diff options
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/d1_pkt.c | 3 | ||||
-rw-r--r-- | ssl/kssl.c | 9 | ||||
-rw-r--r-- | ssl/ssl.h | 51 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 72 | ||||
-rw-r--r-- | ssl/ssl_task.c | 15 | ||||
-rw-r--r-- | ssl/ssltest.c | 6 | ||||
-rw-r--r-- | ssl/t1_enc.c | 3 |
7 files changed, 106 insertions, 53 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 298e6ec3bc..41e4cfa77e 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -714,7 +714,8 @@ again: { if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0) return -1; - dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ + /* Mark receipt of record. */ + dtls1_record_bitmap_update(s, bitmap); } rr->length = 0; s->packet_length = 0; diff --git a/ssl/kssl.c b/ssl/kssl.c index f2b34bc876..6f100eede5 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1813,8 +1813,10 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx) krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ, - 0 /* IGNORE_VNO */, - 0 /* IGNORE_ENCTYPE */, + /* IGNORE_VNO */ + 0, + /* IGNORE_ENCTYPE */ + 0, &entry); if ( krb5rc == KRB5_KT_NOTFOUND ) { rc = 1; @@ -1898,7 +1900,8 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) krb5_free_data_contents(NULL, data); #endif } -#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */ +#endif +/* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */ /* Given pointers to KerberosTime and struct tm structs, convert the @@ -599,7 +599,8 @@ struct ssl_session_st * the workaround is not needed. Unfortunately some broken SSL/TLS * implementations cannot handle it at all, which is why we include * it in SSL_OP_ALL. */ -#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ +/* added in 0.9.6e */ +#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* SSL_OP_ALL: various bug workarounds that should be rather harmless. * This used to be 0x000FFFFFL before 0.9.7. */ @@ -1715,27 +1716,40 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) /* These alert types are for SSLv3 and TLSv1 */ #define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY -#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ -#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */ +/* fatal */ +#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE +/* fatal */ +#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC #define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED #define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW -#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */ -#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */ -#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */ +/* fatal */ +#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE +/* fatal */ +#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE +/* Not for TLS */ +#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE #define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE #define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE #define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED #define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED #define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN -#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ -#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ -#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ -#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ +/* fatal */ +#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER +/* fatal */ +#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA +/* fatal */ +#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED +/* fatal */ +#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR #define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR -#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */ -#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ -#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ -#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ +/* fatal */ +#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION +/* fatal */ +#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION +/* fatal */ +#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY +/* fatal */ +#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION #define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION @@ -1743,8 +1757,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE -#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ -#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ +/* fatal */ +#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY +/* fatal */ +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 @@ -2127,7 +2143,8 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type); int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ +/* PEM type */ +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 2fd822a796..052fa03af6 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -288,32 +288,56 @@ */ /* Bits for algorithm_mkey (key exchange algorithm) */ -#define SSL_kRSA 0x00000001L /* RSA key exchange */ -#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ -#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ -#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */ -#define SSL_kDHE SSL_kEDH /* forward-compatible synonym */ -#define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */ -#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ -#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */ -#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */ -#define SSL_kECDHE SSL_kEECDH /* forward-compatible synonym */ -#define SSL_kPSK 0x00000100L /* PSK */ -#define SSL_kGOST 0x00000200L /* GOST key exchange */ -#define SSL_kSRP 0x00000400L /* SRP */ +/* RSA key exchange */ +#define SSL_kRSA 0x00000001L +/* DH cert, RSA CA cert */ +#define SSL_kDHr 0x00000002L +/* DH cert, DSA CA cert */ +#define SSL_kDHd 0x00000004L +/* tmp DH key no DH cert */ +#define SSL_kEDH 0x00000008L +/* forward-compatible synonym */ +#define SSL_kDHE SSL_kEDH +/* Kerberos5 key exchange */ +#define SSL_kKRB5 0x00000010L +/* ECDH cert, RSA CA cert */ +#define SSL_kECDHr 0x00000020L +/* ECDH cert, ECDSA CA cert */ +#define SSL_kECDHe 0x00000040L +/* ephemeral ECDH */ +#define SSL_kEECDH 0x00000080L +/* forward-compatible synonym */ +#define SSL_kECDHE SSL_kEECDH +/* PSK */ +#define SSL_kPSK 0x00000100L +/* GOST key exchange */ +#define SSL_kGOST 0x00000200L +/* SRP */ +#define SSL_kSRP 0x00000400L /* Bits for algorithm_auth (server authentication) */ -#define SSL_aRSA 0x00000001L /* RSA auth */ -#define SSL_aDSS 0x00000002L /* DSS auth */ -#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ -#define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ -#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */ -#define SSL_aKRB5 0x00000020L /* KRB5 auth */ -#define SSL_aECDSA 0x00000040L /* ECDSA auth*/ -#define SSL_aPSK 0x00000080L /* PSK auth */ -#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */ -#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ -#define SSL_aSRP 0x00000400L /* SRP auth */ +/* RSA auth */ +#define SSL_aRSA 0x00000001L +/* DSS auth */ +#define SSL_aDSS 0x00000002L +/* no auth (i.e. use ADH or AECDH) */ +#define SSL_aNULL 0x00000004L +/* Fixed DH auth (kDHd or kDHr) */ +#define SSL_aDH 0x00000008L +/* Fixed ECDH auth (kECDHe or kECDHr) */ +#define SSL_aECDH 0x00000010L +/* KRB5 auth */ +#define SSL_aKRB5 0x00000020L +/* ECDSA auth*/ +#define SSL_aECDSA 0x00000040L +/* PSK auth */ +#define SSL_aPSK 0x00000080L +/* GOST R 34.10-94 signature auth */ +#define SSL_aGOST94 0x00000100L +/* GOST R 34.10-2001 signature auth */ +#define SSL_aGOST01 0x00000200L +/* SRP auth */ +#define SSL_aSRP 0x00000400L /* Bits for algorithm_enc (symmetric encryption) */ diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c index 86a9a6013d..4381647f2e 100644 --- a/ssl/ssl_task.c +++ b/ssl/ssl_task.c @@ -144,11 +144,16 @@ static int s_nbio=0; #endif #define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE" /*************************************************************************/ -struct rpc_msg { /* Should have member alignment inhibited */ - char channel; /* 'A'-app data. 'R'-remote client 'G'-global */ - char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ - unsigned short int length; /* Amount of data returned or max to return */ - char data[4092]; /* variable data */ +/* Should have member alignment inhibited */ +struct rpc_msg { + /* 'A'-app data. 'R'-remote client 'G'-global */ + char channel; + /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ + char function; + /* Amount of data returned or max to return */ + unsigned short int length; + /* variable data */ + char data[4092]; }; #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 0bb9fa8731..9ff21171b1 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1410,8 +1410,10 @@ bad: #ifdef TLSEXT_TYPE_opaque_prf_input SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb); SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb); - SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */ - SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */ + /* or &co2 or NULL */ + SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); + /* or &so2 or NULL */ + SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); #endif if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM)) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 6a4a69e514..7416f732b6 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1286,7 +1286,8 @@ int tls1_alert_code(int code) case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK); -#if 0 /* not appropriate for TLS, not used for DTLS */ +#if 0 + /* not appropriate for TLS, not used for DTLS */ case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); #endif |