diff options
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 106 |
1 files changed, 60 insertions, 46 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f0291b115f..31b1c360ab 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -504,7 +504,7 @@ int tls1_check_curve(SSL *s, const unsigned char *p, size_t len) return 0; } -/* +/*- * Return |nmatch|th shared curve or NID_undef if there is no match. * For nmatch == -1, return number of matches * For nmatch == -2, return the NID of the curve to use for @@ -1222,13 +1222,14 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c unsigned long size_str; long lenmax; - /* check for enough space. - 4 for the servername type and entension length - 2 for servernamelist length - 1 for the hostname type - 2 for hostname length - + hostname length - */ + /*- + * check for enough space. + * 4 for the servername type and entension length + * 2 for servernamelist length + * 1 for the hostname type + * 2 for hostname length + * + hostname length + */ if ((lenmax = limit - ret - 9) < 0 || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) @@ -1260,11 +1261,12 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c return NULL; } - /* check for enough space. - 4 for the srp type type and entension length - 1 for the srp user identity - + srp user identity length - */ + /*- + * check for enough space. + * 4 for the srp type type and entension length + * 1 for the srp user identity + * + srp user identity length + */ if ((limit - ret - 5 - login_len) < 0) return NULL; /* fill in the extension */ @@ -1464,7 +1466,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c return NULL; s2n(TLSEXT_TYPE_heartbeat,ret); s2n(1,ret); - /* Set mode: + /*- + * Set mode: * 1: peer may send requests * 2: peer not allowed to send requests */ @@ -1720,7 +1723,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c return NULL; s2n(TLSEXT_TYPE_heartbeat,ret); s2n(1,ret); - /* Set mode: + /*- + * Set mode: * 1: peer may send requests * 2: peer not allowed to send requests */ @@ -1867,7 +1871,8 @@ parse_error: } #ifndef OPENSSL_NO_EC -/* ssl_check_for_safari attempts to fingerprint Safari using OS X +/*- + * ssl_check_for_safari attempts to fingerprint Safari using OS X * SecureTransport using the TLS extension block in |d|, of length |n|. * Safari, since 10.6, sends exactly these extensions, in this order: * SNI, @@ -2019,28 +2024,30 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char } else if (s->version == SSL3_VERSION) {} -/* The servername extension is treated as follows: - - - Only the hostname type is supported with a maximum length of 255. - - The servername is rejected if too long or if it contains zeros, - in which case an fatal alert is generated. - - The servername field is maintained together with the session cache. - - When a session is resumed, the servername call back invoked in order - to allow the application to position itself to the right context. - - The servername is acknowledged if it is new for a session or when - it is identical to a previously used for the same session. - Applications can control the behaviour. They can at any time - set a 'desirable' servername for a new SSL object. This can be the - case for example with HTTPS when a Host: header field is received and - a renegotiation is requested. In this case, a possible servername - presented in the new client hello is only acknowledged if it matches - the value of the Host: field. - - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION - if they provide for changing an explicit servername context for the session, - i.e. when the session has been established with a servername extension. - - On session reconnect, the servername extension may be absent. - -*/ +/*- + * The servername extension is treated as follows: + * + * - Only the hostname type is supported with a maximum length of 255. + * - The servername is rejected if too long or if it contains zeros, + * in which case an fatal alert is generated. + * - The servername field is maintained together with the session cache. + * - When a session is resumed, the servername call back invoked in order + * to allow the application to position itself to the right context. + * - The servername is acknowledged if it is new for a session or when + * it is identical to a previously used for the same session. + * Applications can control the behaviour. They can at any time + * set a 'desirable' servername for a new SSL object. This can be the + * case for example with HTTPS when a Host: header field is received and + * a renegotiation is requested. In this case, a possible servername + * presented in the new client hello is only acknowledged if it matches + * the value of the Host: field. + * - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + * if they provide for changing an explicit servername context for the + * session, i.e. when the session has been established with a servername + * extension. + * - On session reconnect, the servername extension may be absent. + * + */ else if (type == TLSEXT_TYPE_server_name) { @@ -2419,7 +2426,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char s->s3->tmp.finish_md_len == 0 && s->s3->alpn_selected == NULL) { - /* We shouldn't accept this extension on a + /*- + * We shouldn't accept this extension on a * renegotiation. * * s->new_session will be set on renegotiation, but we @@ -2428,12 +2436,13 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char * there's some other reason to disallow resuming an * earlier session -- the current code won't be doing * anything like that, but this might change). - + * * A valid sign that there's been a previous handshake * in this connection is if s->s3->tmp.finish_md_len > * 0. (We are talking about a check that will happen * in the Hello protocol round, well before a new - * Finished message could have been computed.) */ + * Finished message could have been computed.) + */ s->s3->next_proto_neg_seen = 1; } #endif @@ -2746,10 +2755,12 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *al = TLS1_AD_DECODE_ERROR; return 0; } - /* The extension data consists of: + /*- + * The extension data consists of: * uint16 list_length * uint8 proto_length; - * uint8 proto[proto_length]; */ + * uint8 proto[proto_length]; + */ len = data[0]; len <<= 8; len |= data[1]; @@ -3248,7 +3259,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in return 1; } -/* Since the server cache lookup is done early on in the processing of the +/*- + * Since the server cache lookup is done early on in the processing of the * ClientHello, and other operations depend on the result, we need to handle * any TLS session ticket extension at the same time. * @@ -3368,7 +3380,8 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, return 0; } -/* tls_decrypt_ticket attempts to decrypt a session ticket. +/*- + * tls_decrypt_ticket attempts to decrypt a session ticket. * * etick: points to the body of the session ticket extension. * eticklen: the length of the session tickets extenion. @@ -4086,7 +4099,8 @@ tls1_heartbeat(SSL *s) */ OPENSSL_assert(payload + padding <= 16381); - /* Create HeartBeat message, we just use a sequence number + /*- + * Create HeartBeat message, we just use a sequence number * as payload to distuingish different messages and add * some random stuff. * - Message Type, 1 byte |