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
ss->sec.ci.sid->peerCert->derCert.len);
if (rv != SECSuccess)
goto loser;
- }
- else {
+ } else {
rv = ssl3_AppendNumberToItem(&plaintext, 0, 1);
if (rv != SECSuccess)
goto loser;
@@ -1352,8 +1343,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
rv = ssl3_AppendToItem(&plaintext, srvName->data, srvName->len);
if (rv != SECSuccess)
goto loser;
- }
- else {
+ } else {
/* No Name */
rv = ssl3_AppendNumberToItem(&plaintext, (char)TLS_STE_NO_SERVER_NAME, 1);
if (rv != SECSuccess)
@@ -1389,8 +1379,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
plaintext_item.len);
if (rv != SECSuccess)
goto loser;
- }
- else
+ } else
#endif
{
aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
@@ -1427,8 +1416,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len);
HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
sizeof(computed_mac));
- }
- else
+ } else
#endif
{
SECItem macParam;
@@ -1544,8 +1532,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
*/
if (data->len == 0) {
ss->xtnData.emptySessionTicket = PR_TRUE;
- }
- else {
+ } else {
PRUint32 i;
SECItem extension_data;
EncryptedSessionTicket enc_session_ticket;
@@ -1601,8 +1588,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
if (ss->opt.bypassPKCS11) {
rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
&mac_key, &mac_key_length);
- }
- else
+ } else
#endif
{
rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
@@ -1640,8 +1626,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
sizeof(computed_mac)) != SECSuccess)
goto no_ticket;
- }
- else
+ } else
#endif
{
SECItem macParam;
@@ -1653,8 +1638,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.",
SSL_GETPID(), ss->fd, PORT_GetError()));
goto no_ticket;
- }
- else {
+ } else {
SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.",
SSL_GETPID(), ss->fd));
}
@@ -1708,8 +1692,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
enc_session_ticket.encrypted_state.len);
if (rv != SECSuccess)
goto no_ticket;
- }
- else
+ } else
#endif
{
SECItem ivItem;
@@ -2050,8 +2033,7 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length,
case server_hello:
if (ss->version > SSL_LIBRARY_VERSION_3_0) {
handlers = serverHelloHandlersTLS;
- }
- else {
+ } else {
handlers = serverHelloHandlersSSL3;
}
break;
@@ -2131,13 +2113,11 @@ ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type,
ssl3HelloExtensionSender *sender;
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
sender = &ss->xtnData.serverHelloSenders[0];
- }
- else {
+ } else {
if (tls13_ExtensionAllowed(ex_type, server_hello)) {
PORT_Assert(!tls13_ExtensionAllowed(ex_type, encrypted_extensions));
sender = &ss->xtnData.serverHelloSenders[0];
- }
- else {
+ } else {
PORT_Assert(tls13_ExtensionAllowed(ex_type, encrypted_extensions));
sender = &ss->xtnData.encryptedExtensionsSenders[0];
}
@@ -2172,8 +2152,7 @@ ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
if (!sender) {
if (ss->version > SSL_LIBRARY_VERSION_3_0) {
sender = &clientHelloSendersTLS[0];
- }
- else {
+ } else {
sender = &clientHelloSendersSSL3[0];
}
}
@@ -2884,8 +2863,7 @@ ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss, PRBool append,
goto loser;
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
ssl_signed_cert_timestamp_xtn;
- }
- else if (maxBytes < extension_length) {
+ } else if (maxBytes < extension_length) {
PORT_Assert(0);
return 0;
}
@@ -2932,8 +2910,7 @@ ssl3_ServerSendSignedCertTimestampXtn(sslSocket *ss,
if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
effectiveExchKeyType = ssl_kea_rsa;
- }
- else {
+ } else {
effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
}
diff --git a/lib/ssl/ssl3gthr.c b/lib/ssl/ssl3gthr.c
index 5ba5b7cf7..ea277135d 100644
--- a/lib/ssl/ssl3gthr.c
+++ b/lib/ssl/ssl3gthr.c
@@ -59,14 +59,12 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
if (nb > 0) {
PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
- }
- else if (nb == 0) {
+ } else if (nb == 0) {
/* EOF */
SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
rv = 0;
break;
- }
- else /* if (nb < 0) */ {
+ } else /* if (nb < 0) */ {
SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
PR_GetError()));
rv = SECFailure;
@@ -194,14 +192,12 @@ dtls_GatherData(sslSocket *ss, sslGather *gs, int flags)
if (nb > 0) {
PRINT_BUF(60, (ss, "raw gather data:", gs->dtlsPacket.buf, nb));
- }
- else if (nb == 0) {
+ } else if (nb == 0) {
/* EOF */
SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
rv = 0;
return rv;
- }
- else /* if (nb < 0) */ {
+ } else /* if (nb < 0) */ {
SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
PR_GetError()));
rv = SECFailure;
@@ -314,8 +310,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
if (ss->ssl3.hs.msgState.buf) {
if (ss->ssl3.hs.msgState.len == 0) {
ss->ssl3.hs.msgState.buf = NULL;
- }
- else {
+ } else {
handleRecordNow = PR_TRUE;
}
}
@@ -329,8 +324,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
* handshake record.
*/
rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
- }
- else {
+ } else {
/* bring in the next sslv3 record. */
if (ss->recvdCloseNotify) {
/* RFC 5246 Section 7.2.1:
@@ -340,8 +334,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
}
if (!IS_DTLS(ss)) {
rv = ssl3_GatherData(ss, &ss->gs, flags);
- }
- else {
+ } else {
rv = dtls_GatherData(ss, &ss->gs, flags);
/* If we got a would block error, that means that no data was
@@ -412,8 +405,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
PORT_Assert(ss->firstHsDone);
PORT_Assert(!ss->ssl3.hs.canFalseStart);
keepGoing = PR_FALSE;
- }
- else if (ss->ssl3.hs.canFalseStart) {
+ } else if (ss->ssl3.hs.canFalseStart) {
/* Prioritize sending application data over trying to complete
* the handshake if we're false starting.
*
@@ -426,8 +418,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
if (ssl3_WaitingForServerSecondRound(ss)) {
keepGoing = PR_FALSE;
- }
- else {
+ } else {
ss->ssl3.hs.canFalseStart = PR_FALSE;
}
}
diff --git a/lib/ssl/sslauth.c b/lib/ssl/sslauth.c
index 356979e5d..7fb4dc5ff 100644
--- a/lib/ssl/sslauth.c
+++ b/lib/ssl/sslauth.c
@@ -123,8 +123,7 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
if (ss->opt.useSecurity && ss->enoughFirstHsDone) {
if (ss->version < SSL_LIBRARY_VERSION_3_0) {
cipherName = ssl_cipherName[ss->sec.cipherType];
- }
- else {
+ } else {
cipherName = ssl3_cipherName[ss->sec.cipherType];
}
PORT_Assert(cipherName);
@@ -150,11 +149,9 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
if (op) {
if (ss->sec.keyBits == 0) {
*op = SSL_SECURITY_STATUS_OFF;
- }
- else if (ss->sec.secretKeyBits < 90) {
+ } else if (ss->sec.secretKeyBits < 90) {
*op = SSL_SECURITY_STATUS_ON_LOW;
- }
- else {
+ } else {
*op = SSL_SECURITY_STATUS_ON_HIGH;
}
}
@@ -170,8 +167,7 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
if (sp) {
*sp = CERT_NameToAscii(&cert->subject);
}
- }
- else {
+ } else {
if (ip) {
*ip = PORT_Strdup("no certificate");
}
diff --git a/lib/ssl/sslcon.c b/lib/ssl/sslcon.c
index 5055e6136..95d27275f 100644
--- a/lib/ssl/sslcon.c
+++ b/lib/ssl/sslcon.c
@@ -142,9 +142,8 @@ ssl2_ConstructCipherSpecs(sslSocket *ss)
count = 0;
PORT_Assert(ss != 0);
- allowed = !ss->opt.enableSSL2 ? 0 :
- (ss->allowedByPolicy &
- ss->chosenPreference & SSL_CB_IMPLEMENTED);
+ allowed = !ss->opt.enableSSL2 ? 0 : (ss->allowedByPolicy &
+ ss->chosenPreference & SSL_CB_IMPLEMENTED);
while (allowed) {
if (allowed & 1)
++count;
@@ -179,9 +178,8 @@ ssl2_ConstructCipherSpecs(sslSocket *ss)
ss->sizeCipherSpecs = count * 3;
/* fill in cipher specs for SSL2 cipher suites */
- allowed = !ss->opt.enableSSL2 ? 0 :
- (ss->allowedByPolicy &
- ss->chosenPreference & SSL_CB_IMPLEMENTED);
+ allowed = !ss->opt.enableSSL2 ? 0 : (ss->allowedByPolicy &
+ ss->chosenPreference & SSL_CB_IMPLEMENTED);
for (i = 0; i < ssl2_NUM_SUITES_IMPLEMENTED * 3; i += 3) {
const PRUint8 *hs = implementedCipherSuites + i;
int ok = allowed & (1U << hs[0]);
@@ -267,12 +265,10 @@ ssl2_SetPolicy(PRInt32 which, PRInt32 policy)
if (policy == SSL_ALLOWED) {
allowedByPolicy |= bitMask;
maybeAllowedByPolicy |= bitMask;
- }
- else if (policy == SSL_RESTRICTED) {
+ } else if (policy == SSL_RESTRICTED) {
allowedByPolicy &= ~bitMask;
maybeAllowedByPolicy |= bitMask;
- }
- else {
+ } else {
allowedByPolicy &= ~bitMask;
maybeAllowedByPolicy &= ~bitMask;
}
@@ -301,8 +297,7 @@ ssl2_GetPolicy(PRInt32 which, PRInt32 *oPolicy)
if (maybeAllowedByPolicy & bitMask) {
policy = (allowedByPolicy & bitMask) ? SSL_ALLOWED : SSL_RESTRICTED;
- }
- else {
+ } else {
policy = SSL_NOT_ALLOWED;
}
@@ -617,8 +612,7 @@ ssl2_SendServerFinishedMessage(sslSocket *ss)
if (ss->sec.uncache)
(*ss->sec.uncache)(sid);
rv = (SECStatus)sent;
- }
- else if (!ss->opt.noCache) {
+ } else if (!ss->opt.noCache) {
if (sid->cached == never_cached) {
(*ss->sec.cache)(sid);
}
@@ -873,8 +867,7 @@ ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
if (rv < 0) {
if (PORT_GetError() == PR_WOULD_BLOCK_ERROR) {
rv = 0;
- }
- else {
+ } else {
/* Return short write if some data already went out... */
if (count == 0)
count = rv;
@@ -887,8 +880,7 @@ ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
if (ssl_SaveWriteData(ss, out + rv, amount + 2 - rv) ==
SECFailure) {
count = SECFailure;
- }
- else {
+ } else {
count += amount;
ss->sec.sendSequence++;
}
@@ -973,8 +965,7 @@ ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
"saving data",
SSL_GETPID(), ss->fd));
rv = 0;
- }
- else {
+ } else {
SSL_TRC(10, ("%d: SSL[%d]: send stream error %d",
SSL_GETPID(), ss->fd, PORT_GetError()));
/* Return short write if some data already went out... */
@@ -988,8 +979,7 @@ ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
/* Short write. Save the data and return. */
if (ssl_SaveWriteData(ss, out + rv, buflen - rv) == SECFailure) {
count = SECFailure;
- }
- else {
+ } else {
count += amount;
ss->sec.sendSequence++;
}
@@ -1048,8 +1038,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
hlen = 3;
padding = ss->sec.blockSize - padding;
nout += padding;
- }
- else {
+ } else {
hlen = 2;
}
buflen = hlen + nout;
@@ -1067,8 +1056,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
*op++ = MSB(nout);
*op++ = LSB(nout);
*op++ = padding;
- }
- else {
+ } else {
*op++ = 0x80 | MSB(nout);
*op++ = LSB(nout);
}
@@ -1105,8 +1093,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
if (rv < 0) {
if (PORT_GetError() == PR_WOULD_BLOCK_ERROR) {
rv = 0;
- }
- else {
+ } else {
SSL_TRC(10, ("%d: SSL[%d]: send block error %d",
SSL_GETPID(), ss->fd, PORT_GetError()));
/* Return short write if some data already went out... */
@@ -1120,8 +1107,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
/* Short write. Save the data and return. */
if (ssl_SaveWriteData(ss, out + rv, op - out - rv) == SECFailure) {
count = SECFailure;
- }
- else {
+ } else {
count += amount;
ss->sec.sendSequence++;
}
@@ -1226,8 +1212,7 @@ ssl_GatherRecord1stHandshake(sslSocket *ss)
if ((ss->version >= SSL_LIBRARY_VERSION_3_0) || IS_DTLS(ss)) {
/* Wait for handshake to complete, or application data to arrive. */
rv = ssl3_GatherCompleteHandshake(ss, 0);
- }
- else {
+ } else {
/* See if we have a complete record */
rv = ssl2_GatherRecord(ss, 0);
}
@@ -1886,12 +1871,10 @@ ssl2_ChooseSessionCypher(sslSocket *ss,
if ((ohs[0] == SSL_CK_RC4_128_WITH_MD5) ||
(ohs[0] == SSL_CK_RC2_128_CBC_WITH_MD5)) {
PORT_SetError(SSL_ERROR_US_ONLY_SERVER);
- }
- else if ((ohs[0] == SSL_CK_RC4_128_EXPORT40_WITH_MD5) ||
- (ohs[0] == SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)) {
+ } else if ((ohs[0] == SSL_CK_RC4_128_EXPORT40_WITH_MD5) ||
+ (ohs[0] == SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)) {
PORT_SetError(SSL_ERROR_EXPORT_ONLY_SERVER);
- }
- else {
+ } else {
PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
}
SSL_DBG(("%d: SSL[%d]: no cipher overlap", SSL_GETPID(), ss->fd));
@@ -2223,8 +2206,7 @@ ssl2_TryToFinish(sslSocket *ss)
if (ss->sec.isServer) {
/* Send server finished message if we already didn't */
rv = ssl2_SendServerFinishedMessage(ss);
- }
- else {
+ } else {
/* Send client finished message if we already didn't */
rv = ssl2_SendClientFinishedMessage(ss);
}
@@ -2469,8 +2451,8 @@ ssl2_HandleClientCertificate(sslSocket *ss,
goto loser;
/* Now ask the server application if it likes the certificate... */
- rv = (SECStatus) (*ss->authCertificate)(ss->authCertificateArg,
- ss->fd, PR_TRUE, PR_TRUE);
+ rv = (SECStatus)(*ss->authCertificate)(ss->authCertificateArg,
+ ss->fd, PR_TRUE, PR_TRUE);
/* Hey, it liked it. */
if (SECSuccess == rv)
goto done;
@@ -2612,8 +2594,7 @@ ssl2_HandleMessage(sslSocket *ss)
ss->gs.recordLen) {
/* prevent overflow crash. */
rv = SECFailure;
- }
- else
+ } else
rv = ssl2_HandleClientCertificate(ss, data[1],
data + SSL_HL_CLIENT_CERTIFICATE_HBYTES,
certLen,
@@ -2795,8 +2776,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss)
SSL_TRC(3, ("%d: SSL[%d]: demoting self (%x) to server version (%x)",
SSL_GETPID(), ss->fd, SSL_LIBRARY_VERSION_2,
ss->version));
- }
- else {
+ } else {
SSL_TRC(1, ("%d: SSL[%d]: server version is %x (we are %x)",
SSL_GETPID(), ss->fd, ss->version, SSL_LIBRARY_VERSION_2));
/* server claims to be newer but does not follow protocol */
@@ -2845,8 +2825,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss)
if (rv != SECSuccess) {
goto loser;
}
- }
- else {
+ } else {
if (certType != SSL_CT_X509_CERTIFICATE) {
PORT_SetError(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
goto loser;
@@ -2916,8 +2895,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss)
SSL_GETPID(), ss->fd));
PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
rv = SECFailure;
- }
- else {
+ } else {
/* cert is bad */
SSL_DBG(("%d: SSL[%d]: server certificate is no good: error=%d",
SSL_GETPID(), ss->fd, PORT_GetError()));
@@ -2925,8 +2903,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss)
goto loser;
}
/* cert is good */
- }
- else {
+ } else {
SSL_DBG(("%d: SSL[%d]: server certificate is no good: error=%d",
SSL_GETPID(), ss->fd, PORT_GetError()));
goto loser;
@@ -3032,8 +3009,7 @@ ssl2_BeginClientHandshake(sslSocket *ss)
/* Try to find server in our session-id cache */
if (ss->opt.noCache) {
sid = NULL;
- }
- else {
+ } else {
sid = ssl_LookupSID(&ss->sec.ci.peer, ss->sec.ci.port, ss->peerID,
ss->url);
}
@@ -3434,8 +3410,7 @@ ssl2_HandleClientHelloMessage(sslSocket *ss)
** knows whats up.
*/
ss->version = SSL_LIBRARY_VERSION_2;
- }
- else {
+ } else {
SSL_TRC(1, ("%d: SSL[%d]: client version is %x (we are %x)",
SSL_GETPID(), ss->fd, ss->version, SSL_LIBRARY_VERSION_2));
PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
@@ -3473,8 +3448,7 @@ ssl2_HandleClientHelloMessage(sslSocket *ss)
ss->sec.ci.peer.pr_s6_addr32[2],
ss->sec.ci.peer.pr_s6_addr32[3]));
sid = (*ssl_sid_lookup)(&ss->sec.ci.peer, sd, sdLen, ss->dbHandle);
- }
- else {
+ } else {
sid = NULL;
}
if (sid) {
@@ -3498,8 +3472,7 @@ ssl2_HandleClientHelloMessage(sslSocket *ss)
if (rv != SECSuccess) {
goto loser;
}
- }
- else {
+ } else {
SECItem *derCert = &serverCert->derCert;
SSL_TRC(7, ("%d: SSL[%d]: server, lookup nonce missed",
diff --git a/lib/ssl/ssldef.c b/lib/ssl/ssldef.c
index 385ad5edf..77a744cc7 100644
--- a/lib/ssl/ssldef.c
+++ b/lib/ssl/ssldef.c
@@ -70,8 +70,7 @@ ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
if (rv < 0) {
DEFINE_ERROR
MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR)
- }
- else if (rv > len) {
+ } else if (rv > len) {
PORT_Assert(rv <= len);
PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
rv = SECFailure;
diff --git a/lib/ssl/sslgathr.c b/lib/ssl/sslgathr.c
index ff26f8bd6..48d615ec0 100644
--- a/lib/ssl/sslgathr.c
+++ b/lib/ssl/sslgathr.c
@@ -142,8 +142,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
* be called again by ssl_Do1stHandshake.
*/
return SECWouldBlock;
- }
- else if (gs->hdr[0] == content_alert) {
+ } else if (gs->hdr[0] == content_alert) {
if (ss->nextHandshake == ssl2_HandleServerHelloMessage) {
/* XXX This is a hack. We're assuming that any failure
* XXX on the client hello is a failure to match
@@ -160,8 +159,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
/* This record has a 2-byte header, and no padding */
gs->count = ((gs->hdr[0] & 0x7f) << 8) | gs->hdr[1];
gs->recordPadding = 0;
- }
- else {
+ } else {
/* This record has a 3-byte header that is all read in now. */
gs->count = ((gs->hdr[0] & 0x3f) << 8) | gs->hdr[1];
/* is_escape = (gs->hdr[0] & 0x40) != 0; */
@@ -187,8 +185,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
pBuf[0] = gs->hdr[2];
gs->offset = 1;
gs->remainder = gs->count - 1;
- }
- else {
+ } else {
gs->offset = 0;
gs->remainder = gs->count;
}
@@ -197,8 +194,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
gs->state = GS_MAC;
gs->recordLen = gs->count - gs->recordPadding -
ss->sec.hash->length;
- }
- else {
+ } else {
gs->state = GS_DATA;
gs->recordLen = gs->count;
}
@@ -286,8 +282,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
rv = SECFailure;
goto cleanup;
}
- }
- else {
+ } else {
ssl_ReleaseSpecReadLock(ss); /******************************/
}
@@ -296,8 +291,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags)
gs->readOffset = macLen;
gs->writeOffset = gs->offset - gs->recordPadding;
rv = 1;
- }
- else {
+ } else {
PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING);
cleanup:
/* nothing in the buffer any more. */
diff --git a/lib/ssl/sslinfo.c b/lib/ssl/sslinfo.c
index 547d3abde..527b1a434 100644
--- a/lib/ssl/sslinfo.c
+++ b/lib/ssl/sslinfo.c
@@ -30,7 +30,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
/* Check if we can properly return the length of data written and that
* we're not asked to return more information than we know how to provide.
*/
- if (!info || len < sizeof inf.length || len > sizeof inf) {
+ if (!info || len < sizeof inf.length || len > sizeof inf) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
@@ -54,8 +54,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
inf.cipherSuite = ss->sec.cipherType | 0xff00;
inf.compressionMethod = ssl_compression_null;
inf.compressionMethodName = "N/A";
- }
- else if (ss->ssl3.initialized) { /* SSL3 and TLS */
+ } else if (ss->ssl3.initialized) { /* SSL3 and TLS */
ssl_GetSpecReadLock(ss);
/* XXX The cipher suite should be in the specs and this
* function should get it from cwSpec rather than from the "hs".
@@ -81,8 +80,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
inf.sessionIDLength = SSL2_SESSIONID_BYTES;
memcpy(inf.sessionID, sid->u.ssl2.sessionID,
SSL2_SESSIONID_BYTES);
- }
- else {
+ } else {
unsigned int sidLen = sid->u.ssl3.sessionIDLength;
sidLen = PR_MIN(sidLen, sizeof inf.sessionID);
inf.sessionIDLength = sidLen;
@@ -442,8 +440,7 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
rv = SECFailure;
- }
- else {
+ } else {
rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,
valLen, out, outLen);
}
diff --git a/lib/ssl/sslmutex.h b/lib/ssl/sslmutex.h
index 6e2005df9..7611148ad 100644
--- a/lib/ssl/sslmutex.h
+++ b/lib/ssl/sslmutex.h
@@ -34,8 +34,7 @@
#include <wtypes.h>
-typedef struct
- {
+typedef struct {
PRBool isMultiProcess;
#ifdef WINNT
/* on WINNT we need both the PRLock and the Win32 mutex for fibers */
@@ -73,8 +72,7 @@ typedef pid_t sslPID;
#include <sys/types.h> /* for pid_t */
#include <semaphore.h> /* for sem_t, and sem_* functions */
-typedef struct
- {
+typedef struct {
PRBool isMultiProcess;
union {
PRLock *sslLock;
diff --git a/lib/ssl/sslnonce.c b/lib/ssl/sslnonce.c
index 8f84a4a91..85031c4ad 100644
--- a/lib/ssl/sslnonce.c
+++ b/lib/ssl/sslnonce.c
@@ -174,8 +174,7 @@ ssl_DestroySID(sslSessionID *sid)
if (sid->version < SSL_LIBRARY_VERSION_3_0) {
SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE);
SECITEM_ZfreeItem(&sid->u.ssl2.cipherArg, PR_FALSE);
- }
- else {
+ } else {
if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
PR_FALSE);
@@ -277,28 +276,26 @@ ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, const char *peerID,
SSL_TRC(7, ("SSL: lookup1, throwing sid out, age=%d refs=%d",
now - sid->creationTime, sid->references));
- *sidp = sid->next; /* delink it from the list. */
- sid->cached = invalid_cache; /* mark not on list. */
- ssl_FreeLockedSID(sid); /* drop ref count, free. */
- }
- else if (!memcmp(&sid->addr, addr, sizeof(PRIPv6Addr)) && /* server IP addr matches */
- (sid->port == port) && /* server port matches */
- /* proxy (peerID) matches */
- (((peerID == NULL) && (sid->peerID == NULL)) ||
- ((peerID != NULL) && (sid->peerID != NULL) &&
- PORT_Strcmp(sid->peerID, peerID) == 0)) &&
- /* is cacheable */
- (sid->version < SSL_LIBRARY_VERSION_3_0 ||
- sid->u.ssl3.keys.resumable) &&
- /* server hostname matches. */
- (sid->urlSvrName != NULL) &&
- (0 == PORT_Strcmp(urlSvrName, sid->urlSvrName))) {
+ *sidp = sid->next; /* delink it from the list. */
+ sid->cached = invalid_cache; /* mark not on list. */
+ ssl_FreeLockedSID(sid); /* drop ref count, free. */
+ } else if (!memcmp(&sid->addr, addr, sizeof(PRIPv6Addr)) && /* server IP addr matches */
+ (sid->port == port) && /* server port matches */
+ /* proxy (peerID) matches */
+ (((peerID == NULL) && (sid->peerID == NULL)) ||
+ ((peerID != NULL) && (sid->peerID != NULL) &&
+ PORT_Strcmp(sid->peerID, peerID) == 0)) &&
+ /* is cacheable */
+ (sid->version < SSL_LIBRARY_VERSION_3_0 ||
+ sid->u.ssl3.keys.resumable) &&
+ /* server hostname matches. */
+ (sid->urlSvrName != NULL) &&
+ (0 == PORT_Strcmp(urlSvrName, sid->urlSvrName))) {
/* Hit */
sid->lastAccessTime = now;
sid->references++;
break;
- }
- else {
+ } else {
sidp = &sid->next;
}
}
@@ -338,8 +335,7 @@ CacheSID(sslSessionID *sid)
sid->u.ssl2.masterKey.data, sid->u.ssl2.masterKey.len));
PRINT_BUF(8, (0, "cipherArg:",
sid->u.ssl2.cipherArg.data, sid->u.ssl2.cipherArg.len));
- }
- else {
+ } else {
if (sid->u.ssl3.sessionIDLength == 0 &&
sid->u.ssl3.locked.sessionTicket.ticket.data == NULL)
return;
@@ -447,8 +443,7 @@ ssl_ChooseSessionIDProcs(sslSecurityInfo *sec)
if (sec->isServer) {
sec->cache = ssl_sid_cache;
sec->uncache = ssl_sid_uncache;
- }
- else {
+ } else {
sec->cache = CacheSID;
sec->uncache = LockAndUncacheSID;
}
diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c
index f38ce9b87..577374858 100644
--- a/lib/ssl/sslsecur.c
+++ b/lib/ssl/sslsecur.c
@@ -221,8 +221,7 @@ SSL_ResetHandshake(PRFileDesc *s, PRBool asServer)
if (asServer) {
ss->handshake = ssl2_BeginServerHandshake;
ss->handshaking = sslHandshakingAsServer;
- }
- else {
+ } else {
ss->handshake = ssl2_BeginClientHandshake;
ss->handshaking = sslHandshakingAsClient;
}
@@ -283,8 +282,7 @@ SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache)
if (ss->version < SSL_LIBRARY_VERSION_3_0) {
PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
rv = SECFailure;
- }
- else {
+ } else {
ssl_GetSSL3HandshakeLock(ss);
rv = ssl3_RedoHandshake(ss, flushCache); /* force full handshake. */
ssl_ReleaseSSL3HandshakeLock(ss);
@@ -462,18 +460,14 @@ SSL_ForceHandshake(PRFileDesc *fd)
ssl_ReleaseRecvBufLock(ss);
if (gatherResult > 0) {
rv = SECSuccess;
- }
- else if (gatherResult == 0) {
+ } else if (gatherResult == 0) {
PORT_SetError(PR_END_OF_FILE_ERROR);
- }
- else if (gatherResult == SECWouldBlock) {
+ } else if (gatherResult == SECWouldBlock) {
PORT_SetError(PR_WOULD_BLOCK_ERROR);
}
- }
- else if (!ss->firstHsDone) {
+ } else if (!ss->firstHsDone) {
rv = ssl_Do1stHandshake(ss);
- }
- else {
+ } else {
/* tried to force handshake on an SSL 2 socket that has
** already completed the handshake. */
rv = SECSuccess; /* just pretend we did it. */
@@ -512,8 +506,7 @@ sslBuffer_Grow(sslBuffer *b, unsigned int newLen)
unsigned char *newBuf;
if (b->buf) {
newBuf = (unsigned char *)PORT_Realloc(b->buf, newLen);
- }
- else {
+ } else {
newBuf = (unsigned char *)PORT_Alloc(newLen);
}
if (!newBuf) {
@@ -622,8 +615,7 @@ DoRecv(sslSocket *ss, unsigned char *out, int len, int flags)
if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
/* Wait for application data to arrive. */
rv = ssl3_GatherAppDataRecord(ss, 0);
- }
- else {
+ } else {
/* See if we have a complete record */
rv = ssl2_GatherRecord(ss, 0);
}
@@ -644,8 +636,7 @@ DoRecv(sslSocket *ss, unsigned char *out, int len, int flags)
** Gather record is blocked waiting for more record data to
** arrive. Try to process what we have already received
*/
- }
- else {
+ } else {
/* Gather record has finished getting a complete record */
}
@@ -995,8 +986,7 @@ ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os)
ss->sec.hashcx = os->sec.hash->clone(os->sec.hashcx);
if (os->sec.hashcx && !ss->sec.hashcx)
goto loser;
- }
- else {
+ } else {
ss->sec.hash = NULL;
ss->sec.hashcx = NULL;
}
@@ -1046,8 +1036,7 @@ ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset)
(*sec->destroy)(sec->writecx, PR_TRUE);
sec->readcx = NULL;
sec->writecx = NULL;
- }
- else {
+ } else {
PORT_Assert(sec->readcx == 0);
PORT_Assert(sec->writecx == 0);
}
@@ -1104,8 +1093,7 @@ ssl_SecureConnect(sslSocket *ss, const PRNetAddr *sa)
if (ss->opt.handshakeAsServer) {
ss->securityHandshake = ssl2_BeginServerHandshake;
ss->handshaking = sslHandshakingAsServer;
- }
- else {
+ } else {
ss->securityHandshake = ssl2_BeginClientHandshake;
ss->handshaking = sslHandshakingAsClient;
}
@@ -1114,8 +1102,7 @@ ssl_SecureConnect(sslSocket *ss, const PRNetAddr *sa)
rv = osfd->methods->connect(osfd, sa, ss->cTimeout);
if (rv == PR_SUCCESS) {
ss->TCPconnected = 1;
- }
- else {
+ } else {
int err = PR_GetError();
SSL_DBG(("%d: SSL[%d]: connect failed, errno=%d",
SSL_GETPID(), ss->fd, err));
@@ -1357,8 +1344,7 @@ done:
if (rv < 0) {
SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count, error %d",
SSL_GETPID(), ss->fd, rv, PORT_GetError()));
- }
- else {
+ } else {
SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count",
SSL_GETPID(), ss->fd, rv));
}
@@ -1519,8 +1505,7 @@ SSL_GetSessionID(PRFileDesc *fd)
item->len = SSL2_SESSIONID_BYTES;
item->data = (unsigned char *)PORT_Alloc(item->len);
PORT_Memcpy(item->data, sid->u.ssl2.sessionID, item->len);
- }
- else {
+ } else {
item->len = sid->u.ssl3.sessionIDLength;
item->data = (unsigned char *)PORT_Alloc(item->len);
PORT_Memcpy(item->data, sid->u.ssl3.sessionID, item->len);
@@ -1591,12 +1576,10 @@ SSL_AuthCertificateComplete(PRFileDesc *fd, PRErrorCode error)
if (!ss->ssl3.initialized) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
- }
- else if (ss->version < SSL_LIBRARY_VERSION_3_0) {
+ } else if (ss->version < SSL_LIBRARY_VERSION_3_0) {
PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
rv = SECFailure;
- }
- else {
+ } else {
rv = ssl3_AuthCertificateComplete(ss, error);
}
diff --git a/lib/ssl/sslsnce.c b/lib/ssl/sslsnce.c
index 4f07b995b..da1f93fb1 100644
--- a/lib/ssl/sslsnce.c
+++ b/lib/ssl/sslsnce.c
@@ -491,8 +491,7 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
to->creationTime, to->addr.pr_s6_addr32[0],
to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2],
to->addr.pr_s6_addr32[3], to->u.ssl2.cipherType));
- }
- else {
+ } else {
/* This is an SSL v3 session */
to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
@@ -566,8 +565,7 @@ ConvertToSID(sidCacheEntry *from,
to->addr.pr_s6_addr32[0], to->addr.pr_s6_addr32[1],
to->addr.pr_s6_addr32[2], to->addr.pr_s6_addr32[3],
to->u.ssl2.cipherType));
- }
- else {
+ } else {
/* This is an SSL v3 session */
to->u.ssl3.sessionIDLength = from->sessionIDLength;
@@ -643,8 +641,7 @@ loser:
PORT_Free(to->u.ssl2.masterKey.data);
if (to->u.ssl2.cipherArg.data)
PORT_Free(to->u.ssl2.cipherArg.data);
- }
- else {
+ } else {
SECITEM_FreeItem(&to->u.ssl3.srvName, PR_FALSE);
}
PORT_Free(to);
@@ -770,8 +767,7 @@ ServerSessionIDLookup(const PRIPv6Addr *addr,
!PORT_Memcmp(pcce->sessionID, psce->sessionID,
pcce->sessionIDLength)) {
cce = *pcce;
- }
- else {
+ } else {
/* The cert doesen't match the SID cache entry,
** so invalidate the SID cache entry.
*/
@@ -780,8 +776,7 @@ ServerSessionIDLookup(const PRIPv6Addr *addr,
pcce = 0;
}
UnlockSidCacheLock(cache->certCacheLock);
- }
- else {
+ } else {
/* what the ??. Didn't get the cert cache lock.
** Don't invalidate the SID cache entry, but don't find it.
*/
@@ -799,8 +794,7 @@ ServerSessionIDLookup(const PRIPv6Addr *addr,
if (!PORT_Memcmp(psnce->nameHash, psce->u.ssl3.srvNameHash,
SHA256_LENGTH)) {
snce = *psnce;
- }
- else {
+ } else {
/* The name doesen't match the SID cache entry,
** so invalidate the SID cache entry.
*/
@@ -809,8 +803,7 @@ ServerSessionIDLookup(const PRIPv6Addr *addr,
psnce = 0;
}
UnlockSidCacheLock(cache->srvNameCacheLock);
- }
- else {
+ } else {
/* what the ??. Didn't get the cert cache lock.
** Don't invalidate the SID cache entry, but don't find it.
*/
@@ -874,8 +867,7 @@ ServerSessionIDCache(sslSessionID *sid)
sid->u.ssl2.masterKey.len));
PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data,
sid->u.ssl2.cipherArg.len));
- }
- else {
+ } else {
/* override caller's expiration time, which uses client timeout
* duration, not server timeout duration.
*/
@@ -957,8 +949,7 @@ ServerSessionIDUncache(sslSessionID *sid)
sid->u.ssl2.masterKey.len));
PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data,
sid->u.ssl2.cipherArg.len));
- }
- else {
+ } else {
sessionID = sid->u.ssl3.sessionID;
sessionIDLength = sid->u.ssl3.sessionIDLength;
SSL_TRC(8, ("%d: SSL3: UncacheMT: valid=%d addr=0x%08x%08x%08x%08x time=%x "
@@ -1017,8 +1008,7 @@ CloseCache(cacheDesc *cache)
}
if (cache->shared) {
PR_MemUnmap(cache->cacheMem, cache->cacheMemSize);
- }
- else {
+ } else {
PORT_Free(cache->cacheMem);
}
cache->cacheMem = NULL;
@@ -1162,8 +1152,7 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries,
ssl2_timeout = MIN_SSL2_TIMEOUT;
}
cache->ssl2Timeout = ssl2_timeout;
- }
- else {
+ } else {
cache->ssl2Timeout = DEF_SSL2_TIMEOUT;
}
@@ -1175,8 +1164,7 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries,
ssl3_timeout = MIN_SSL3_TIMEOUT;
}
cache->ssl3Timeout = ssl3_timeout;
- }
- else {
+ } else {
cache->ssl3Timeout = DEF_SSL3_TIMEOUT;
}
@@ -1211,8 +1199,7 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries,
}
cacheMem = PR_MemMap(cacheMemMap, 0, cache->cacheMemSize);
- }
- else {
+ } else {
cacheMem = PORT_Alloc(cache->cacheMemSize);
}
@@ -1475,8 +1462,7 @@ SSL_ConfigServerSessionIDCacheWithOpt(
return ssl_ConfigServerSessionIDCacheInstanceWithOpt(&globalCache,
ssl2_timeout, ssl3_timeout, directory, PR_FALSE,
maxCacheEntries, maxCertCacheEntries, maxSrvNameCacheEntries);
- }
- else {
+ } else {
return ssl_ConfigMPServerSIDCacheWithOpt(ssl2_timeout, ssl3_timeout,
directory, maxCacheEntries, maxCertCacheEntries,
maxSrvNameCacheEntries);
@@ -1822,8 +1808,7 @@ ssl_GetWrappingKey(PRInt32 symWrapMechIndex,
(unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS) {
rv = getSvrWrappingKey(symWrapMechIndex, exchKeyType, wswk,
&globalCache, 0);
- }
- else {
+ } else {
rv = PR_FALSE;
}
@@ -1868,8 +1853,7 @@ GenerateTicketKeys(void *pwArg, unsigned char *keyName, PK11SymKey **aesKey,
if (!cache->cacheMem) {
/* cache is not initalized. Use stack buffer */
ticketKeyNameSuffix = ticketKeyNameSuffixLocal;
- }
- else {
+ } else {
ticketKeyNameSuffix = cache->ticketKeyNameSuffix;
}
@@ -2042,8 +2026,7 @@ ssl_GetSessionTicketKeys(unsigned char *keyName, unsigned char *encKey,
ticketKeyNameSuffix = ticketKeyNameSuffixLocal;
ticketEncKeyPtr = ticketEncKey;
ticketMacKeyPtr = ticketMacKey;
- }
- else {
+ } else {
/* these values have constant memory locations in the cache.
* Ok to reference them without holding the lock. */
ticketKeyNameSuffix = cache->ticketKeyNameSuffix;
@@ -2134,8 +2117,7 @@ ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk)
if (rv) {
/* we found it on disk, copy it out to the caller. */
PORT_Memcpy(wswk, &myWswk, sizeof *wswk);
- }
- else {
+ } else {
/* Wasn't on disk, and we're still holding the lock, so write it. */
cache->keyCacheData[ndx] = *wswk;
}
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
index 7bd6530de..cc15406fa 100644
--- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c
@@ -252,8 +252,7 @@ ssl_DupSocket(sslSocket *os)
}
PORT_Memcpy(ss->ssl3.dheGroups, os->ssl3.dheGroups,
sizeof(SSLDHEGroupType) * os->ssl3.numDHEGroups);
- }
- else {
+ } else {
ss->ssl3.dheGroups = NULL;
}
@@ -264,8 +263,7 @@ ssl_DupSocket(sslSocket *os)
os->sizeCipherSpecs);
ss->sizeCipherSpecs = os->sizeCipherSpecs;
ss->preferredCipher = os->preferredCipher;
- }
- else {
+ } else {
ss->cipherSpecs = NULL; /* produced lazily */
ss->sizeCipherSpecs = 0;
ss->preferredCipher = NULL;
@@ -284,26 +282,20 @@ ssl_DupSocket(sslSocket *os)
sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
if (!sc->serverCertChain)
goto loser;
- }
- else {
+ } else {
sc->serverCert = NULL;
sc->serverCertChain = NULL;
}
- sc->serverKeyPair = oc->serverKeyPair ?
- ssl3_GetKeyPairRef(oc->serverKeyPair)
+ sc->serverKeyPair = oc->serverKeyPair ? ssl3_GetKeyPairRef(oc->serverKeyPair)
: NULL;
if (oc->serverKeyPair && !sc->serverKeyPair)
goto loser;
sc->serverKeyBits = oc->serverKeyBits;
- ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL :
- SECITEM_DupArray(NULL, os->certStatusArray[i]);
+ ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL : SECITEM_DupArray(NULL, os->certStatusArray[i]);
}
- ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL :
- ssl3_GetKeyPairRef(os->stepDownKeyPair);
- ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
- ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
- ss->dheKeyPair = !os->dheKeyPair ? NULL :
- ssl3_GetKeyPairRef(os->dheKeyPair);
+ ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : ssl3_GetKeyPairRef(os->stepDownKeyPair);
+ ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
+ ss->dheKeyPair = !os->dheKeyPair ? NULL : ssl3_GetKeyPairRef(os->dheKeyPair);
ss->dheParams = os->dheParams;
/*
@@ -487,8 +479,7 @@ ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled)
if (osfd->methods->setsocketoption) {
rv = (SECStatus)osfd->methods->setsocketoption(osfd, &opt);
- }
- else {
+ } else {
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
}
@@ -578,13 +569,11 @@ ssl_EnableTLS(SSLVersionRange *vrange, PRBool on)
/* Expand the range of enabled version to include TLS 1.0 */
vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
- }
- else {
+ } else {
/* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
vrange->max = SSL_LIBRARY_VERSION_3_0;
- }
- else {
+ } else {
/* Only TLS was enabled, so now no versions are. */
vrange->min = SSL_LIBRARY_VERSION_NONE;
vrange->max = SSL_LIBRARY_VERSION_NONE;
@@ -619,13 +608,11 @@ ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
* we don't need to change vrange->max.
*/
vrange->min = SSL_LIBRARY_VERSION_3_0;
- }
- else {
+ } else {
/* Disable SSL 3.0, leaving TLS unaffected. */
if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
- }
- else {
+ } else {
/* Only SSL 3.0 was enabled, so now no versions are. */
vrange->min = SSL_LIBRARY_VERSION_NONE;
vrange->max = SSL_LIBRARY_VERSION_NONE;
@@ -791,8 +778,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
if (ss->handshakeBegun) {
PORT_SetError(PR_INVALID_STATE_ERROR);
rv = SECFailure;
- }
- else {
+ } else {
if (PR_FALSE != on) {
if (PR_SUCCESS == SSL_BypassSetup()) {
#ifdef NO_PKCS11_BYPASS
@@ -800,12 +786,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
#else
ss->opt.bypassPKCS11 = on;
#endif
- }
- else {
+ } else {
rv = SECFailure;
}
- }
- else {
+ } else {
ss->opt.bypassPKCS11 = PR_FALSE;
}
}
@@ -822,8 +806,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
if (on) {
locksEverDisabled = PR_TRUE;
strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
- }
- else if (!holdingLocks) {
+ } else if (!holdingLocks) {
rv = ssl_MakeLocks(ss);
if (rv != SECSuccess) {
ss->opt.noLocks = PR_TRUE;
@@ -1257,12 +1240,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
#else
ssl_defaults.bypassPKCS11 = on;
#endif
- }
- else {
+ } else {
return SECFailure;
}
- }
- else {
+ } else {
ssl_defaults.bypassPKCS11 = PR_FALSE;
}
break;
@@ -1384,11 +1365,9 @@ ssl_CipherPolicySet(PRInt32 which, PRInt32 policy)
if (ssl_IsRemovedCipherSuite(which)) {
rv = SECSuccess;
- }
- else if (SSL_IS_SSL2_CIPHER(which)) {
+ } else if (SSL_IS_SSL2_CIPHER(which)) {
rv = ssl2_SetPolicy(which, policy);
- }
- else {
+ } else {
rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
}
return rv;
@@ -1416,11 +1395,9 @@ SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy)
if (ssl_IsRemovedCipherSuite(which)) {
*oPolicy = SSL_NOT_ALLOWED;
rv = SECSuccess;
- }
- else if (SSL_IS_SSL2_CIPHER(which)) {
+ } else if (SSL_IS_SSL2_CIPHER(which)) {
rv = ssl2_GetPolicy(which, oPolicy);
- }
- else {
+ } else {
rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
}
return rv;
@@ -1459,8 +1436,7 @@ ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
}
if (SSL_IS_SSL2_CIPHER(which)) {
rv = ssl2_CipherPrefSetDefault(which, enabled);
- }
- else {
+ } else {
rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
}
return rv;
@@ -1489,11 +1465,9 @@ SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
if (ssl_IsRemovedCipherSuite(which)) {
*enabled = PR_FALSE;
rv = SECSuccess;
- }
- else if (SSL_IS_SSL2_CIPHER(which)) {
+ } else if (SSL_IS_SSL2_CIPHER(which)) {
rv = ssl2_CipherPrefGetDefault(which, enabled);
- }
- else {
+ } else {
rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
}
return rv;
@@ -1517,8 +1491,7 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
}
if (SSL_IS_SSL2_CIPHER(which)) {
rv = ssl2_CipherPrefSet(ss, which, enabled);
- }
- else {
+ } else {
rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
}
return rv;
@@ -1542,11 +1515,9 @@ SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
if (ssl_IsRemovedCipherSuite(which)) {
*enabled = PR_FALSE;
rv = SECSuccess;
- }
- else if (SSL_IS_SSL2_CIPHER(which)) {
+ } else if (SSL_IS_SSL2_CIPHER(which)) {
rv = ssl2_CipherPrefGet(ss, which, enabled);
- }
- else {
+ } else {
rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
}
return rv;
@@ -1763,13 +1734,11 @@ ssl3_SelectDHParams(sslSocket *ss)
if (ss->ssl3.dheWeakGroupEnabled) {
ss->dheParams = gWeakDHParams;
- }
- else {
+ } else {
if (ss->ssl3.dheGroups) {
selectedGroup = selectDHEGroup(ss, ss->ssl3.dheGroups,
ss->ssl3.numDHEGroups);
- }
- else {
+ } else {
size_t number_of_default_groups = PR_ARRAY_SIZE(ssl_default_dhe_groups);
selectedGroup = selectDHEGroup(ss, ssl_default_dhe_groups,
number_of_default_groups);
@@ -1802,8 +1771,7 @@ ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant)
if (model == NULL) {
/* Just create a default socket if we're given NULL for the model */
ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
- }
- else {
+ } else {
sslSocket *ss = ssl_FindSocket(model);
if (ss == NULL || ss->protocolVariant != variant) {
SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD",
@@ -1976,8 +1944,7 @@ SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf,
}
PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
*bufLen = ss->ssl3.nextProto.len;
- }
- else {
+ } else {
*bufLen = 0;
}
@@ -2017,8 +1984,7 @@ SSL_SetSRTPCiphers(PRFileDesc *fd,
if (*srtpCipher) {
ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
ciphers[i];
- }
- else {
+ } else {
SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
"suite specified: 0x%04hx",
SSL_GETPID(), fd,
@@ -2244,8 +2210,7 @@ ssl3_ConstrainVariantRangeByPolicy(SSLProtocolVariant protocolVariant)
vrange.max = PR_MIN(vrange.max, pvrange.max);
if (vrange.max >= vrange.min) {
*VERSIONS_DEFAULTS(protocolVariant) = vrange;
- }
- else {
+ } else {
/* there was no overlap, turn off range altogether */
pvrange.min = pvrange.max = SSL_LIBRARY_VERSION_NONE;
*VERSIONS_DEFAULTS(protocolVariant) = pvrange;
@@ -2551,8 +2516,7 @@ ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
if (newfd == NULL) {
SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
SSL_GETPID(), ss->fd, PORT_GetError()));
- }
- else {
+ } else {
/* Create ssl module */
ns = ssl_DupSocket(ss);
}
@@ -2577,8 +2541,7 @@ ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
if (ns->opt.handshakeAsClient) {
ns->handshake = ssl2_BeginClientHandshake;
ss->handshaking = sslHandshakingAsClient;
- }
- else {
+ } else {
ns->handshake = ssl2_BeginServerHandshake;
ss->handshaking = sslHandshakingAsServer;
}
@@ -2611,7 +2574,7 @@ ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout)
SSL_LOCK_WRITER(ss);
ss->cTimeout = timeout;
- rv = (PRStatus) (*ss->ops->connect)(ss, sockaddr);
+ rv = (PRStatus)(*ss->ops->connect)(ss, sockaddr);
SSL_UNLOCK_WRITER(ss);
SSL_UNLOCK_READER(ss);
@@ -2632,7 +2595,7 @@ ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr)
SSL_LOCK_READER(ss);
SSL_LOCK_WRITER(ss);
- rv = (PRStatus) (*ss->ops->bind)(ss, addr);
+ rv = (PRStatus)(*ss->ops->bind)(ss, addr);
SSL_UNLOCK_WRITER(ss);
SSL_UNLOCK_READER(ss);
@@ -2652,7 +2615,7 @@ ssl_Listen(PRFileDesc *fd, PRIntn backlog)
SSL_LOCK_READER(ss);
SSL_LOCK_WRITER(ss);
- rv = (PRStatus) (*ss->ops->listen)(ss, backlog);
+ rv = (PRStatus)(*ss->ops->listen)(ss, backlog);
SSL_UNLOCK_WRITER(ss);
SSL_UNLOCK_READER(ss);
@@ -2676,7 +2639,7 @@ ssl_Shutdown(PRFileDesc *fd, PRIntn how)
SSL_LOCK_WRITER(ss);
}
- rv = (PRStatus) (*ss->ops->shutdown)(ss, how);
+ rv = (PRStatus)(*ss->ops->shutdown)(ss, how);
if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
SSL_UNLOCK_WRITER(ss);
@@ -2709,7 +2672,7 @@ ssl_Close(PRFileDesc *fd)
** where the LOCK calls and the corresponding UNLOCK calls are not in
** the same function scope. The unlock calls are in ssl_FreeSocket().
*/
- rv = (PRStatus) (*ss->ops->close)(ss);
+ rv = (PRStatus)(*ss->ops->close)(ss);
return rv;
}
@@ -2806,7 +2769,7 @@ ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr)
SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
return PR_FAILURE;
}
- return (PRStatus) (*ss->ops->getpeername)(ss, addr);
+ return (PRStatus)(*ss->ops->getpeername)(ss, addr);
}
/*
@@ -2829,12 +2792,10 @@ ssl_GetPeerInfo(sslSocket *ss)
if (sin.inet.family == PR_AF_INET) {
PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer);
ss->sec.ci.port = sin.inet.port;
- }
- else if (sin.ipv6.family == PR_AF_INET6) {
+ } else if (sin.ipv6.family == PR_AF_INET6) {
ss->sec.ci.peer = sin.ipv6.ip;
ss->sec.ci.port = sin.ipv6.port;
- }
- else {
+ } else {
PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
return SECFailure;
}
@@ -2851,7 +2812,7 @@ ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name)
SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
return PR_FAILURE;
}
- return (PRStatus) (*ss->ops->getsockname)(ss, name);
+ return (PRStatus)(*ss->ops->getsockname)(ss, name);
}
SECStatus
@@ -2969,12 +2930,10 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
new_flags &= ~PR_POLL_RW;
if (ss->handshaking == sslHandshakingAsClient) {
new_flags |= PR_POLL_WRITE;
- }
- else { /* handshaking as server */
+ } else { /* handshaking as server */
new_flags |= PR_POLL_READ;
}
- }
- else
+ } else
/* First handshake is in progress */
if (ss->lastWriteBlocked) {
if (new_flags & PR_POLL_READ) {
@@ -2986,8 +2945,7 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
new_flags ^= PR_POLL_READ; /* don't select on read. */
new_flags |= PR_POLL_WRITE; /* do select on write. */
}
- }
- else if (new_flags & PR_POLL_WRITE) {
+ } else if (new_flags & PR_POLL_WRITE) {
/* The caller is trying to write, but the handshake is
** blocked waiting for data to read, and the first
** handshake has been sent. So do NOT to poll on write
@@ -3000,14 +2958,12 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
new_flags |= PR_POLL_READ; /* do select on read. */
}
}
- }
- else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
+ } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
*p_out_flags = PR_POLL_READ; /* it's ready already. */
return new_flags;
- }
- else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
- (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
- new_flags |= PR_POLL_WRITE; /* also select on write. */
+ } else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
+ (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
+ new_flags |= PR_POLL_WRITE; /* also select on write. */
}
if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
@@ -3024,8 +2980,7 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
* of the application spinning.
*/
new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
- }
- else {
+ } else {
/* Unfortunately, clearing new_flags will make it impossible for
* the application to detect errors that it would otherwise be
* able to detect with PR_POLL_EXCEPT, until the asynchronous
@@ -3052,8 +3007,7 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
out_flags |= PR_POLL_READ;
*p_out_flags = out_flags;
new_flags = how_flags;
- }
- else {
+ } else {
*p_out_flags = lower_out_flags;
new_flags = lower_new_flags;
}
@@ -3153,8 +3107,7 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
(PR_GetError() == PR_WOULD_BLOCK_ERROR) && \
(sent > 0)) { \
return sent; \
- } \
- else { \
+ } else { \
return -1; \
} \
} \
@@ -3209,15 +3162,12 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
if (!vectors || myIov.iov_len > limit) {
addLen = 0;
- }
- else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
+ } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
/* Addlen is already computed. */;
- }
- else if (vectors > 1 &&
- iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
+ } else if (vectors > 1 &&
+ iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
addLen = limit - myIov.iov_len;
- }
- else
+ } else
addLen = 0;
if (!addLen) {
@@ -3237,17 +3187,14 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
left = PR_MIN(limit, K16 - bufLen);
if (!vectors /* no more left */
|| myIov.iov_len > 0 /* we didn't use that one all up */
- || bufLen >= K16 /* it's full. */ ) {
+ || bufLen >= K16 /* it's full. */) {
addLen = 0;
- }
- else if ((addLen = iov->iov_len % K16) <= left) {
+ } else if ((addLen = iov->iov_len % K16) <= left) {
/* Addlen is already computed. */;
- }
- else if (vectors > 1 &&
- iov[1].iov_len % K16 + addLen <= left + limit) {
+ } else if (vectors > 1 &&
+ iov[1].iov_len % K16 + addLen <= left + limit) {
addLen = left;
- }
- else
+ } else
addLen = 0;
} while (addLen);
@@ -3552,8 +3499,7 @@ ssl_SetDefaultsFromEnvironment(void)
ssl_keylog_iob = fopen(ev, "a");
if (!ssl_keylog_iob) {
SSL_TRACE(("SSL: failed to open key log file"));
- }
- else {
+ } else {
if (ftell(ssl_keylog_iob) == 0) {
fputs("# SSL/TLS secrets log file, generated by NSS\n",
ssl_keylog_iob);
diff --git a/lib/ssl/ssltrace.c b/lib/ssl/ssltrace.c
index eb00e54ce..6be9a6da3 100644
--- a/lib/ssl/ssltrace.c
+++ b/lib/ssl/ssltrace.c
@@ -44,8 +44,7 @@ ssl_PrintBuf(sslSocket *ss, const char *msg, const void *vp, int len)
if (ss) {
SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", SSL_GETPID(), ss->fd,
msg, len));
- }
- else {
+ } else {
SSL_TRACE(("%d: SSL: %s [Len: %d]", SSL_GETPID(), msg, len));
}
memset(buf, ' ', sizeof buf);
@@ -78,8 +77,7 @@ PrintType(sslSocket *ss, char *msg)
{
if (ss) {
SSL_TRACE(("%d: SSL[%d]: dump-msg: %s", SSL_GETPID(), ss->fd, msg));
- }
- else {
+ } else {
SSL_TRACE(("%d: SSL: dump-msg: %s", SSL_GETPID(), msg));
}
}
@@ -89,8 +87,7 @@ PrintInt(sslSocket *ss, char *msg, unsigned v)
{
if (ss) {
SSL_TRACE(("%d: SSL[%d]: %s=%u", SSL_GETPID(), ss->fd, msg, v));
- }
- else {
+ } else {
SSL_TRACE(("%d: SSL: %s=%u", SSL_GETPID(), msg, v));
}
}
@@ -108,8 +105,7 @@ PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len)
if (ss) {
SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]",
SSL_GETPID(), ss->fd, msg, len));
- }
- else {
+ } else {
SSL_TRACE(("%d: SSL: %s [Len: %d]",
SSL_GETPID(), msg, len));
}
@@ -124,8 +120,7 @@ PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len)
if (ss) {
SSL_TRACE(("%d: SSL[%d]: %s",
SSL_GETPID(), ss->fd, buf));
- }
- else {
+ } else {
SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf));
}
bp = buf;
@@ -136,8 +131,7 @@ PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len)
if (ss) {
SSL_TRACE(("%d: SSL[%d]: %s",
SSL_GETPID(), ss->fd, buf));
- }
- else {
+ } else {
SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf));
}
}
diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c
index 7fb139c30..4bb136a5e 100644
--- a/lib/ssl/tls13con.c
+++ b/lib/ssl/tls13con.c
@@ -645,8 +645,7 @@ tls13_SendServerHelloSequence(sslSocket *ss)
if ((ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) ||
(ss->ssl3.hs.kea_def->kea == kea_dhe_rsa)) {
certIndex = kt_rsa;
- }
- else {
+ } else {
certIndex = ss->ssl3.hs.kea_def->exchKeyType;
}
rv = ssl3_SendCertificateVerify(ss, ss->serverCerts[certIndex].SERVERKEY);
@@ -748,8 +747,7 @@ tls13_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
if (ss->sec.isServer) {
rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERTIFICATE,
wait_client_cert);
- }
- else {
+ } else {
rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERTIFICATE,
wait_cert_request, wait_server_cert);
}
@@ -767,8 +765,7 @@ tls13_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
illegal_parameter);
return SECFailure;
}
- }
- else {
+ } else {
if (!context.len || context.len != ss->ssl3.hs.certReqContextLen ||
(NSS_SecureMemcmp(ss->ssl3.hs.certReqContext,
context.data, context.len) != 0)) {
@@ -1074,8 +1071,7 @@ tls13_InitCipherSpec(sslSocket *ss, TrafficKeyType type, InstallCipherSpecDirect
/* Generic behaviors -- common to all crypto methods */
if (!IS_DTLS(ss)) {
pwSpec->read_seq_num.high = pwSpec->write_seq_num.high = 0;
- }
- else {
+ } else {
if (cwSpec->epoch == PR_UINT16_MAX) {
/* The problem here is that we have rehandshaked too many
* times (you are not allowed to wrap the epoch). The
@@ -1310,8 +1306,7 @@ tls13_AESGCM(ssl3KeyMaterial *keys,
if (doDecrypt) {
rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
maxout, in, inlen);
- }
- else {
+ } else {
rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
maxout, in, inlen);
}
@@ -1599,7 +1594,7 @@ tls13_SendFinished(sslSocket *ss)
/* TODO(ekr@rtfm.com): Record key log */
return SECSuccess;
- alert_loser:
+alert_loser:
(void)SSL3_SendAlert(ss, alert_fatal, internal_error);
PORT_SetError(errCode); /* Restore error code */
return rv;
@@ -1660,8 +1655,7 @@ tls13_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
}
rv = tls13_FinishHandshake(ss);
- }
- else {
+ } else {
if (ss->ssl3.hs.authCertificatePending) {
/* TODO(ekr@rtfm.com): Handle pending auth */
FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
@@ -1739,8 +1733,7 @@ tls13_SendClientSecondRound(sslSocket *ss)
if (rv != SECSuccess) {
goto loser; /* error code is set. */
}
- }
- else if (sendClientCert) {
+ } else if (sendClientCert) {
rv = ssl3_SendCertificate(ss);
if (rv != SECSuccess) {
goto loser; /* error code is set. */
@@ -1933,8 +1926,7 @@ tls13_ProtectRecord(sslSocket *ss,
if (cipher_def->calg == ssl_calg_null) {
/* Shortcut for plaintext */
cipherBytes = contentLen;
- }
- else {
+ } else {
unsigned char aad[8];
PORT_Assert(cipher_def->type == type_aead);
@@ -1972,8 +1964,7 @@ tls13_ProtectRecord(sslSocket *ss,
(void)tls13_EncodeUintX(cwSpec->write_seq_num.high, 4, &wrBuf->buf[3]);
(void)tls13_EncodeUintX(cwSpec->write_seq_num.low, 4, &wrBuf->buf[7]);
(void)tls13_EncodeUintX(cipherBytes, 2, &wrBuf->buf[11]);
- }
- else {
+ } else {
(void)tls13_EncodeUintX(kRecordVersion, 2, &wrBuf->buf[1]);
(void)tls13_EncodeUintX(cipherBytes, 2, &wrBuf->buf[3]);
}
@@ -2029,10 +2020,8 @@ tls13_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext
/* Decrypt */
PORT_Assert(cipher_def->type == type_aead);
tls13_FormatAdditionalData(aad, sizeof(aad),
- IS_DTLS(ss) ?
- cText->seq_num
- :
- crSpec->read_seq_num);
+ IS_DTLS(ss) ? cText->seq_num
+ : crSpec->read_seq_num);
rv = crSpec->aead(
ss->sec.isServer ? &crSpec->client : &crSpec->server,
PR_TRUE, /* do decrypt */
diff --git a/lib/ssl/tls13hkdf.c b/lib/ssl/tls13hkdf.c
index e3dfe8c62..3dc2d1bf8 100644
--- a/lib/ssl/tls13hkdf.c
+++ b/lib/ssl/tls13hkdf.c
@@ -60,8 +60,7 @@ tls13_HkdfExtract(PK11SymKey *ikm1, PK11SymKey *ikm2, SSLHashType baseHash,
params.pSalt = salt->data;
params.ulSaltLen = salt->len;
PORT_Assert(salt->len > 0);
- }
- else {
+ } else {
/* Per documentation for CKM_NSS_HKDF_*:
*
* If the optional salt is given, it is used; otherwise, the salt is
@@ -104,8 +103,7 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash,
if (handshakeHash) {
PORT_Assert(handshakeHashLen == kTlsHkdfInfo[baseHash].hashSize);
- }
- else {
+ } else {
PORT_Assert(!handshakeHashLen);
}
View Lorry Controller Status