diff --git a/src/internal.c b/src/internal.c index ecd1c5a2ee..a125ee5bf8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2497,6 +2497,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) XMEMSET(ctx, 0, sizeof(WOLFSSL_CTX)); + ctx->method = method; if (heap == NULL) { ctx->heap = ctx; /* defaults to self */ } @@ -2505,14 +2506,12 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) } ctx->timeout = WOLFSSL_SESSION_TIMEOUT; - ctx->method = method; - - #ifdef WOLFSSL_DTLS +#ifdef WOLFSSL_DTLS if (method->version.major == DTLS_MAJOR) { ctx->minDowngrade = WOLFSSL_MIN_DTLS_DOWNGRADE; } else - #endif /* WOLFSSL_DTLS */ +#endif /* WOLFSSL_DTLS */ { /* current default: TLSv1_MINOR */ ctx->minDowngrade = WOLFSSL_MIN_DOWNGRADE; @@ -3621,7 +3620,8 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 #ifdef OPENSSL_EXTRA - if ((tls1_2 && haveRSA && haveAES128) || (tls1_2 && haveECDSAsig && haveAES128)) { + if ((tls1_2 && haveRSA && haveAES128) || + (tls1_2 && haveECDSAsig && haveAES128)) { #else if (tls1_2 && haveRSA && haveAES128) { #endif @@ -3779,7 +3779,8 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 #ifdef OPENSSL_EXTRA - if ((tls1_2 && haveRSA && haveAES128) || (tls1_2 && haveECDSAsig && haveAES128)) { + if ((tls1_2 && haveRSA && haveAES128) || + (tls1_2 && haveECDSAsig && haveAES128)) { #else if (tls1_2 && haveRSA && haveAES128) { #endif @@ -3917,7 +3918,8 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA #ifdef OPENSSL_EXTRA - if ((tls && haveRSA && haveAES128 && haveSHA1) || (tls && haveECDSAsig && haveAES128 && haveSHA1)) { + if ((tls && haveRSA && haveAES128 && haveSHA1) || + (tls && haveECDSAsig && haveAES128 && haveSHA1)) { #else if (tls && haveRSA && haveAES128 && haveSHA1) { #endif @@ -4374,7 +4376,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA - if (tls && havePSK && haveNull && haveSHA1) { + if (tls && havePSK && haveNull) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA; } @@ -27960,8 +27962,8 @@ static int ParseCipherList(Suites* suites, #endif { suites->suiteSz = (word16)idx; - InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, - keySz, &suites->hashSigAlgoSz); + InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, keySz, + &suites->hashSigAlgoSz); } #ifdef HAVE_RENEGOTIATION_INDICATION diff --git a/src/ssl.c b/src/ssl.c index f4682fb914..b1ee748b23 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1122,9 +1122,9 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap) if (wolfSSL_CTX_set_min_proto_version(ctx, (method->version.major == DTLS_MAJOR) ? DTLS1_VERSION : SSL3_VERSION) != WOLFSSL_SUCCESS || - #ifdef HAVE_ANON +#ifdef HAVE_ANON wolfSSL_CTX_allow_anon_cipher(ctx) != WOLFSSL_SUCCESS || - #endif +#endif wolfSSL_CTX_set_group_messages(ctx) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Setting OpenSSL CTX defaults failed"); wolfSSL_CTX_free(ctx); diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h index d0eeff03ca..2d4d802112 100644 --- a/wolfssl/error-ssl.h +++ b/wolfssl/error-ssl.h @@ -233,7 +233,8 @@ enum wolfSSL_ErrorCodes { WOLFSSL_EVP_R_DECODE_ERROR = -514, WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR = -515, - CRYPTO_POLICY_FORBIDDEN = -516, /* operation forbidden by system crypto-policy */ + CRYPTO_POLICY_FORBIDDEN = -516, /* operation forbidden by system + * crypto-policy */ WOLFSSL_LAST_E = -516 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 1fccba818e..a01a2a6e63 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3068,21 +3068,21 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void); WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void); #if defined(WOLFSSL_SYS_CRYPTO_POLICY) -WOLFSSL_API int wolfSSL_crypto_policy_enable(const char * policy); -WOLFSSL_API int wolfSSL_crypto_policy_enable_buffer(const char * buf); -WOLFSSL_API void wolfSSL_crypto_policy_disable(void); -WOLFSSL_API int wolfSSL_crypto_policy_is_enabled(void); +WOLFSSL_API int wolfSSL_crypto_policy_enable(const char * policy); +WOLFSSL_API int wolfSSL_crypto_policy_enable_buffer(const char * buf); +WOLFSSL_API void wolfSSL_crypto_policy_disable(void); +WOLFSSL_API int wolfSSL_crypto_policy_is_enabled(void); WOLFSSL_API const char * wolfSSL_crypto_policy_get_ciphers(void); -WOLFSSL_API int wolfSSL_crypto_policy_get_level(void); -WOLFSSL_LOCAL int wolfSSL_crypto_policy_init_ctx(WOLFSSL_CTX * ctx, - WOLFSSL_METHOD * method); +WOLFSSL_API int wolfSSL_crypto_policy_get_level(void); +WOLFSSL_LOCAL int wolfSSL_crypto_policy_init_ctx(WOLFSSL_CTX * ctx, + WOLFSSL_METHOD * method); #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ /* compat functions. */ -WOLFSSL_API void wolfSSL_CTX_set_security_level(WOLFSSL_CTX* ctx, int level); -WOLFSSL_API int wolfSSL_CTX_get_security_level(const WOLFSSL_CTX * ctx); -WOLFSSL_API int wolfSSL_get_security_level(const WOLFSSL * ssl); +WOLFSSL_API void wolfSSL_CTX_set_security_level(WOLFSSL_CTX* ctx, int level); +WOLFSSL_API int wolfSSL_CTX_get_security_level(const WOLFSSL_CTX * ctx); +WOLFSSL_API int wolfSSL_get_security_level(const WOLFSSL * ssl); #ifndef NO_WOLFSSL_STUB -WOLFSSL_API void wolfSSL_set_security_level(WOLFSSL * ssl, int level); +WOLFSSL_API void wolfSSL_set_security_level(WOLFSSL * ssl, int level); #endif /* !NO_WOLFSSL_STUB */ /* which library version do we have */