bn/bntest.c: make it indent-friendly.

[openssl.git] / ssl / t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 31b1c360aba62ba24aa8bdc839ada9668ddb4c7f..2e8e149b96319ccb782f560ebb91c492fe94f4c4 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -935,7 +935,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
                tlsext_sigalg_dsa(md) \
                tlsext_sigalg_ecdsa(md)
 
-static unsigned char tls12_sigalgs[] = {
+static const unsigned char tls12_sigalgs[] = {
 #ifndef OPENSSL_NO_SHA512
        tlsext_sigalg(TLSEXT_hash_sha512)
        tlsext_sigalg(TLSEXT_hash_sha384)
@@ -949,7 +949,7 @@ static unsigned char tls12_sigalgs[] = {
 #endif
 };
 #ifndef OPENSSL_NO_ECDSA
-static unsigned char suiteb_sigalgs[] = {
+static const unsigned char suiteb_sigalgs[] = {
        tlsext_sigalg_ecdsa(TLSEXT_hash_sha256)
        tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
 };
@@ -1501,6 +1501,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
                ret += s->alpn_client_proto_list_len;
                }
 
+#ifndef OPENSSL_NO_SRTP
         if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s))
                 {
                 int el;
@@ -1519,6 +1520,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
                        }
                 ret += el;
                 }
+#endif
        custom_ext_init(&s->cert->cli_ext);
        /* Add custom TLS Extensions to ClientHello */
        if (!custom_ext_add(s, 0, &ret, limit, al))
@@ -1681,6 +1683,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
                }
 #endif
 
+#ifndef OPENSSL_NO_SRTP
         if(SSL_IS_DTLS(s) && s->srtp_profile)
                 {
                 int el;
@@ -1699,6 +1702,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
                        }
                 ret+=el;
                 }
+#endif
 
        if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) 
                && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG))
@@ -1996,6 +2000,16 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
        s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
 #endif
 
+#ifndef OPENSSL_NO_SRP
+       if (s->srp_ctx.login != NULL)
+               {
+               OPENSSL_free(s->srp_ctx.login);
+               s->srp_ctx.login = NULL;
+               }
+#endif
+
+       s->srtp_profile = NULL;
+
        if (data >= (d+n-2))
                goto ri_check;
        n2s(data,len);
@@ -2252,8 +2266,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 
                        if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
                                OPENSSL_free(s->s3->client_opaque_prf_input);
+                               
+                       /* dummy byte just to get non-NULL */
                        if (s->s3->client_opaque_prf_input_len == 0)
-                               s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+                               s->s3->client_opaque_prf_input = OPENSSL_malloc(1);
                        else
                                s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
                        if (s->s3->client_opaque_prf_input == NULL)
@@ -2460,6 +2476,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
                        }
 
                /* session ticket processed earlier */
+#ifndef OPENSSL_NO_SRTP
                else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
                                && type == TLSEXT_TYPE_use_srtp)
                         {
@@ -2467,6 +2484,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
                                                              al))
                                return 0;
                         }
+#endif
 #ifdef TLSEXT_TYPE_encrypt_then_mac
                else if (type == TLSEXT_TYPE_encrypt_then_mac)
                        s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
@@ -2803,12 +2821,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
                                }
                        }
 #endif
+#ifndef OPENSSL_NO_SRTP
                else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp)
                         {
                         if(ssl_parse_serverhello_use_srtp_ext(s, data, size,
                                                              al))
                                 return 0;
                         }
+#endif
 #ifdef TLSEXT_TYPE_encrypt_then_mac
                else if (type == TLSEXT_TYPE_encrypt_then_mac)
                        {
@@ -3508,7 +3528,7 @@ typedef struct
        int id;
        } tls12_lookup;
 
-static tls12_lookup tls12_md[] = {
+static const tls12_lookup tls12_md[] = {
        {NID_md5, TLSEXT_hash_md5},
        {NID_sha1, TLSEXT_hash_sha1},
        {NID_sha224, TLSEXT_hash_sha224},
@@ -3517,13 +3537,13 @@ static tls12_lookup tls12_md[] = {
        {NID_sha512, TLSEXT_hash_sha512}
 };
 
-static tls12_lookup tls12_sig[] = {
+static const tls12_lookup tls12_sig[] = {
        {EVP_PKEY_RSA, TLSEXT_signature_rsa},
        {EVP_PKEY_DSA, TLSEXT_signature_dsa},
        {EVP_PKEY_EC, TLSEXT_signature_ecdsa}
 };
 
-static int tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
+static int tls12_find_id(int nid, const tls12_lookup *table, size_t tlen)
        {
        size_t i;
        for (i = 0; i < tlen; i++)
@@ -3534,7 +3554,7 @@ static int tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
        return -1;
        }
 
-static int tls12_find_nid(int id, tls12_lookup *table, size_t tlen)
+static int tls12_find_nid(int id, const tls12_lookup *table, size_t tlen)
        {
        size_t i;
        for (i = 0; i < tlen; i++)