diff --git a/security/nss/.clang-format b/security/nss/.clang-format index f508bfe3425e..67e8bc309c86 100644 --- a/security/nss/.clang-format +++ b/security/nss/.clang-format @@ -61,4 +61,5 @@ CommentPragmas: '^ IWYU pragma:' ForEachMacros: [ foreach, Q_FOREACH, BOOST_FOREACH ] SpaceBeforeParens: ControlStatements DisableFormat: false +SortIncludes: false ... diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO index 7b2b6db793ff..ed4dade6eef5 100644 --- a/security/nss/TAG-INFO +++ b/security/nss/TAG-INFO @@ -1 +1 @@ -NSS_3_23_BETA5 +NSS_3_23_BETA7 diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep index 590d1bfaeee3..5182f75552c8 100644 --- a/security/nss/coreconf/coreconf.dep +++ b/security/nss/coreconf/coreconf.dep @@ -10,4 +10,3 @@ */ #error "Do not include this header file." - diff --git a/security/nss/lib/base/arena.c b/security/nss/lib/base/arena.c index cefc037040af..b8e64643ddde 100644 --- a/security/nss/lib/base/arena.c +++ b/security/nss/lib/base/arena.c @@ -530,8 +530,7 @@ nssArena_Mark(NSSArena *arena) /* Unmarked. Store our thread ID */ arena->marking_thread = PR_GetCurrentThread(); /* This call never fails. */ - } - else { + } else { /* Marked. Verify it's the current thread */ if (PR_GetCurrentThread() != arena->marking_thread) { PR_Unlock(arena->lock); @@ -556,8 +555,7 @@ nssArena_Mark(NSSArena *arena) if ((nssArenaMark *)NULL == arena->first_mark) { arena->first_mark = rv; arena->last_mark = rv; - } - else { + } else { arena->last_mark->next = rv; arena->last_mark = rv; } @@ -845,8 +843,7 @@ nss_ZAlloc(NSSArena *arenaOpt, PRUint32 size) /* We used calloc: it's already zeroed */ return (void *)((char *)h + sizeof(struct pointer_header)); - } - else { + } else { void *rv; /* Arena allocation */ #ifdef NSSDEBUG @@ -940,8 +937,7 @@ nss_ZFreeIf(void *pointer) (void)nsslibc_memset(pointer, 0, h->size); PR_Free(h); return PR_SUCCESS; - } - else { + } else { /* Arena */ #ifdef NSSDEBUG if (PR_SUCCESS != nssArena_verifyPointer(h->arena)) { @@ -1058,8 +1054,7 @@ nss_ZRealloc(void *pointer, PRUint32 newSize) (void)nsslibc_memcpy(rv, pointer, h->size); (void)nsslibc_memset(&((char *)rv)[h->size], 0, (newSize - h->size)); - } - else { + } else { (void)nsslibc_memcpy(rv, pointer, newSize); } @@ -1068,8 +1063,7 @@ nss_ZRealloc(void *pointer, PRUint32 newSize) PR_Free(h); return rv; - } - else { + } else { void *p; /* Arena */ #ifdef NSSDEBUG diff --git a/security/nss/lib/base/error.c b/security/nss/lib/base/error.c index 679f2ba9ea84..ea1d5e3e8dde 100644 --- a/security/nss/lib/base/error.c +++ b/security/nss/lib/base/error.c @@ -95,13 +95,11 @@ error_get_my_stack(void) if ((error_stack *)NULL == rv) { /* Doesn't exist; create one */ new_size = 16; - } - else if (rv->header.count == rv->header.space && - rv->header.count < NSS_MAX_ERROR_STACK_COUNT) { + } else if (rv->header.count == rv->header.space && + rv->header.count < NSS_MAX_ERROR_STACK_COUNT) { /* Too small, expand it */ new_size = PR_MIN(rv->header.space * 2, NSS_MAX_ERROR_STACK_COUNT); - } - else { + } else { /* Okay, return it */ return rv; } @@ -227,8 +225,7 @@ nss_SetError(PRUint32 error) if (es->header.count < es->header.space) { es->stack[es->header.count++] = error; - } - else { + } else { memmove(es->stack, es->stack + 1, (es->header.space - 1) * (sizeof es->stack[0])); es->stack[es->header.space - 1] = error; diff --git a/security/nss/lib/base/hash.c b/security/nss/lib/base/hash.c index ab2596f18ad4..f9ee758038ec 100644 --- a/security/nss/lib/base/hash.c +++ b/security/nss/lib/base/hash.c @@ -92,8 +92,7 @@ nssHash_Create(NSSArena *arenaOpt, PRUint32 numBuckets, PLHashFunction keyHash, if (arenaOpt) { arena = arenaOpt; i_alloced = PR_FALSE; - } - else { + } else { arena = nssArena_Create(); i_alloced = PR_TRUE; } @@ -170,8 +169,7 @@ nssHash_Destroy(nssHash *hash) PL_HashTableDestroy(hash->plHashTable); if (hash->i_alloced_arena) { nssArena_Destroy(hash->arena); - } - else { + } else { nss_ZFreeIf(hash); } } @@ -191,11 +189,9 @@ nssHash_Add(nssHash *hash, const void *key, const void *value) he = PL_HashTableAdd(hash->plHashTable, key, (void *)value); if ((PLHashEntry *)NULL == he) { nss_SetError(NSS_ERROR_NO_MEMORY); - } - else if (he->value != value) { + } else if (he->value != value) { nss_SetError(NSS_ERROR_HASH_COLLISION); - } - else { + } else { hash->count++; error = PR_SUCCESS; } @@ -260,8 +256,7 @@ nssHash_Exists(nssHash *hash, const void *it) if ((void *)NULL == value) { return PR_FALSE; - } - else { + } else { return PR_TRUE; } } diff --git a/security/nss/lib/base/item.c b/security/nss/lib/base/item.c index 6c25911837fc..a1bb802ed6a2 100644 --- a/security/nss/lib/base/item.c +++ b/security/nss/lib/base/item.c @@ -54,8 +54,7 @@ nssItem_Create(NSSArena *arenaOpt, NSSItem *rvOpt, PRUint32 length, if ((NSSItem *)NULL == rv) { goto loser; } - } - else { + } else { rv = rvOpt; } diff --git a/security/nss/lib/base/libc.c b/security/nss/lib/base/libc.c index 721e4a241c39..7954a316102e 100644 --- a/security/nss/lib/base/libc.c +++ b/security/nss/lib/base/libc.c @@ -106,8 +106,7 @@ nsslibc_memequal(const void *a, const void *b, PRUint32 len, if (0 == memcmp(a, b, len)) { return PR_TRUE; - } - else { + } else { return PR_FALSE; } } diff --git a/security/nss/lib/base/list.c b/security/nss/lib/base/list.c index da4d7c0d83f5..0173b853b2bf 100644 --- a/security/nss/lib/base/list.c +++ b/security/nss/lib/base/list.c @@ -83,8 +83,7 @@ nssList_Create(NSSArena *arenaOpt, PRBool threadSafe) if (arenaOpt) { arena = arenaOpt; i_alloced = PR_FALSE; - } - else { + } else { arena = nssArena_Create(); i_alloced = PR_TRUE; } @@ -103,8 +102,7 @@ nssList_Create(NSSArena *arenaOpt, PRBool threadSafe) if (!list->lock) { if (arenaOpt) { nss_ZFreeIf(list); - } - else { + } else { NSSArena_Destroy(arena); } return (nssList *)NULL; @@ -205,13 +203,11 @@ nsslist_add_element(nssList *list, void *data) } currNode = (nssListElement *)PR_NEXT_LINK(&currNode->link); } - } - else { + } else { /* not sorting */ PR_APPEND_LINK(&node->link, &list->head->link); } - } - else { + } else { list->head = node; } ++list->count; diff --git a/security/nss/lib/base/utf8.c b/security/nss/lib/base/utf8.c index 094e7254f068..9ef197c89868 100644 --- a/security/nss/lib/base/utf8.c +++ b/security/nss/lib/base/utf8.c @@ -61,8 +61,7 @@ nssUTF8_CaseIgnoreMatch(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt) */ if (0 == PL_strcasecmp((const char *)a, (const char *)b)) { return PR_TRUE; - } - else { + } else { return PR_FALSE; } } @@ -167,8 +166,7 @@ nssUTF8_PrintableMatch(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt) if (*c == *d) { /* And both '\0', btw */ return PR_TRUE; - } - else { + } else { return PR_FALSE; } } @@ -324,23 +322,17 @@ nssUTF8_Length(const NSSUTF8 *s, PRStatus *statusOpt) PRUint32 incr; if ((*c & 0x80) == 0) { incr = 1; - } - else if ((*c & 0xE0) == 0xC0) { + } else if ((*c & 0xE0) == 0xC0) { incr = 2; - } - else if ((*c & 0xF0) == 0xE0) { + } else if ((*c & 0xF0) == 0xE0) { incr = 3; - } - else if ((*c & 0xF8) == 0xF0) { + } else if ((*c & 0xF8) == 0xF0) { incr = 4; - } - else if ((*c & 0xFC) == 0xF8) { + } else if ((*c & 0xFC) == 0xF8) { incr = 5; - } - else if ((*c & 0xFE) == 0xFC) { + } else if ((*c & 0xFE) == 0xFC) { incr = 6; - } - else { + } else { nss_SetError(NSS_ERROR_INVALID_STRING); goto loser; } @@ -455,8 +447,7 @@ nssUTF8_Create(NSSArena *arenaOpt, nssStringType type, const void *inputString, if (0 == size) { rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt); - } - else { + } else { rv = nss_ZAlloc(arenaOpt, size + 1); if ((NSSUTF8 *)NULL == rv) { return (NSSUTF8 *)NULL; @@ -477,8 +468,7 @@ nssUTF8_Create(NSSArena *arenaOpt, nssStringType type, const void *inputString, case nssStringType_UTF8String: if (0 == size) { rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt); - } - else { + } else { rv = nss_ZAlloc(arenaOpt, size + 1); if ((NSSUTF8 *)NULL == rv) { return (NSSUTF8 *)NULL; @@ -555,8 +545,7 @@ nssUTF8_GetEncoding(NSSArena *arenaOpt, NSSItem *rvOpt, nssStringType type, (void)nss_ZFreeIf(dup); return (NSSItem *)NULL; } - } - else { + } else { rv = rvOpt; } @@ -640,13 +629,11 @@ nssUTF8_CopyIntoFixedBuffer(NSSUTF8 *string, char *buffer, PRUint32 bufferSize, if ((buffer[bs - 1] & 0xC0) != 0x80) { buffer[bs - 1] = pad; break; - } - else { + } else { buffer[bs - 1] = pad; } } - } - else { + } else { (void)nsslibc_memset(buffer, pad, bufferSize); (void)nsslibc_memcpy(buffer, string, stringSize); } diff --git a/security/nss/lib/certdb/alg1485.c b/security/nss/lib/certdb/alg1485.c index 9415531ed6b7..e5e1f84bef18 100644 --- a/security/nss/lib/certdb/alg1485.c +++ b/security/nss/lib/certdb/alg1485.c @@ -261,8 +261,7 @@ scanVal(const char** pbp, const char* endptr, char* valBuf, int valBufSize) isQuoted = PR_TRUE; /* skip over it */ bp++; - } - else { + } else { isQuoted = PR_FALSE; } @@ -282,15 +281,12 @@ scanVal(const char** pbp, const char* endptr, char* valBuf, int valBufSize) bp++; c = (char)((x2b[(PRUint8)c] << 4) | x2b[(PRUint8)*bp]); } - } - else if (c == '#' && bp == *pbp) { + } else if (c == '#' && bp == *pbp) { /* ignore leading #, quotation not required for it. */ - } - else if (!isQuoted && SPECIAL_CHAR(c)) { + } else if (!isQuoted && SPECIAL_CHAR(c)) { /* unescaped special and not within quoted value */ break; - } - else if (c == C_DOUBLE_QUOTE) { + } else if (c == C_DOUBLE_QUOTE) { /* reached unescaped double quote */ break; } @@ -404,8 +400,7 @@ ParseRFC1485AVA(PLArenaPool* arena, const char** pbp, const char* endptr) /* is this a dotted decimal OID attribute type ? */ if (!PL_strncasecmp("oid.", tagBuf, 4)) { rv = SEC_StringToOID(arena, &derOid, tagBuf, strlen(tagBuf)); - } - else { + } else { for (n2k = name2kinds; n2k->name; n2k++) { SECOidData* oidrec; if (PORT_Strcasecmp(n2k->name, tagBuf) == 0) { @@ -429,8 +424,7 @@ ParseRFC1485AVA(PLArenaPool* arena, const char** pbp, const char* endptr) if (rv) goto loser; a = CERT_CreateAVAFromRaw(arena, &derOid, &derVal); - } - else { + } else { if (kind == SEC_OID_UNKNOWN) goto loser; if (kind == SEC_OID_AVA_COUNTRY_NAME && valLen != 2) @@ -483,8 +477,7 @@ ParseRFC1485Name(const char* buf, int len) if (rdn == 0) goto loser; rv = CERT_AddRDN(name, rdn); - } - else { + } else { rv = CERT_AddAVA(name->arena, rdn, ava); } if (rv) @@ -565,8 +558,7 @@ AppendStr(stringBuf* bufp, char* str) size = PR_MAX(DEFAULT_BUFFER_SIZE, bufSize * 2); buf = (char*)PORT_Alloc(size); bufp->size = size; - } - else if (bufp->size < bufSize) { + } else if (bufp->size < bufSize) { size = bufSize * 2; buf = (char*)PORT_Realloc(buf, size); bufp->size = size; @@ -615,17 +607,14 @@ cert_RFC1485_GetRequiredLen(const char* src, int srclen, EQMode* pEQMode) reqLen++; if (NEEDS_HEX_ESCAPE(c)) { /* c -> \xx */ reqLen += 2; - } - else if (NEEDS_ESCAPE(c)) { /* c -> \c */ + } else if (NEEDS_ESCAPE(c)) { /* c -> \c */ reqLen++; - } - else if (SPECIAL_CHAR(c)) { + } else if (SPECIAL_CHAR(c)) { if (mode == minimalEscapeAndQuote) /* quoting is allowed */ needsQuoting = PR_TRUE; /* entirety will need quoting */ else if (mode == fullEscape) reqLen++; /* MAY escape this character */ - } - else if (OPTIONAL_SPACE(c) && OPTIONAL_SPACE(lastC)) { + } else if (OPTIONAL_SPACE(c) && OPTIONAL_SPACE(lastC)) { if (mode == minimalEscapeAndQuote) /* quoting is allowed */ needsQuoting = PR_TRUE; /* entirety will need quoting */ } @@ -667,8 +656,7 @@ escapeAndQuote(char* dst, int dstlen, char* src, int srclen, EQMode* pEQMode) *dst++ = C_BACKSLASH; *dst++ = hexChars[(c >> 4) & 0x0f]; *dst++ = hexChars[c & 0x0f]; - } - else { + } else { if (NEEDS_ESCAPE(c) || (SPECIAL_CHAR(c) && mode == fullEscape)) { *dst++ = C_BACKSLASH; } @@ -766,13 +754,11 @@ CERT_GetOidString(const SECItem* oid) PRUint32 two = n - (one * 40); rvString = PR_smprintf("OID.%lu.%lu", one, two); - } - else { + } else { prefix = rvString; rvString = PR_smprintf("%s.%lu", prefix, n); } - } - else if (bytesBeforeLast <= 9U) { /* 29-64 bit number */ + } else if (bytesBeforeLast <= 9U) { /* 29-64 bit number */ PRUint64 n = 0; PRUint64 c; @@ -798,13 +784,11 @@ CERT_GetOidString(const SECItem* oid) PRUint64 two = n - (one * 40); rvString = PR_smprintf("OID.%llu.%llu", one, two); - } - else { + } else { prefix = rvString; rvString = PR_smprintf("%s.%llu", prefix, n); } - } - else { + } else { /* More than a 64-bit number, or not minimal encoding. */ unsupported: if (!rvString) @@ -945,8 +929,7 @@ AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict) if (pn2k->kind != endKind) { n2k = *pn2k; - } - else if (strict != CERT_N2A_READABLE) { + } else if (strict != CERT_N2A_READABLE) { useHex = PR_TRUE; } /* For invertable form, force Directory Strings to use hex form. */ @@ -991,8 +974,7 @@ AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict) maxValue = valueLen; if (len <= sizeof(tmpBuf)) { encodedAVA = tmpBuf; - } - else if (strict != CERT_N2A_READABLE) { + } else if (strict != CERT_N2A_READABLE) { encodedAVA = PORT_Alloc(len); if (!encodedAVA) { SECITEM_FreeItem(avaValue, PR_TRUE); @@ -1000,8 +982,7 @@ AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict) PR_smprintf_free(unknownTag); return SECFailure; } - } - else { + } else { /* Must make output fit in tmpbuf */ unsigned int fair = (sizeof tmpBuf) / 2 - 1; /* for = and \0 */ @@ -1009,12 +990,10 @@ AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict) /* just truncate the value */ maxValue = (sizeof tmpBuf) - (nameLen + 6); /* for "=...\0", and possibly '"' */ - } - else if (valueLen < fair) { + } else if (valueLen < fair) { /* just truncate the name */ maxName = (sizeof tmpBuf) - (valueLen + 5); /* for "=...\0" */ - } - else { + } else { /* truncate both */ maxName = maxValue = fair - 3; /* for "..." */ } @@ -1056,12 +1035,10 @@ AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict) end[-3] = '.'; } rv = SECSuccess; - } - else if (!truncateValue) { + } else if (!truncateValue) { rv = escapeAndQuote(encodedAVA + nameLen, len - nameLen, (char*)avaValue->data, avaValue->len, &mode); - } - else { + } else { /* must truncate the escaped and quoted value */ char bigTmpBuf[TMPBUF_LEN * 3 + 3]; PORT_Assert(valueLen < sizeof tmpBuf); @@ -1136,8 +1113,7 @@ CERT_NameToAsciiInvertible(CERTName* name, CertStrictnessLevel strict) rv = AppendStr(&strBuf, newRDN ? "," : "+"); if (rv) goto loser; - } - else { + } else { first = PR_FALSE; } @@ -1211,8 +1187,7 @@ avaToString(PLArenaPool* arena, CERTAVA* ava) cert_RFC1485_GetRequiredLen((char*)avaValue->data, avaValue->len, NULL) + 1; if (arena) { buf = (char*)PORT_ArenaZAlloc(arena, valueLen); - } - else { + } else { buf = (char*)PORT_ZAlloc(valueLen); } if (buf) { @@ -1321,8 +1296,7 @@ CERT_GetCertificateEmailAddress(CERTCertificate* cert) CERT_GetNameElement(cert->arena, &(current->name.directoryName), SEC_OID_RFC1274_MAIL); } - } - else if (current->type == certRFC822Name) { + } else if (current->type == certRFC822Name) { rawEmailAddr = (char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len + 1); @@ -1402,8 +1376,7 @@ appendItemToBuf(char* dest, SECItem* src, PRUint32* pRemaining) hexChars[(c >> 4) & 0x0f]; *dest++ = hexChars[c & 0x0f]; - } - else { + } else { *dest++ = tolower(c); } @@ -1471,8 +1444,7 @@ cert_GetCertificateEmailAddresses(CERTCertificate* cert) tmpArena, ¤t->name.directoryName, SEC_OID_RFC1274_MAIL); pBuf = appendStringToBuf(pBuf, rawEmailAddr, &maxLen); - } - else if (current->type == certRFC822Name) { + } else if (current->type == certRFC822Name) { pBuf = appendItemToBuf(pBuf, ¤t->name.other, &maxLen); } diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index 086728963f5b..80b83ed4357f 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -400,8 +400,7 @@ GetKeyUsage(CERTCertificate *cert) PORT_Free(tmpitem.data); tmpitem.data = NULL; - } - else { + } else { /* if the extension is not present, then we allow all uses */ cert->keyUsage = KU_ALL; cert->rawKeyUsage = KU_ALL; @@ -483,8 +482,7 @@ cert_ComputeCertType(CERTCertificate *cert) if (tmpitem.data != NULL || extKeyUsage != NULL) { if (tmpitem.data == NULL) { nsCertType = 0; - } - else { + } else { nsCertType = tmpitem.data[0]; } @@ -517,8 +515,7 @@ cert_ComputeCertType(CERTCertificate *cert) SECSuccess) { if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) { nsCertType |= NS_CERT_TYPE_EMAIL_CA; - } - else { + } else { nsCertType |= NS_CERT_TYPE_EMAIL; } } @@ -526,8 +523,7 @@ cert_ComputeCertType(CERTCertificate *cert) extKeyUsage, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH) == SECSuccess) { if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) { nsCertType |= NS_CERT_TYPE_SSL_CA; - } - else { + } else { nsCertType |= NS_CERT_TYPE_SSL_SERVER; } } @@ -540,8 +536,7 @@ cert_ComputeCertType(CERTCertificate *cert) SECSuccess) { if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) { nsCertType |= NS_CERT_TYPE_SSL_CA; - } - else { + } else { nsCertType |= NS_CERT_TYPE_SSL_SERVER; } } @@ -549,8 +544,7 @@ cert_ComputeCertType(CERTCertificate *cert) extKeyUsage, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH) == SECSuccess) { if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) { nsCertType |= NS_CERT_TYPE_SSL_CA; - } - else { + } else { nsCertType |= NS_CERT_TYPE_SSL_CLIENT; } } @@ -558,8 +552,7 @@ cert_ComputeCertType(CERTCertificate *cert) extKeyUsage, SEC_OID_EXT_KEY_USAGE_CODE_SIGN) == SECSuccess) { if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) { nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING_CA; - } - else { + } else { nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING; } } @@ -571,8 +564,7 @@ cert_ComputeCertType(CERTCertificate *cert) SECSuccess) { nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER; } - } - else { + } else { /* If no NS Cert Type extension and no EKU extension, then */ nsCertType = 0; if (CERT_IsCACert(cert, &nsCertType)) @@ -674,8 +666,7 @@ cert_IsRootCert(CERTCertificate *cert) PORT_Free(tmpitem.data); if (!match) return PR_FALSE; /* else fall through */ - } - else { + } else { /* the subject key ID is required when AKI is present */ return PR_FALSE; } @@ -743,8 +734,7 @@ CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER, cert->derCert.data = (unsigned char *)data; cert->derCert.len = derSignedCert->len; PORT_Memcpy(data, derSignedCert->data, derSignedCert->len); - } - else { + } else { /* point to passed in DER data */ cert->derCert = *derSignedCert; } @@ -771,8 +761,7 @@ CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER, /* set the nickname */ if (nickname == NULL) { cert->nickname = NULL; - } - else { + } else { /* copy and install the nickname */ len = PORT_Strlen(nickname) + 1; cert->nickname = (char *)PORT_ArenaAlloc(arena, len); @@ -1007,8 +996,7 @@ SEC_GetCrlTimes(CERTCrl *date, PRTime *notBefore, PRTime *notAfter) if (rv) { return (SECFailure); } - } - else { + } else { LL_I2L(*notAfter, 0L); } return (SECSuccess); @@ -1132,8 +1120,7 @@ CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage, PRBool ca, PORT_Assert(0); goto loser; } - } - else { + } else { switch (usage) { case certUsageSSLClient: /* @@ -1356,15 +1343,13 @@ cert_TestHostName(char *cn, const char *hn) if (match == 0) { rv = SECSuccess; - } - else { + } else { PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); rv = SECFailure; } return rv; } - } - else { + } else { /* New approach conforms to RFC 6125. */ char *wildcard = PORT_Strchr(cn, '*'); char *firstcndot = PORT_Strchr(cn, '.'); @@ -1379,9 +1364,8 @@ cert_TestHostName(char *cn, const char *hn) * - must not be preceded by an IDNA ACE prefix (xn--) */ if (wildcard && secondcndot && secondcndot[1] && firsthndot && - firstcndot - wildcard == - 1 /* wildcard is last char in first component */ - && secondcndot - firstcndot > 1 /* second component is non-empty */ + firstcndot - wildcard == 1 /* wildcard is last char in first component */ + && secondcndot - firstcndot > 1 /* second component is non-empty */ && PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */ && !PORT_Strncasecmp(cn, hn, wildcard - cn) && !PORT_Strcasecmp(firstcndot, firsthndot) @@ -1473,23 +1457,20 @@ cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn) netAddr.inet.family == PR_AF_INET) { match = !memcmp(&netAddr.inet.ip, current->name.other.data, 4); - } - else if (current->name.other.len == - 16 && /* IP v6 address */ - netAddr.ipv6.family == PR_AF_INET6) { + } else if (current->name.other.len == + 16 && /* IP v6 address */ + netAddr.ipv6.family == PR_AF_INET6) { match = !memcmp(&netAddr.ipv6.ip, current->name.other.data, 16); - } - else if (current->name.other.len == - 16 && /* IP v6 address */ - netAddr.inet.family == PR_AF_INET) { + } else if (current->name.other.len == + 16 && /* IP v6 address */ + netAddr.inet.family == PR_AF_INET) { /* convert netAddr to ipv6, then compare. */ /* ipv4 must be in Network Byte Order on input. */ PR_ConvertIPv4AddrToIPv6(netAddr.inet.ip, &v6Addr); match = !memcmp(&v6Addr, current->name.other.data, 16); - } - else if (current->name.other.len == 4 && /* IP v4 address */ - netAddr.inet.family == PR_AF_INET6) { + } else if (current->name.other.len == 4 && /* IP v4 address */ + netAddr.inet.family == PR_AF_INET6) { /* convert netAddr to ipv6, then compare. */ PRUint32 ipv4 = (current->name.other.data[0] << 24) | (current->name.other.data[1] << 16) | @@ -1517,8 +1498,7 @@ fail: if (!(isIPaddr ? IPextCount : DNSextCount)) { /* no relevant value in the extension was found. */ PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND); - } - else { + } else { PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); } rv = SECFailure; @@ -1648,8 +1628,7 @@ cert_GetDNSPatternsFromGeneralNames(CERTGeneralName *firstName, addr.inet.family = PR_AF_INET; memcpy(&addr.inet.ip, currentInput->name.other.data, currentInput->name.other.len); - } - else if (currentInput->name.other.len == 16) { + } else if (currentInput->name.other.len == 16) { addr.ipv6.family = PR_AF_INET6; memcpy(&addr.ipv6.ip, currentInput->name.other.data, currentInput->name.other.len); @@ -1787,18 +1766,15 @@ CERT_VerifyCertName(const CERTCertificate *cert, const char *hn) if (isIPaddr) { if (PORT_Strcasecmp(hn, cn) == 0) { rv = SECSuccess; - } - else { + } else { PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); rv = SECFailure; } - } - else { + } else { rv = cert_TestHostName(cn, hn); } PORT_Free(cn); - } - else + } else PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); return rv; } @@ -1811,8 +1787,7 @@ CERT_CompareCerts(const CERTCertificate *c1, const CERTCertificate *c2) comp = SECITEM_CompareItem(&c1->derCert, &c2->derCert); if (comp == SECEqual) { /* certs are the same */ return (PR_TRUE); - } - else { + } else { return (PR_FALSE); } } @@ -1966,8 +1941,7 @@ CERT_MakeCANickname(CERTCertificate *cert) if (firstname) { org = firstname; firstname = NULL; - } - else { + } else { org = PORT_Strdup("Unknown CA"); } } @@ -1985,16 +1959,13 @@ CERT_MakeCANickname(CERTCertificate *cert) if (firstname) { if (count == 1) { nickname = PR_smprintf("%s - %s", firstname, org); - } - else { + } else { nickname = PR_smprintf("%s - %s #%d", firstname, org, count); } - } - else { + } else { if (count == 1) { nickname = PR_smprintf("%s", org); - } - else { + } else { nickname = PR_smprintf("%s #%d", org, count); } } @@ -2104,8 +2075,7 @@ CERT_IsCACert(CERTCertificate *cert, unsigned int *rettype) if (cType & (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA | NS_CERT_TYPE_OBJECT_SIGNING_CA)) { ret = PR_TRUE; - } - else { + } else { SECStatus rv; CERTBasicConstraints constraints; @@ -2254,8 +2224,7 @@ CERT_IsNewer(CERTCertificate *certa, CERTCertificate *certb) return (PR_FALSE); } return (PR_TRUE); - } - else { + } else { /* cert B was issued after cert A, but expires sooner */ /* if B is expired, then pick A */ if (LL_CMP(notAfterB, <, now)) { @@ -2371,8 +2340,7 @@ CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts) case ',': if (pflags == &trust->sslFlags) { pflags = &trust->emailFlags; - } - else { + } else { pflags = &trust->objectSigningFlags; } break; @@ -2489,8 +2457,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, */ /* Bug 1192442 - propagate errors from these calls. */ (void)CERT_AddTempCertToPerm(certs[i], canickname, NULL); - } - else { + } else { (void)CERT_AddTempCertToPerm( certs[i], nickname ? nickname : canickname, NULL); } @@ -2503,8 +2470,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, if (retCerts) { *retCerts = certs; - } - else { + } else { if (certs) { CERT_DestroyCertArray(certs, fcerts); } @@ -2700,8 +2666,7 @@ CERT_SortCBValidity(CERTCertificate *certa, CERTCertificate *certb, void *arg) if (newerbefore) { /* cert A was issued after cert B, but expires sooner */ return (PR_TRUE); - } - else { + } else { /* cert B was issued after cert A, but expires sooner */ return (PR_FALSE); } @@ -2800,8 +2765,7 @@ CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage, * fix the cert decoding code to do this. */ (void)CERT_IsCACert(node->cert, &certType); - } - else { + } else { certType = node->cert->nsCertType; } if (!(certType & requiredCertType)) { @@ -2814,8 +2778,7 @@ CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage, savenode = CERT_LIST_NEXT(node); CERT_RemoveCertListNode(node); node = savenode; - } - else { + } else { node = CERT_LIST_NEXT(node); } } @@ -2836,8 +2799,7 @@ CERT_IsUserCert(CERTCertificate *cert) ((trust.sslFlags & CERTDB_USER) || (trust.emailFlags & CERTDB_USER) || (trust.objectSigningFlags & CERTDB_USER))) { return PR_TRUE; - } - else { + } else { return PR_FALSE; } } @@ -2861,8 +2823,7 @@ CERT_FilterCertListForUserCerts(CERTCertList *certList) freenode = node; node = CERT_LIST_NEXT(node); CERT_RemoveCertListNode(freenode); - } - else { + } else { /* Is a User cert, so leave it in the list */ node = CERT_LIST_NEXT(node); } @@ -2954,8 +2915,7 @@ cert_DestroyLocks(void) if (certRefCountLock) { PZ_DestroyLock(certRefCountLock); certRefCountLock = NULL; - } - else { + } else { rv = SECFailure; } @@ -2963,8 +2923,7 @@ cert_DestroyLocks(void) if (certTrustLock) { PZ_DestroyLock(certTrustLock); certTrustLock = NULL; - } - else { + } else { rv = SECFailure; } return rv; diff --git a/security/nss/lib/certdb/certv3.c b/security/nss/lib/certdb/certv3.c index da4bb270e693..4918ec1635c6 100644 --- a/security/nss/lib/certdb/certv3.c +++ b/security/nss/lib/certdb/certv3.c @@ -138,8 +138,7 @@ CERT_FindSubjectKeyIDExtension(CERTCertificate *cert, SECItem *retItem) rv = SECITEM_CopyItem(NULL, retItem, &decodedValue); } PORT_FreeArena(tmpArena, PR_FALSE); - } - else { + } else { rv = SECFailure; } } @@ -217,8 +216,7 @@ CERT_CheckCertUsage(CERTCertificate *cert, unsigned char usage) if (rv == SECFailure) { rv = (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) ? SECSuccess : SECFailure; - } - else if (!(keyUsage.data[0] & usage)) { + } else if (!(keyUsage.data[0] & usage)) { PORT_SetError(SEC_ERROR_CERT_USAGES_INVALID); rv = SECFailure; } diff --git a/security/nss/lib/certdb/certxutl.c b/security/nss/lib/certdb/certxutl.c index 81070f3a376a..1610da2165cc 100644 --- a/security/nss/lib/certdb/certxutl.c +++ b/security/nss/lib/certdb/certxutl.c @@ -202,8 +202,7 @@ CERT_AddExtensionByOID(void *exthandle, SECItem *oid, SECItem *value, if (rv) { return (SECFailure); } - } - else { + } else { ext->value = *value; } @@ -362,8 +361,7 @@ CERT_MergeExtensions(void *exthandle, CERTCertExtension **extensions) if (tag == 0) { if (SECITEM_ItemsAreEqual(&ext->id, &node->ext->id)) break; - } - else { + } else { if (SECOID_FindOIDTag(&node->ext->id) == tag) { break; } diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c index d8fbe04a0b15..a7baf53bb750 100644 --- a/security/nss/lib/certdb/crl.c +++ b/security/nss/lib/certdb/crl.c @@ -274,8 +274,7 @@ CERT_KeyFromDERCrl(PLArenaPool* arena, SECItem* derCrl, SECItem* key) if (!arena) { /* arena needed for QuickDER */ myArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - } - else { + } else { myArena = arena; } PORT_Memset(&sd, 0, sizeof(sd)); @@ -311,8 +310,7 @@ CERT_CompleteCRLDecodeEntries(CERTSignedCrl* crl) if ((!crl) || (!(extended = (OpaqueCRLFields*)crl->opaque)) || (PR_TRUE == extended->decodingError)) { rv = SECFailure; - } - else { + } else { if (PR_FALSE == extended->partial) { /* the CRL has already been fully decoded */ return SECSuccess; @@ -333,8 +331,7 @@ CERT_CompleteCRLDecodeEntries(CERTSignedCrl* crl) if (SECSuccess == rv) { extended->partial = PR_FALSE; /* successful decode, avoid decoding again */ - } - else { + } else { extended->decodingError = PR_TRUE; extended->badEntries = PR_TRUE; /* cache the decoding failure. If it fails the first time, @@ -387,8 +384,7 @@ CERT_DecodeDERCrlWithFlags(PLArenaPool* narena, SECItem* derSignedCrl, int type, if (!arena) { return NULL; } - } - else { + } else { arena = narena; } @@ -414,8 +410,7 @@ CERT_DecodeDERCrlWithFlags(PLArenaPool* narena, SECItem* derSignedCrl, int type, crl->derCrl = derSignedCrl; /* DER is not copied . The application must keep derSignedCrl until it destroys the CRL */ - } - else { + } else { crl->derCrl = (SECItem*)PORT_ArenaZAlloc(arena, sizeof(SECItem)); if (crl->derCrl == NULL) { goto loser; @@ -561,8 +556,7 @@ SEC_FindCrlByKeyOnSlot(PK11SlotInfo* slot, SECItem* crlKey, int type, if (url) { crl->url = PORT_ArenaStrdup(crl->arena, url); } - } - else { + } else { rv = SECFailure; } @@ -735,8 +729,7 @@ SEC_DestroyCrl(CERTSignedCrl* crl) } } return SECSuccess; - } - else { + } else { return SECFailure; } } @@ -1015,15 +1008,13 @@ InitCRLCache(void) } crlcache_initialized = PR_TRUE; return SECSuccess; - } - else { + } else { PORT_Assert(crlcache.lock); PORT_Assert(crlcache.issuers); if ((NULL == crlcache.lock) || (NULL == crlcache.issuers)) { /* CRL cache not fully initialized */ return SECFailure; - } - else { + } else { /* CRL cache already initialized */ return SECSuccess; } @@ -1047,8 +1038,7 @@ DPCache_Destroy(CRLDPCache* cache) #else PR_DestroyLock(cache->lock); #endif - } - else { + } else { PORT_Assert(0); return SECFailure; } @@ -1092,8 +1082,7 @@ IssuerCache_Destroy(CRLIssuerCache* cache) #ifdef XCRL if (cache->lock) { NSSRWLock_Destroy(cache->lock); - } - else { + } else { PORT_Assert(0); PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; @@ -1407,7 +1396,7 @@ TokenCRLStillExists(CERTSignedCrl* crl) } status = - nssCryptokiCRL_GetAttributes(&instance, NULL, /* XXX sessionOpt */ + nssCryptokiCRL_GetAttributes(&instance, NULL, /* XXX sessionOpt */ arena, NULL, &newsubject, /* subject */ &crl_class, /* class */ NULL, NULL); @@ -1420,8 +1409,7 @@ TokenCRLStillExists(CERTSignedCrl* crl) if (CKO_NETSCAPE_CRL != crl_class) { xstatus = PR_FALSE; } - } - else { + } else { xstatus = PR_FALSE; } NSSArena_Destroy(arena); @@ -1464,8 +1452,7 @@ CachedCrl_Verify(CRLDPCache* cache, CachedCrl* crlobject, PRTime vfdate, with bogus DER. Mark it checked so we won't try again */ PORT_SetError(SEC_ERROR_BAD_DER); return SECSuccess; - } - else { + } else { SECStatus signstatus = SECFailure; if (cache->issuerDERCert) { CERTCertificate* issuer = CERT_NewTempCertificate( @@ -1484,14 +1471,12 @@ CachedCrl_Verify(CRLDPCache* cache, CachedCrl* crlobject, PRTime vfdate, So, we don't cache this verification failure. We'll try to verify the CRL again when a certificate from that issuer becomes available */ - } - else { + } else { crlobject->sigChecked = PR_TRUE; } PORT_SetError(SEC_ERROR_CRL_BAD_SIGNATURE); return SECSuccess; - } - else { + } else { crlobject->sigChecked = PR_TRUE; crlobject->sigValid = PR_TRUE; } @@ -1522,8 +1507,7 @@ DPCache_FetchFromTokens(CRLDPCache* cache, PRTime vfdate, void* wincx) if (SECFailure == rv) { /* fetch failed, add error bit */ cache->invalid |= CRL_CACHE_LAST_FETCH_FAILED; - } - else { + } else { /* fetch was successful, clear this error bit */ cache->invalid &= (~CRL_CACHE_LAST_FETCH_FAILED); } @@ -1546,12 +1530,10 @@ DPCache_FetchFromTokens(CRLDPCache* cache, PRTime vfdate, void* wincx) if (PR_TRUE != added) { rv = CachedCrl_Destroy(returned); returned = NULL; - } - else if (vfdate) { + } else if (vfdate) { rv = CachedCrl_Verify(cache, returned, vfdate, wincx); } - } - else { + } else { /* not enough memory to add the CRL to the cache. mark it invalid so we will try again . */ cache->invalid |= CRL_CACHE_LAST_FETCH_FAILED; @@ -1595,8 +1577,7 @@ CachedCrl_GetEntry(CachedCrl* crl, const SECItem* sn, CERTCrlEntry** returned) acrlEntry = PL_HashTableLookup(crl->entries, (void*)sn); if (acrlEntry) { *returned = acrlEntry; - } - else { + } else { *returned = NULL; } return SECSuccess; @@ -1626,12 +1607,10 @@ DPCache_Lookup(CRLDPCache* cache, const SECItem* sn, CERTCrlEntry** returned) rv = CachedCrl_GetEntry(cache->selected, sn, returned); if (SECSuccess != rv) { return dpcacheLookupError; - } - else { + } else { if (*returned) { return dpcacheFoundEntry; - } - else { + } else { return dpcacheNoEntry; } } @@ -1908,8 +1887,7 @@ SortImperfectCRLs(const void* arg1, const void* arg2) if (!a || !b) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); PORT_Assert(0); - } - else { + } else { PRBool aDecoded = PR_FALSE, bDecoded = PR_FALSE; if ((PR_TRUE == a->sigValid) && (PR_TRUE == b->sigValid)) { /* both CRLs have been validated, choose the latest one */ @@ -1966,8 +1944,7 @@ DPCache_SelectCRL(CRLDPCache* cache) if (PR_TRUE == valid) { /* all CRLs are valid, clear this error */ cache->invalid &= (~CRL_CACHE_INVALID_CRLS); - } - else { + } else { /* some CRLs are invalid, set this error */ cache->invalid |= CRL_CACHE_INVALID_CRLS; } @@ -2098,8 +2075,7 @@ IssuerCache_AddDP(CRLIssuerCache* cache, CERTCertificate* issuer, *newdpc = cache->dpp; return SECSuccess; } - } - else { + } else { /* we should never hit this until we support multiple DPs */ PORT_Assert(dp); /* XCRL allocate a new distribution point cache object, initialize it, @@ -2294,8 +2270,7 @@ AcquireDPCache(CERTCertificate* issuer, const SECItem* subject, rv = SECFailure; } #ifdef GLOBAL_RWLOCK - } - else { + } else { /* somebody else updated before we did */ IssuerCache_Destroy(issuercache); /* destroy the new object */ issuercache = existing; /* use the existing one */ @@ -2310,8 +2285,7 @@ AcquireDPCache(CERTCertificate* issuer, const SECItem* subject, if (PR_TRUE == globalwrite) { NSSRWLock_UnlockWrite(crlcache.lock); globalwrite = PR_FALSE; - } - else { + } else { NSSRWLock_UnlockRead(crlcache.lock); } #else @@ -2334,8 +2308,7 @@ AcquireDPCache(CERTCertificate* issuer, const SECItem* subject, if (SECSuccess != rv) { return SECFailure; } - } - else { + } else { #ifdef GLOBAL_RWLOCK NSSRWLock_UnlockRead(crlcache.lock); #else @@ -2360,8 +2333,7 @@ AcquireDPCache(CERTCertificate* issuer, const SECItem* subject, /* make sure the DP cache is up to date before using it */ rv = DPCache_GetUpToDate(*dpcache, issuer, PR_FALSE == *writeLocked, t, wincx); - } - else { + } else { rv = SECFailure; } } @@ -2379,8 +2351,7 @@ ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked) #ifdef DPC_RWLOCK if (PR_TRUE == writeLocked) { NSSRWLock_UnlockWrite(dpcache->lock); - } - else { + } else { NSSRWLock_UnlockRead(dpcache->lock); } #else @@ -2446,18 +2417,15 @@ cert_CheckCertRevocationStatus(CERTCertificate* cert, CERTCertificate* issuer, is past the revocation date */ if (t >= revocationDate) { rv = SECFailure; - } - else { + } else { status = certRevocationStatusValid; } - } - else { + } else { /* invalid revocation date, consider the certificate permanently revoked */ rv = SECFailure; } - } - else { + } else { /* no revocation date, certificate is permanently revoked */ rv = SECFailure; } @@ -2761,8 +2729,7 @@ addCRLToCache(CERTCertDBHandle* dbhandle, SECItem* crl, if (SECSuccess == CERT_CacheCRL(dbhandle, entry->crl)) { entry->inCRLCache = PR_TRUE; entry->successfulInsertionTime = entry->lastAttemptTime; - } - else { + } else { switch (PR_GetError()) { case SEC_ERROR_CRL_ALREADY_EXISTS: entry->dupe = PR_TRUE; @@ -2829,8 +2796,7 @@ cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, NamedCRLCacheEntry_Destroy(newEntry); rv = SECFailure; } - } - else { + } else { PRBool removed; /* remove the old CRL from the cache if needed */ if (oldEntry->inCRLCache) { @@ -2844,8 +2810,7 @@ cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, rv = SECFailure; /* leak old entry since we couldn't remove it from the hash * table */ - } - else { + } else { PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); } if (NULL == PL_HashTableAdd(namedCRLCache.entries, @@ -2855,8 +2820,7 @@ cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, rv = SECFailure; } } - } - else { + } else { /* error adding new CRL to cache */ if (!oldEntry) { /* no old cache entry, use the new one even though it's bad */ @@ -2866,16 +2830,14 @@ cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, PORT_Assert(0); rv = SECFailure; } - } - else { + } else { if (oldEntry->inCRLCache) { /* previous cache entry was good, keep it and update time */ oldEntry->lastAttemptTime = newEntry->lastAttemptTime; /* throw away new bad entry */ rv = NamedCRLCacheEntry_Destroy(newEntry); PORT_Assert(SECSuccess == rv); - } - else { + } else { /* previous cache entry was bad, just replace it */ PRBool removed = PL_HashTableRemove( namedCRLCache.entries, (void*)oldEntry->canonicalizedName); @@ -2884,8 +2846,7 @@ cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, /* leak old entry since we couldn't remove it from the hash * table */ rv = SECFailure; - } - else { + } else { PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); } if (NULL == PL_HashTableAdd(namedCRLCache.entries, @@ -3064,8 +3025,7 @@ CachedCrl_Compare(CachedCrl* a, CachedCrl* b, PRBool* isDupe, PRBool* isUpdated) if (SECEqual == SECITEM_CompareItem(b->crl->derCrl, a->crl->derCrl)) { *isDupe = PR_TRUE; - } - else { + } else { *isUpdated = PR_TRUE; } } diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c index 8e679415ed63..fe48df839c67 100644 --- a/security/nss/lib/certdb/genname.c +++ b/security/nss/lib/certdb/genname.c @@ -199,8 +199,7 @@ cert_CopyOneGeneralName(PLArenaPool *arena, CERTGeneralName *dest, } if (rv != SECSuccess) { PORT_ArenaRelease(arena, mark); - } - else { + } else { PORT_ArenaUnmark(arena, mark); } return rv; @@ -218,8 +217,7 @@ CERT_DestroyGeneralNameList(CERTGeneralNameList *list) PORT_FreeArena(list->arena, PR_FALSE); PZ_Unlock(lock); PZ_DestroyLock(lock); - } - else { + } else { PZ_Unlock(lock); } } @@ -438,8 +436,7 @@ CERT_DecodeGeneralName(PLArenaPool *reqArena, SECItem *encodedName, genName = CERT_NewGeneralName(reqArena, genNameType); if (!genName) goto loser; - } - else { + } else { genName->type = genNameType; genName->l.prev = genName->l.next = &genName->l; } @@ -706,8 +703,7 @@ cert_DecodeNameConstraintSubTree(PLArenaPool *arena, SECItem **subTree, } if (first == NULL) { first = current; - } - else { + } else { current->l.prev = &(last->l); last->l.next = &(current->l); } @@ -816,8 +812,7 @@ CERT_CopyGeneralName(PLArenaPool *arena, CERTGeneralName *dest, destHead->l.prev = &temp->l; dest->l.next = &temp->l; dest = temp; - } - else { + } else { dest = CERT_GetNextGeneralName(dest); } } @@ -889,11 +884,9 @@ cert_CombineNamesLists(CERTGeneralName *list1, CERTGeneralName *list2) if (list1 == NULL) { return list2; - } - else if (list2 == NULL) { + } else if (list2 == NULL) { return list1; - } - else { + } else { begin1 = &list1->l; begin2 = &list2->l; end1 = list1->l.prev; @@ -917,11 +910,9 @@ cert_CombineConstraintsLists(CERTNameConstraint *list1, if (list1 == NULL) { return list2; - } - else if (list2 == NULL) { + } else if (list2 == NULL) { return list1; - } - else { + } else { begin1 = &list1->l; begin2 = &list2->l; end1 = list1->l.prev; @@ -1548,16 +1539,14 @@ CERT_AddNameConstraintByGeneralName(PLArenaPool *arena, if (first == NULL) { *constraints = current; PR_INIT_CLIST(¤t->l); - } - else { + } else { PR_INSERT_BEFORE(¤t->l, &first->l); } done: if (rv == SECFailure) { PORT_ArenaRelease(arena, mark); - } - else { + } else { PORT_ArenaUnmark(arena, mark); } return rv; @@ -1694,8 +1683,7 @@ CERT_FindNameConstraintsExten(PLArenaPool *arena, CERTCertificate *cert, if (rv == SECFailure) { PORT_ArenaRelease(arena, mark); - } - else { + } else { PORT_ArenaUnmark(arena, mark); } diff --git a/security/nss/lib/certdb/polcyxtn.c b/security/nss/lib/certdb/polcyxtn.c index 664d7dd786e3..aae34e243370 100644 --- a/security/nss/lib/certdb/polcyxtn.c +++ b/security/nss/lib/certdb/polcyxtn.c @@ -291,16 +291,14 @@ CERT_DecodePolicyConstraintsExtension( if (decodeContext.explicitPolicySkipCerts.len == 0) { *(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = -1; - } - else { + } else { *(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = DER_GetInteger(&decodeContext.explicitPolicySkipCerts); } if (decodeContext.inhibitMappingSkipCerts.len == 0) { *(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = -1; - } - else { + } else { *(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = DER_GetInteger(&decodeContext.inhibitMappingSkipCerts); } @@ -475,8 +473,7 @@ stringFromUserNotice(SECItem *noticeItem) if (policystr != NULL) { if (retstr != NULL) { retstr = PR_sprintf_append(retstr, "\n%s", policystr); - } - else { + } else { retstr = PR_sprintf_append(retstr, "%s", policystr); } diff --git a/security/nss/lib/certdb/secname.c b/security/nss/lib/certdb/secname.c index fad76adf1329..1fcae97762f2 100644 --- a/security/nss/lib/certdb/secname.c +++ b/security/nss/lib/certdb/secname.c @@ -54,8 +54,7 @@ AddToArray(PLArenaPool *arena, void **array, void *element) array = (void **)PORT_ArenaGrow(arena, array, (count + 1) * sizeof(void *), (count + 2) * sizeof(void *)); - } - else { + } else { array = (void **)PORT_ArenaAlloc(arena, (count + 2) * sizeof(void *)); } if (array) { @@ -346,8 +345,7 @@ CERT_CreateName(CERTRDN *rdn0, ...) /* Count number of RDNs going into the Name */ if (!rdn0) { count = 0; - } - else { + } else { count = 1; va_start(ap, rdn0); while ((rdn = va_arg(ap, CERTRDN *)) != 0) { @@ -468,8 +466,7 @@ canonicalize(SECItem *foo) ch = ' '; if (ch == lastch) continue; - } - else if (ch >= 'A' && ch <= 'Z') { + } else if (ch >= 'A' && ch <= 'Z') { ch |= 0x20; /* downshift */ } foo->data[dest++] = lastch = ch; @@ -522,8 +519,7 @@ CERT_CompareAVA(const CERTAVA *a, const CERTAVA *b) } SECITEM_FreeItem(aVal, PR_TRUE); SECITEM_FreeItem(bVal, PR_TRUE); - } - else if (a->value.data[0] == 0x13) { /* both are printable strings. */ + } else if (a->value.data[0] == 0x13) { /* both are printable strings. */ /* printable strings */ rv = CERT_CompareDERPrintableStrings(&a->value, &b->value); } diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c index 20a4fdfdc6ea..a65ad5cb84c5 100644 --- a/security/nss/lib/certdb/stanpcertdb.c +++ b/security/nss/lib/certdb/stanpcertdb.c @@ -93,8 +93,7 @@ CERT_GetCertTrust(const CERTCertificate *cert, CERTCertTrust *trust) CERT_LockCertTrust(cert); if (cert->trust == NULL) { rv = SECFailure; - } - else { + } else { *trust = *cert->trust; rv = SECSuccess; } @@ -359,8 +358,7 @@ CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert, nssCertificate_Destroy(c); PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL); cc = NULL; - } - else { + } else { cc = STAN_GetCERTCertificateOrRelease(c); if (cc == NULL) { CERT_MapStanError(); @@ -384,8 +382,7 @@ CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert, if (copyDER) { nssItem_Create(c->object.arena, &c->encoding, derCert->len, derCert->data); - } - else { + } else { NSSITEM_FROM_SECITEM(&c->encoding, derCert); } /* Forces a decoding of the cert in order to obtain the parts used @@ -481,8 +478,7 @@ get_best_temp_or_perm(NSSCertificate *ct, NSSCertificate *cp) NSSCertificate *arr[3]; if (!ct) { return nssCertificate_AddRef(cp); - } - else if (!cp) { + } else if (!cp) { return nssCertificate_AddRef(ct); } arr[0] = ct; @@ -565,8 +561,7 @@ CERT_FindCertByNickname(CERTCertDBHandle *handle, const char *nickname) if (ct) { CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct)); } - } - else { + } else { c = ct; } return c ? STAN_GetCERTCertificateOrRelease(c) : NULL; @@ -627,8 +622,7 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, if (anyUsage) { cert = PK11_FindCertFromNickname(name, NULL); - } - else { + } else { if (ct) { /* Does ct really have the required usage? */ nssDecodedCert *dc; @@ -657,8 +651,7 @@ common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle, if (ct) { CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct)); } - } - else { + } else { c = ct; } return c ? STAN_GetCERTCertificateOrRelease(c) : NULL; @@ -693,8 +686,7 @@ add_to_subject_list(CERTCertList *certList, CERTCertificate *cert, if (secrv != SECSuccess) { CERT_DestroyCertificate(cert); } - } - else { + } else { CERT_DestroyCertificate(cert); } } @@ -776,8 +768,7 @@ CERT_DestroyCertificate(CERTCertificate *cert) if (tmp) { /* delete the NSSCertificate */ NSSCertificate_Destroy(tmp); - } - else if (cert->arena) { + } else if (cert->arena) { PORT_FreeArena(cert->arena, PR_FALSE); } } @@ -821,8 +812,7 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr, SECITEM_FROM_NSSITEM(&oldproftime, stanProfile->profileTime); oldProfileTime = &oldproftime; } - } - else { + } else { oldProfile = PK11_FindSMimeProfile(&slot, (char *)emailAddr, &cert->derSubject, &oldProfileTime); freeOldProfile = PR_TRUE; @@ -833,23 +823,20 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr, /* both profileTime and emailProfile have to exist or not exist */ if (emailProfile == NULL) { profileTime = NULL; - } - else if (profileTime == NULL) { + } else if (profileTime == NULL) { emailProfile = NULL; } if (oldProfileTime == NULL) { saveit = PR_TRUE; - } - else { + } else { /* there was already a profile for this email addr */ if (profileTime) { /* we have an old and new profile - save whichever is more recent*/ if (oldProfileTime->len == 0) { /* always replace if old entry doesn't have a time */ oldtime = LL_MININT; - } - else { + } else { rv = DER_UTCTimeToTime(&oldtime, oldProfileTime); if (rv != SECSuccess) { goto loser; @@ -865,8 +852,7 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr, /* this is a newer profile, save it and cert */ saveit = PR_TRUE; } - } - else { + } else { saveit = PR_TRUE; } } @@ -882,8 +868,7 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr, arena, NULL, profileTime->len, profileTime->data); stanProfile->profileData = nssItem_Create( arena, NULL, emailProfile->len, emailProfile->data); - } - else if (profileTime && emailProfile) { + } else if (profileTime && emailProfile) { PRStatus nssrv; NSSItem profTime, profData; NSSITEM_FROM_SECITEM(&profTime, profileTime); @@ -894,14 +879,12 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr, nssrv = nssCryptoContext_ImportSMIMEProfile(cc, stanProfile); rv = (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure; } - } - else { + } else { rv = PK11_SaveSMimeProfile(slot, (char *)emailAddr, &cert->derSubject, emailProfile, profileTime); } - } - else { + } else { rv = SECSuccess; } diff --git a/security/nss/lib/certdb/xauthkid.c b/security/nss/lib/certdb/xauthkid.c index 3f95fed9a656..c7ef046db0cf 100644 --- a/security/nss/lib/certdb/xauthkid.c +++ b/security/nss/lib/certdb/xauthkid.c @@ -62,8 +62,7 @@ CERT_EncodeAuthKeyID(PLArenaPool *arena, CERTAuthKeyID *value, PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID); break; } - } - else if (value->authCertSerialNumber.data) { + } else if (value->authCertSerialNumber.data) { PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID); break; } diff --git a/security/nss/lib/certdb/xbsconst.c b/security/nss/lib/certdb/xbsconst.c index a74c28089603..8a448eddfe96 100644 --- a/security/nss/lib/certdb/xbsconst.c +++ b/security/nss/lib/certdb/xbsconst.c @@ -126,16 +126,14 @@ CERT_DecodeBasicConstraintValue(CERTBasicConstraints *value, */ if (value->isCA) value->pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT; - } - else if (value->isCA) { + } else if (value->isCA) { long len = DER_GetInteger(&decodeContext.pathLenConstraint); if (len < 0 || len == LONG_MAX) { PORT_SetError(SEC_ERROR_BAD_DER); GEN_BREAK(SECFailure); } value->pathLenConstraint = len; - } - else { + } else { /* here we get an error where the subject is not a CA, but the pathLenConstraint is set */ PORT_SetError(SEC_ERROR_BAD_DER); diff --git a/security/nss/lib/certhigh/certhigh.c b/security/nss/lib/certhigh/certhigh.c index 2cb6b8c81a9a..35064b587b79 100644 --- a/security/nss/lib/certhigh/certhigh.c +++ b/security/nss/lib/certhigh/certhigh.c @@ -40,8 +40,7 @@ CERT_MatchNickname(char *name1, char *name2) if (token1) { nickname1 = token1; nickname2 = name2; - } - else { + } else { nickname1 = token2; nickname2 = name1; } @@ -167,8 +166,7 @@ CERT_FindUserCertsByUsage(CERTCertDBHandle *handle, freenode = node; node = CERT_LIST_NEXT(node); CERT_RemoveCertListNode(freenode); - } - else { + } else { /* keep the first cert for each nickname, but set the * flag so we know to delete any others with the same * nickname. @@ -908,8 +906,7 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool trust.sslFlags = CERTDB_VALID_CA; trust.emailFlags = CERTDB_VALID_CA; trust.objectSigningFlags = CERTDB_VALID_CA; - } - else { + } else { /* SSL ca's must have the ssl bit set */ if ((certUsage == certUsageSSLCA) && ((certtype & NS_CERT_TYPE_SSL_CA) != NS_CERT_TYPE_SSL_CA)) { @@ -959,8 +956,7 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool if (nickname) { PORT_Free(nickname); } - } - else { + } else { rv = SECSuccess; } @@ -1093,8 +1089,7 @@ CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage, } if (!includeRoot && len > 1) { chain->len = len - 1; - } - else { + } else { chain->len = len; } diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index cb23ab374b73..a86f8a0cfac9 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -61,12 +61,10 @@ checkKeyParams(const SECAlgorithmID *sigAlgorithm, const SECKEYPublicKey *key) !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) { PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); return SECFailure; - } - else { + } else { return SECSuccess; } - } - else { + } else { PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); return SECFailure; } @@ -343,22 +341,19 @@ cert_AddToVerifyLog(CERTVerifyLog *log, CERTCertificate *cert, long error, log->head = log->tail = node; node->prev = NULL; node->next = NULL; - } - else if (depth >= log->tail->depth) { + } else if (depth >= log->tail->depth) { /* add to tail */ node->prev = log->tail; log->tail->next = node; log->tail = node; node->next = NULL; - } - else if (depth < log->head->depth) { + } else if (depth < log->head->depth) { /* add at head */ node->prev = NULL; node->next = log->head; log->head->prev = node; log->head = node; - } - else { + } else { /* add in middle */ tnode = log->tail; while (tnode != NULL) { @@ -389,8 +384,7 @@ cert_AddToVerifyLog(CERTVerifyLog *log, CERTCertificate *cert, long error, if (log != NULL) { \ cert_AddToVerifyLog(log, cert, PORT_GetError(), depth, \ (void *)(PRWord)arg); \ - } \ - else { \ + } else { \ goto loser; \ } @@ -458,14 +452,14 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, PORT_Assert(0); EXIT_IF_NOT_LOGGING(log); /* XXX continuing with requiredFlags = 0 seems wrong. It'll - * cause the following test to be true incorrectly: - * flags = SEC_GET_TRUST_FLAGS(issuerCert->trust, trustType); - * if (( flags & requiredFlags ) == requiredFlags) { - * rv = rvFinal; - * goto done; - * } - * There are three other instances of this problem. - */ + * cause the following test to be true incorrectly: + * flags = SEC_GET_TRUST_FLAGS(issuerCert->trust, trustType); + * if (( flags & requiredFlags ) == requiredFlags) { + * rv = rvFinal; + * goto done; + * } + * There are three other instances of this problem. + */ requiredFlags = 0; trustType = trustSSL; } @@ -475,8 +469,8 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, EXIT_IF_NOT_LOGGING(log); requiredFlags = 0; trustType = trustSSL; /* This used to be 0, but we need something - * that matches the enumeration type. - */ + * that matches the enumeration type. + */ caCertType = 0; } @@ -503,10 +497,10 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool validCAOverride = PR_FALSE; /* Construct a list of names for the current and all previous - * certifcates (except leaf (EE) certs, root CAs, and self-issued - * intermediate CAs) to be verified against the name constraints - * extension of the issuer certificate. - */ + * certifcates (except leaf (EE) certs, root CAs, and self-issued + * intermediate CAs) to be verified against the name constraints + * extension of the issuer certificate. + */ if (subjectCertIsSelfIssued == PR_FALSE) { CERTGeneralName *subjectNameList; int subjectNameListLen; @@ -565,8 +559,7 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, if (PORT_GetError() == SEC_ERROR_EXPIRED_CERTIFICATE) { PORT_SetError(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE); LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, 0); - } - else { + } else { if (PORT_GetError() != SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED) { PORT_SetError(SEC_ERROR_BAD_SIGNATURE); @@ -577,13 +570,13 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, } /* If the basicConstraint extension is included in an immediate CA - * certificate, make sure that the isCA flag is on. If the - * pathLenConstraint component exists, it must be greater than the - * number of CA certificates we have seen so far. If the extension - * is omitted, we will assume that this is a CA certificate with - * an unlimited pathLenConstraint (since it already passes the - * netscape-cert-type extension checking). - */ + * certificate, make sure that the isCA flag is on. If the + * pathLenConstraint component exists, it must be greater than the + * number of CA certificates we have seen so far. If the extension + * is omitted, we will assume that this is a CA certificate with + * an unlimited pathLenConstraint (since it already passes the + * netscape-cert-type extension checking). + */ rv = CERT_FindBasicConstraintExten(issuerCert, &basicConstraint); if (rv != SECSuccess) { @@ -593,8 +586,7 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, pathLengthLimit = CERT_UNLIMITED_PATH_CONSTRAINT; /* no basic constraints found, we aren't (yet) a CA. */ isca = PR_FALSE; - } - else { + } else { if (basicConstraint.isCA == PR_FALSE) { PORT_SetError(SEC_ERROR_CA_CERT_INVALID); LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, 0); @@ -620,8 +612,8 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, } /* XXX - the error logging may need to go down into CRL stuff at some - * point - */ + * point + */ /* check revoked list (issuer) */ rv = SEC_CheckCRL(handle, subjectCert, issuerCert, t, wincx); if (rv == SECFailure) { @@ -629,8 +621,7 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, *revoked = PR_TRUE; } LOG_ERROR_OR_EXIT(log, subjectCert, count, 0); - } - else if (rv == SECWouldBlock) { + } else if (rv == SECWouldBlock) { /* We found something fishy, so we intend to issue an * error to the user, but the user may wish to continue * processing, in which case we better make sure nothing @@ -644,26 +635,24 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, if (CERT_GetCertTrust(issuerCert, &issuerTrust) == SECSuccess) { /* we have some trust info, but this does NOT imply that this - * cert is actually trusted for any purpose. The cert may be - * explicitly UNtrusted. We won't know until we examine the - * trust bits. - */ + * cert is actually trusted for any purpose. The cert may be + * explicitly UNtrusted. We won't know until we examine the + * trust bits. + */ unsigned int flags; if (certUsage != certUsageAnyCA && certUsage != certUsageStatusResponder) { /* - * XXX This choice of trustType seems arbitrary. - */ + * XXX This choice of trustType seems arbitrary. + */ if (certUsage == certUsageVerifyCA) { if (subjectCert->nsCertType & NS_CERT_TYPE_EMAIL_CA) { trustType = trustEmail; - } - else if (subjectCert->nsCertType & NS_CERT_TYPE_SSL_CA) { + } else if (subjectCert->nsCertType & NS_CERT_TYPE_SSL_CA) { trustType = trustSSL; - } - else { + } else { trustType = trustObjectSigning; } } @@ -681,12 +670,11 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, if ((flags & CERTDB_TERMINAL_RECORD) && ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0)) { /* untrusted -- the cert is explicitly untrusted, not - * just that it doesn't chain to a trusted cert */ + * just that it doesn't chain to a trusted cert */ PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER); LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, flags); } - } - else { + } else { /* Check if we have any valid trust when cheching for * certUsageAnyCA or certUsageStatusResponder. */ for (trustType = trustSSL; trustType < trustTypeNone; @@ -700,9 +688,9 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, validCAOverride = PR_TRUE; } /* We have 2 separate loops because we want any single trust - * bit to allow this usage to return trusted. Only if none of - * the trust bits are on do we check to see if the cert is - * untrusted */ + * bit to allow this usage to return trusted. Only if none of + * the trust bits are on do we check to see if the cert is + * untrusted */ for (trustType = trustSSL; trustType < trustTypeNone; trustType++) { flags = SEC_GET_TRUST_FLAGS(&issuerTrust, trustType); @@ -710,7 +698,7 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, if ((flags & CERTDB_TERMINAL_RECORD) && ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0)) { /* untrusted -- the cert is explicitly untrusted, not - * just that it doesn't chain to a trusted cert */ + * just that it doesn't chain to a trusted cert */ PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER); LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, flags); } @@ -720,14 +708,14 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, if (!validCAOverride) { /* - * Make sure that if this is an intermediate CA in the chain that - * it was given permission by its signer to be a CA. - */ + * Make sure that if this is an intermediate CA in the chain that + * it was given permission by its signer to be a CA. + */ /* - * if basicConstraints says it is a ca, then we check the - * nsCertType. If the nsCertType has any CA bits set, then - * it must have the right one. - */ + * if basicConstraints says it is a ca, then we check the + * nsCertType. If the nsCertType has any CA bits set, then + * it must have the right one. + */ if (!isca || (issuerCert->nsCertType & NS_CERT_TYPE_CA)) { isca = (issuerCert->nsCertType & caCertType) ? PR_TRUE : PR_FALSE; } @@ -745,17 +733,17 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, } /* make sure that the issuer is not self signed. If it is, then - * stop here to prevent looping. - */ + * stop here to prevent looping. + */ if (issuerCert->isRoot) { PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER); LOG_ERROR(log, issuerCert, count + 1, 0); goto loser; } /* The issuer cert will be the subject cert in the next loop. - * A cert is self-issued if its subject and issuer are equal and - * both are of non-zero length. - */ + * A cert is self-issued if its subject and issuer are equal and + * both are of non-zero length. + */ subjectCertIsSelfIssued = (PRBool) SECITEM_ItemsAreEqual(&issuerCert->derIssuer, &issuerCert->derSubject) && @@ -763,8 +751,8 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, 0; if (subjectCertIsSelfIssued == PR_FALSE) { /* RFC 3280 says only non-self-issued intermediate CA certs - * count in path length. - */ + * count in path length. + */ ++currentPathLen; } @@ -871,8 +859,8 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert, EXIT_IF_NOT_LOGGING(log); requiredFlags = 0; trustType = trustSSL; /* This used to be 0, but we need something - * that matches the enumeration type. - */ + * that matches the enumeration type. + */ caCertType = 0; } @@ -892,8 +880,7 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert, } /* no basic constraints found, we aren't (yet) a CA. */ isca = PR_FALSE; - } - else { + } else { if (basicConstraint.isCA == PR_FALSE) { PORT_SetError(SEC_ERROR_CA_CERT_INVALID); LOG_ERROR_OR_EXIT(log, cert, 0, 0); @@ -905,10 +892,10 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert, if (CERT_GetCertTrust(cert, &certTrust) == SECSuccess) { /* we have some trust info, but this does NOT imply that this - * cert is actually trusted for any purpose. The cert may be - * explicitly UNtrusted. We won't know until we examine the - * trust bits. - */ + * cert is actually trusted for any purpose. The cert may be + * explicitly UNtrusted. We won't know until we examine the + * trust bits. + */ if (certUsage == certUsageStatusResponder) { /* Check the special case of certUsageStatusResponder */ issuerCert = CERT_FindCertIssuer(cert, t, certUsage); @@ -922,16 +909,16 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert, CERT_DestroyCertificate(issuerCert); } /* XXX We have NOT determined that this cert is trusted. - * For years, NSS has treated this as trusted, - * but it seems incorrect. - */ + * For years, NSS has treated this as trusted, + * but it seems incorrect. + */ rv = rvFinal; goto done; } /* - * check the trust params of the issuer - */ + * check the trust params of the issuer + */ flags = SEC_GET_TRUST_FLAGS(&certTrust, trustType); if ((flags & requiredFlags) == requiredFlags) { /* we found a trusted one, so return */ @@ -945,21 +932,21 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert, if ((flags & CERTDB_TERMINAL_RECORD) && ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0)) { /* untrusted -- the cert is explicitly untrusted, not - * just that it doesn't chain to a trusted cert */ + * just that it doesn't chain to a trusted cert */ PORT_SetError(SEC_ERROR_UNTRUSTED_CERT); LOG_ERROR_OR_EXIT(log, cert, 0, flags); } } if (!validCAOverride) { /* - * Make sure that if this is an intermediate CA in the chain that - * it was given permission by its signer to be a CA. - */ + * Make sure that if this is an intermediate CA in the chain that + * it was given permission by its signer to be a CA. + */ /* - * if basicConstraints says it is a ca, then we check the - * nsCertType. If the nsCertType has any CA bits set, then - * it must have the right one. - */ + * if basicConstraints says it is a ca, then we check the + * nsCertType. If the nsCertType has any CA bits set, then + * it must have the right one. + */ if (!isca || (cert->nsCertType & NS_CERT_TYPE_CA)) { isca = (cert->nsCertType & caCertType) ? PR_TRUE : PR_FALSE; } @@ -1041,12 +1028,11 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage, /* is the cert directly trusted or not trusted ? */ if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is - * authoritative */ + * authoritative */ if (flags & CERTDB_TRUSTED) { /* trust this cert */ *trusted = PR_TRUE; return SECSuccess; - } - else { /* don't trust this cert */ + } else { /* don't trust this cert */ *failedFlags = flags; return SECFailure; } @@ -1056,7 +1042,7 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage, /* XXX - step up certs can't be directly trusted, only distrust */ flags = trust.sslFlags; if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is - * authoritative */ + * authoritative */ if ((flags & CERTDB_TRUSTED) == 0) { /* don't trust this cert */ *failedFlags = flags; @@ -1067,7 +1053,7 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage, case certUsageSSLCA: flags = trust.sslFlags; if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is - * authoritative */ + * authoritative */ if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) { /* don't trust this cert */ *failedFlags = flags; @@ -1079,12 +1065,11 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage, case certUsageEmailRecipient: flags = trust.emailFlags; if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is - * authoritative */ + * authoritative */ if (flags & CERTDB_TRUSTED) { /* trust this cert */ *trusted = PR_TRUE; return SECSuccess; - } - else { /* don't trust this cert */ + } else { /* don't trust this cert */ *failedFlags = flags; return SECFailure; } @@ -1095,12 +1080,11 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage, flags = trust.objectSigningFlags; if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is - * authoritative */ + * authoritative */ if (flags & CERTDB_TRUSTED) { /* trust this cert */ *trusted = PR_TRUE; return SECSuccess; - } - else { /* don't trust this cert */ + } else { /* don't trust this cert */ *failedFlags = flags; return SECFailure; } @@ -1135,7 +1119,7 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage, /* do we distrust these certs explicitly */ flags = trust.sslFlags; if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is - * authoritative */ + * authoritative */ if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) { *failedFlags = flags; return SECFailure; @@ -1143,7 +1127,7 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage, } flags = trust.emailFlags; if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is - * authoritative */ + * authoritative */ if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) { *failedFlags = flags; return SECFailure; @@ -1153,7 +1137,7 @@ cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage, case certUsageProtectedObjectSigner: flags = trust.objectSigningFlags; if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is - * authoritative */ + * authoritative */ if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) { *failedFlags = flags; return SECFailure; @@ -1207,8 +1191,7 @@ CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert, if (returnedUsages) { *returnedUsages = 0; - } - else { + } else { /* we don't have a place to return status for all usages, so we can skip checks for usages that aren't required */ checkAllUsages = PR_FALSE; @@ -1293,8 +1276,7 @@ CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert, } LOG_ERROR(log, cert, 0, flags); INVALID_USAGE(); - } - else if (trusted) { + } else if (trusted) { VALID_USAGE(); } @@ -1434,8 +1416,7 @@ cert_VerifyCertWithFlags(CERTCertDBHandle *handle, CERTCertificate *cert, if (rv == SECFailure) { PORT_SetError(SEC_ERROR_UNTRUSTED_CERT); LOG_ERROR_OR_EXIT(log, cert, 0, failedFlags); - } - else if (trusted) { + } else if (trusted) { goto done; } @@ -1502,12 +1483,12 @@ CERT_VerifyCertNow(CERTCertDBHandle *handle, CERTCertificate *cert, /* [ FROM pcertdb.c ] */ /* * Supported usage values and types: - * certUsageSSLClient - * certUsageSSLServer - * certUsageSSLServerWithStepUp - * certUsageEmailSigner - * certUsageEmailRecipient - * certUsageObjectSigner + * certUsageSSLClient + * certUsageSSLServer + * certUsageSSLServerWithStepUp + * certUsageEmailSigner + * certUsageEmailRecipient + * certUsageObjectSigner */ CERTCertificate * @@ -1561,16 +1542,15 @@ CERT_FindMatchingCert(CERTCertDBHandle *handle, SECItem *derName, if (CERT_GetCertTrust(cert, &certTrust) != SECSuccess) { flags = 0; - } - else { + } else { flags = SEC_GET_TRUST_FLAGS(&certTrust, requiredTrustType); } if ((flags & requiredTrustFlags) != requiredTrustFlags) { /* cert is not trusted */ /* if this is the first cert to get this far, then save - * it, so we can use it if we can't find a trusted one - */ + * it, so we can use it if we can't find a trusted one + */ if (saveUntrustedCA == NULL) { saveUntrustedCA = cert; } @@ -1614,11 +1594,11 @@ loser: * Filter a list of certificates, removing those certs that do not have * one of the named CA certs somewhere in their cert chain. * - * "certList" - the list of certificates to filter - * "nCANames" - number of CA names - * "caNames" - array of CA names in string(rfc 1485) form - * "usage" - what use the certs are for, this is used when - * selecting CA certs + * "certList" - the list of certificates to filter + * "nCANames" - number of CA names + * "caNames" - array of CA names in string(rfc 1485) form + * "usage" - what use the certs are for, this is used when + * selecting CA certs */ SECStatus CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames, @@ -1683,8 +1663,7 @@ CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames, freenode = node; node = CERT_LIST_NEXT(node); CERT_RemoveCertListNode(freenode); - } - else { + } else { /* CA was found, so leave it in the list */ node = CERT_LIST_NEXT(node); } @@ -1699,12 +1678,12 @@ CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames, * certificate. * * "arena" - arena to allocate returned string from. If NULL, then heap - * is used. + * is used. * "cert" - the cert to get nickname from * "expiredString" - the string to append to the nickname if the cert is - * expired. + * expired. * "notYetGoodString" - the string to append to the nickname if the cert is - * not yet good. + * not yet good. */ char * CERT_GetCertNicknameWithValidity(PLArenaPool *arena, CERTCertificate *cert, @@ -1719,30 +1698,26 @@ CERT_GetCertNicknameWithValidity(PLArenaPool *arena, CERTCertificate *cert, if (validity == secCertTimeValid) { if (arena == NULL) { nickname = PORT_Strdup(cert->nickname); - } - else { + } else { nickname = PORT_ArenaStrdup(arena, cert->nickname); } if (nickname == NULL) { goto loser; } - } - else { + } else { /* if the cert is not valid, then tack one of the strings on the - * end - */ + * end + */ if (validity == secCertTimeExpired) { tmpstr = PR_smprintf("%s%s", cert->nickname, expiredString); - } - else if (validity == secCertTimeNotValidYet) { + } else if (validity == secCertTimeNotValidYet) { /* not yet valid */ tmpstr = PR_smprintf("%s%s", cert->nickname, notYetGoodString); - } - else { + } else { /* undetermined */ tmpstr = PR_smprintf("%s", "(NULL) (Validity Unknown)"); @@ -1756,8 +1731,7 @@ CERT_GetCertNicknameWithValidity(PLArenaPool *arena, CERTCertificate *cert, /* copy the string into the arena and free the malloc'd one */ nickname = PORT_ArenaStrdup(arena, tmpstr); PORT_Free(tmpstr); - } - else { + } else { nickname = tmpstr; } if (nickname == NULL) { @@ -1777,7 +1751,7 @@ loser: * "certList" - the list of certificates * "expiredString" - the string to append to the nickname of any expired cert * "notYetGoodString" - the string to append to the nickname of any cert - * that is not yet valid + * that is not yet valid */ CERTCertNicknames * CERT_NicknameStringsFromCertList(CERTCertList *certList, char *expiredString, @@ -1859,10 +1833,10 @@ loser: * expiredString or notYetGoodString appended. * * Args: - * "namestring" - the string containing the nickname, and possibly - * one of the validity label strings - * "expiredString" - the expired validity label string - * "notYetGoodString" - the not yet good validity label string + * "namestring" - the string containing the nickname, and possibly + * one of the validity label strings + * "expiredString" - the expired validity label string + * "notYetGoodString" - the not yet good validity label string * * Returns the raw nickname */ diff --git a/security/nss/lib/certhigh/certvfypkix.c b/security/nss/lib/certhigh/certvfypkix.c index d87304bc4708..5c11d7f6fff6 100644 --- a/security/nss/lib/certhigh/certvfypkix.c +++ b/security/nss/lib/certhigh/certvfypkix.c @@ -696,8 +696,7 @@ cleanup: if (PKIX_ERROR_RECEIVED) { if (validChain) { CERT_DestroyCertList(validChain); - } - else if (arena) { + } else if (arena) { PORT_FreeArena(arena, PR_FALSE); } if (nssCert) { @@ -838,8 +837,7 @@ cert_PkixErrorToNssCode( PORT_Assert(nssErr); if (!nssErr) { *pNssErr = SEC_ERROR_LIBPKIX_INTERNAL; - } - else { + } else { *pNssErr = nssErr; } @@ -898,8 +896,7 @@ cert_GetLogFromVerifyNode( } } PKIX_RETURN(CERTVFYPKIX); - } - else { + } else { PRUint32 i = 0; PKIX_UInt32 length = 0; @@ -1137,9 +1134,8 @@ cert_VerifyCertChainPkix( fnStackNameArr[0] = "cert_VerifyCertChainPkix"; fnStackInvCountArr[0] = 0; PKIX_Boolean abortOnLeak = - (PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ? - PKIX_FALSE - : PKIX_TRUE; + (PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ? PKIX_FALSE + : PKIX_TRUE; runningLeakTest = PKIX_TRUE; /* Prevent multi-threaded run of object leak test */ @@ -1501,8 +1497,7 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams, errCode = SEC_ERROR_INVALID_TIME; break; } - } - else { + } else { error = pkix_pl_Date_CreateFromPRTime(param->value.scalar.time, &date, plContext); if (error != NULL) { @@ -2019,9 +2014,8 @@ CERT_PKIXVerifyCert( fnStackNameArr[0] = "CERT_PKIXVerifyCert"; fnStackInvCountArr[0] = 0; PKIX_Boolean abortOnLeak = - (PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ? - PKIX_FALSE - : PKIX_TRUE; + (PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ? PKIX_FALSE + : PKIX_TRUE; runningLeakTest = PKIX_TRUE; /* Prevent multi-threaded run of object leak test */ @@ -2149,8 +2143,7 @@ CERT_PKIXVerifyCert( if (trustAnchorCert != NULL) { oparam->value.pointer.cert = cert_NSSCertFromPKIXCert(trustAnchorCert); - } - else { + } else { oparam->value.pointer.cert = NULL; } } diff --git a/security/nss/lib/certhigh/crlv2.c b/security/nss/lib/certhigh/crlv2.c index beb90cbe202a..d58d4e083b17 100644 --- a/security/nss/lib/certhigh/crlv2.c +++ b/security/nss/lib/certhigh/crlv2.c @@ -80,16 +80,14 @@ CERT_FindCRLNumberExten(PLArenaPool *arena, CERTCrl *crl, rv = SEC_QuickDERDecodeItem(arena, value, SEC_ASN1_GET(SEC_IntegerTemplate), tmpItem); - } - else { + } else { rv = SECFailure; } PORT_Free(encodedExtenValue.data); if (rv == SECFailure) { PORT_ArenaRelease(arena, mark); - } - else { + } else { PORT_ArenaUnmark(arena, mark); } return (rv); diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c index fb8721a6fe66..7e7bb51a744f 100644 --- a/security/nss/lib/certhigh/ocsp.c +++ b/security/nss/lib/certhigh/ocsp.c @@ -206,8 +206,7 @@ printHexString(const char *prefix, SECItem *hexval) for (i = 0; i < hexval->len; i++) { if (i != hexval->len - 1) { hexbuf = PR_sprintf_append(hexbuf, "%02x:", hexval->data[i]); - } - else { + } else { hexbuf = PR_sprintf_append(hexbuf, "%02x", hexval->data[i]); } } @@ -358,8 +357,7 @@ ocsp_CopyRevokedInfo(PLArenaPool *arena, ocspCertStatus *dest, if (!dest->certStatusInfo.revokedInfo->revocationReason) { goto loser; } - } - else { + } else { dest->certStatusInfo.revokedInfo->revocationReason = NULL; } @@ -461,15 +459,13 @@ ocsp_RemoveCacheItemFromLinkedList(OCSPCacheData *cache, OCSPCacheItem *item) PORT_Assert(item->moreRecent->lessRecent == item); cache->LRUitem = item->moreRecent; cache->LRUitem->lessRecent = NULL; - } - else if (item == cache->MRUitem) { + } else if (item == cache->MRUitem) { PORT_Assert(item->moreRecent == NULL); PORT_Assert(item->lessRecent != NULL); PORT_Assert(item->lessRecent->moreRecent == item); cache->MRUitem = item->lessRecent; cache->MRUitem->moreRecent = NULL; - } - else { + } else { /* remove an entry in the middle of the list */ PORT_Assert(item->moreRecent != NULL); PORT_Assert(item->lessRecent != NULL); @@ -682,8 +678,7 @@ ocsp_SetCacheItemResponse(OCSPCacheItem *item, rv = DER_GeneralizedTimeToTime(&item->nextUpdate, response->nextUpdate); item->haveNextUpdate = (rv == SECSuccess); - } - else { + } else { item->haveNextUpdate = PR_FALSE; } } @@ -711,8 +706,7 @@ ocsp_FreshenCacheItemNextFetchAttemptTime(OCSPCacheItem *cacheItem) MICROSECONDS_PER_SECOND; OCSP_TRACE_TIME("latestTimeWhenResponseIsConsideredFresh:", latestTimeWhenResponseIsConsideredFresh); - } - else { + } else { latestTimeWhenResponseIsConsideredFresh = now + OCSP_Global.minimumSecondsToNextFetchAttempt * MICROSECONDS_PER_SECOND; @@ -820,8 +814,7 @@ ocsp_CreateOrUpdateCacheEntry(OCSPCacheData *cache, if (certIDWasConsumed) { myCertID = certID; *certIDWasConsumed = PR_TRUE; - } - else { + } else { myCertID = cert_DupOCSPCertID(certID); if (!myCertID) { PR_ExitMonitor(OCSP_Global.monitor); @@ -849,13 +842,11 @@ ocsp_CreateOrUpdateCacheEntry(OCSPCacheData *cache, PR_ExitMonitor(OCSP_Global.monitor); return rv; } - } - else { + } else { OCSP_TRACE(("Not caching response because the response is not " "newer than the cache")); } - } - else { + } else { cacheItem->missingResponseError = PORT_GetError(); if (cacheItem->certStatusArena) { PORT_FreeArena(cacheItem->certStatusArena, PR_FALSE); @@ -902,11 +893,9 @@ CERT_OCSPCacheSettings(PRInt32 maxCacheEntries, if (maxCacheEntries < 0) { OCSP_Global.maxCacheEntries = -1; /* disable cache */ - } - else if (maxCacheEntries == 0) { + } else if (maxCacheEntries == 0) { OCSP_Global.maxCacheEntries = 0; /* unlimited cache entries */ - } - else { + } else { OCSP_Global.maxCacheEntries = maxCacheEntries; } @@ -964,8 +953,7 @@ OCSP_InitGlobal(void) OCSP_Global.cache.numberOfEntries = 0; OCSP_Global.cache.MRUitem = NULL; OCSP_Global.cache.LRUitem = NULL; - } - else { + } else { /* * NSS might call this function twice while attempting to init. * But it's not allowed to call this again after any activity. @@ -1623,8 +1611,7 @@ ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg, goto loser; } digestBuff = result->data; - } - else { + } else { if (fill->len < digestObject->length) { PORT_SetError(SEC_ERROR_INVALID_ARGS); goto loser; @@ -1649,8 +1636,7 @@ ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg, loser: if (arena != NULL) { PORT_ArenaRelease(arena, mark); - } - else { + } else { if (result != NULL) { SECITEM_FreeItem(result, (fill == NULL) ? PR_TRUE : PR_FALSE); } @@ -2909,8 +2895,7 @@ ocsp_ParseURL(const char *url, char **pHostname, PRUint16 *pPort, char **pPath) goto loser; PORT_Memcpy(path, save, len); path[len] = '\0'; - } - else { + } else { path = PORT_Strdup("/"); if (path == NULL) goto loser; @@ -2975,8 +2960,7 @@ ocsp_ConnectToHost(const char *host, PRUint16 port) } while (PR_Connect(sock, &addr, timeout) != PR_SUCCESS); PORT_Free(netdbbuf); - } - else { + } else { /* * First put the port into the address, then connect. */ @@ -3054,8 +3038,7 @@ ocsp_SendEncodedRequest(const char *location, const SECItem *encodedRequest) */ if (PR_Write(sock, header, (PRInt32)PORT_Strlen(header)) < 0) goto loser; - } - else { + } else { header = PR_smprintf("POST %s HTTP/1.0\r\n" "Host: %s%s\r\n" "Content-Type: application/ocsp-request\r\n" @@ -3111,8 +3094,7 @@ ocsp_read(PRFileDesc *fd, char *buf, int toread, PRIntervalTime timeout) total = -1; /* report the error if we didn't read anything yet */ } break; - } - else if (got == 0) { /* EOS */ + } else if (got == 0) { /* EOS */ break; } @@ -3188,8 +3170,7 @@ ocsp_GetEncodedResponse(PLArenaPool *arena, PRFileDesc *sock) EOS or there was a read error */ EOS = PR_TRUE; } - } - else { + } else { /* recv error or EOS */ EOS = PR_TRUE; } @@ -3260,15 +3241,13 @@ ocsp_GetEncodedResponse(PLArenaPool *arena, PRFileDesc *sock) if (0 == PORT_Strcasecmp(nextHeader, "content-type")) { contenttype = value; - } - else if (0 == PORT_Strcasecmp(nextHeader, "content-length")) { + } else if (0 == PORT_Strcasecmp(nextHeader, "content-length")) { contentlength = atoi(value); } if (thisHeaderEnd) { nextHeader = thisHeaderEnd + CRLFlen; - } - else { + } else { nextHeader = NULL; } @@ -3308,8 +3287,7 @@ ocsp_GetEncodedResponse(PLArenaPool *arena, PRFileDesc *sock) EOS or there was a read error */ EOS = PR_TRUE; } - } - else { + } else { /* recv error or EOS */ EOS = PR_TRUE; } @@ -3643,11 +3621,9 @@ ocsp_GetEncodedOCSPResponseFromRequest(PLArenaPool *arena, if (!strcmp(method, "GET")) { encodedResponse = cert_GetOCSPResponse(arena, location, encodedRequest); - } - else if (!strcmp(method, "POST")) { + } else if (!strcmp(method, "POST")) { encodedResponse = CERT_PostOCSPRequest(arena, location, encodedRequest); - } - else { + } else { goto loser; } @@ -3711,8 +3687,7 @@ cert_GetOCSPResponse(PLArenaPool *arena, const char *location, */ if (arena) { fullGetPath = (char *)PORT_ArenaAlloc(arena, getURLLength); - } - else { + } else { fullGetPath = (char *)PORT_Alloc(getURLLength); } if (!fullGetPath) { @@ -3757,8 +3732,7 @@ cert_FetchOCSPResponse(PLArenaPool *arena, const char *location, ®isteredHttpClient->fcnTable.ftable1, location, encodedRequest); - } - else { + } else { /* use internal http client */ PRFileDesc *sock = ocsp_SendEncodedRequest(location, encodedRequest); if (sock) { @@ -3968,14 +3942,12 @@ ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData, if (rv != SECSuccess) { if (PORT_GetError() == SEC_ERROR_BAD_DER) PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE); - } - else { + } else { signerCert = CERT_FindCertByName(handle, &encodedName); } PORT_FreeArena(arena, PR_FALSE); } - } - else { + } else { /* * The signer is either 1) a known issuer CA we passed in, * 2) the default OCSP responder, or 3) an intermediate CA @@ -3986,8 +3958,7 @@ ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData, ocsp_CertGetDefaultResponder(handle, NULL); if (responder && ocsp_matchcert(certIndex, responder)) { signerCert = CERT_DupCertificate(responder); - } - else if (issuer && ocsp_matchcert(certIndex, issuer)) { + } else if (issuer && ocsp_matchcert(certIndex, issuer)) { signerCert = CERT_DupCertificate(issuer); } for (i = 0; (signerCert == NULL) && (i < certCount); i++) { @@ -4111,8 +4082,7 @@ CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response, if (signature->status == SECSuccess) { if (pSignerCert != NULL) *pSignerCert = CERT_DupCertificate(signature->cert); - } - else { + } else { PORT_SetError(signature->failureReason); } return signature->status; @@ -4153,13 +4123,11 @@ CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response, */ if (ocsp_CertIsOCSPDefaultResponder(handle, signerCert)) { rv = SECSuccess; - } - else { + } else { SECCertUsage certUsage; if (CERT_IsCACert(signerCert, NULL)) { certUsage = certUsageAnyCA; - } - else { + } else { certUsage = certUsageStatusResponder; } rv = cert_VerifyCertWithFlags(handle, signerCert, PR_TRUE, certUsage, @@ -4183,8 +4151,7 @@ finish: signature->failureReason = PORT_GetError(); if (signerCert != NULL) CERT_DestroyCertificate(signerCert); - } - else { + } else { /* * Save signer's certificate in signature. */ @@ -4672,8 +4639,7 @@ ocsp_VerifySingleResponse(CERTOCSPSingleResponse *single, LL_ADD(tmp, tmp, nextUpdate); if (LL_CMP(tmp, <, now) || LL_CMP(producedAt, >, nextUpdate)) return ocsp_HandleOldSingleResponse(single, now); - } - else if (ocsp_TimeIsRecent(thisUpdate) != PR_TRUE) { + } else if (ocsp_TimeIsRecent(thisUpdate) != PR_TRUE) { return ocsp_HandleOldSingleResponse(single, now); } @@ -4955,8 +4921,7 @@ ocsp_GetCachedOCSPResponseStatus(CERTOCSPCertID *certID, if (*rvOcsp != SECSuccess) { *missingResponseError = PORT_GetError(); } - } - else { + } else { /* * No status cached, the previous attempt failed. * If OCSP is required, we never decide based on a failed attempt @@ -5078,10 +5043,9 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert, if (ocsp_FetchingFailureIsVerificationFailure()) { PORT_SetError(err); rvOcsp = SECFailure; - } - else if (cachedResponseFreshness == ocspStale && - (cachedErrorCode == SEC_ERROR_OCSP_UNKNOWN_CERT || - cachedErrorCode == SEC_ERROR_REVOKED_CERTIFICATE)) { + } else if (cachedResponseFreshness == ocspStale && + (cachedErrorCode == SEC_ERROR_OCSP_UNKNOWN_CERT || + cachedErrorCode == SEC_ERROR_REVOKED_CERTIFICATE)) { /* If we couldn't get a response for a certificate that the OCSP * responder previously told us was bad, then assume it is still * bad until we hear otherwise, as it is very unlikely that the @@ -5091,8 +5055,7 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert, */ PORT_SetError(cachedErrorCode); rvOcsp = SECFailure; - } - else { + } else { rvOcsp = SECSuccess; } } @@ -5267,8 +5230,7 @@ ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle, PR_EnterMonitor(OCSP_Global.monitor); if (OCSP_Global.forcePost) { currentStage = stagePOST; - } - else { + } else { currentStage = stageGET; } PR_ExitMonitor(OCSP_Global.monitor); @@ -5327,8 +5289,7 @@ ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle, if (currentStage == stageGET) { method = "GET"; - } - else { + } else { PORT_Assert(currentStage == stagePOST); method = "POST"; } @@ -5363,18 +5324,15 @@ ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle, if (validResponseWithAccurateInfo) { ocsp_CacheSingleResponse(certID, singleResponse, certIDWasConsumed); - } - else { + } else { retry = PR_TRUE; currentStage = stagePOST; } - } - else { + } else { /* cache the POST respone, regardless of status */ if (!singleResponse) { cert_RememberOCSPProcessingFailure(certID, certIDWasConsumed); - } - else { + } else { ocsp_CacheSingleResponse(certID, singleResponse, certIDWasConsumed); } @@ -5948,8 +5906,7 @@ CERT_SetOCSPDefaultResponder(CERTCertDBHandle *handle, statusContext->defaultResponderCert = cert; /*OCSP enabled, switching responder: clear cache*/ CERT_ClearOCSPCache(); - } - else { + } else { PORT_Assert(statusContext->useDefaultResponder == PR_FALSE); CERT_DestroyCertificate(cert); /*OCSP currently not enabled, no need to clear cache*/ diff --git a/security/nss/lib/certhigh/ocspsig.c b/security/nss/lib/certhigh/ocspsig.c index 958dee02979f..94606baf565b 100644 --- a/security/nss/lib/certhigh/ocspsig.c +++ b/security/nss/lib/certhigh/ocspsig.c @@ -460,16 +460,14 @@ CERT_CreateEncodedOCSPSuccessResponse( /* convert len-in-bytes to len-in-bits */ br->responseSignature.signature.len = br->responseSignature.signature.len << 3; - } - else { + } else { rid->responderIDType = responderIDType; if (responderIDType == ocspResponderID_byName) { responderIDTemplate = ocsp_ResponderIDByNameTemplate; if (CERT_CopyName(tmpArena, &rid->responderIDValue.name, &responderCert->subject) != SECSuccess) goto done; - } - else { + } else { responderIDTemplate = ocsp_ResponderIDByKeyTemplate; if (!CERT_GetSubjectPublicKeyDigest(tmpArena, responderCert, SEC_OID_SHA1, &rid->responderIDValue.keyHash)) diff --git a/security/nss/lib/ckfw/builtins/anchor.c b/security/nss/lib/ckfw/builtins/anchor.c index cc0d0c09fa5d..af21c6a0bf61 100644 --- a/security/nss/lib/ckfw/builtins/anchor.c +++ b/security/nss/lib/ckfw/builtins/anchor.c @@ -13,5 +13,5 @@ #include "builtins.h" #define MODULE_NAME builtins -#define INSTANCE_NAME (NSSCKMDInstance *) & nss_builtins_mdInstance +#define INSTANCE_NAME (NSSCKMDInstance *)&nss_builtins_mdInstance #include "nssck.api" diff --git a/security/nss/lib/ckfw/builtins/bfind.c b/security/nss/lib/ckfw/builtins/bfind.c index ee145b68ae34..3e5da1a55838 100644 --- a/security/nss/lib/ckfw/builtins/bfind.c +++ b/security/nss/lib/ckfw/builtins/bfind.c @@ -126,8 +126,7 @@ builtins_attrmatch( if (PR_TRUE == prb) { return CK_TRUE; - } - else { + } else { return CK_FALSE; } } @@ -147,8 +146,7 @@ builtins_match( if (o->types[j] == pTemplate[i].type) { if (CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j])) { return CK_FALSE; - } - else { + } else { break; } } diff --git a/security/nss/lib/ckfw/capi/anchor.c b/security/nss/lib/ckfw/capi/anchor.c index c8aff60392d4..2d1523e4c223 100644 --- a/security/nss/lib/ckfw/capi/anchor.c +++ b/security/nss/lib/ckfw/capi/anchor.c @@ -13,5 +13,5 @@ #include "ckcapi.h" #define MODULE_NAME ckcapi -#define INSTANCE_NAME (NSSCKMDInstance *) & nss_ckcapi_mdInstance +#define INSTANCE_NAME (NSSCKMDInstance *)&nss_ckcapi_mdInstance #include "nssck.api" diff --git a/security/nss/lib/ckfw/capi/cfind.c b/security/nss/lib/ckfw/capi/cfind.c index 5fb11e35e51d..9ea7fca61c57 100644 --- a/security/nss/lib/ckfw/capi/cfind.c +++ b/security/nss/lib/ckfw/capi/cfind.c @@ -109,8 +109,7 @@ ckcapi_attrmatch( if (PR_TRUE == prb) { return CK_TRUE; - } - else { + } else { return CK_FALSE; } } @@ -135,25 +134,23 @@ ckcapi_match( #define CKAPI_ITEM_CHUNK 20 -#define PUT_Object(obj, err) \ - { \ - if (count >= size) { \ - *listp = *listp ? \ - nss_ZREALLOCARRAY(*listp, ckcapiInternalObject *, \ - (size + \ - CKAPI_ITEM_CHUNK)) \ - : \ - nss_ZNEWARRAY(NULL, ckcapiInternalObject *, \ - (size + \ - CKAPI_ITEM_CHUNK)); \ - if ((ckcapiInternalObject **)NULL == *listp) { \ - err = CKR_HOST_MEMORY; \ - goto loser; \ - } \ - size += CKAPI_ITEM_CHUNK; \ - } \ - (*listp)[count] = (obj); \ - count++; \ +#define PUT_Object(obj, err) \ + { \ + if (count >= size) { \ + *listp = *listp ? nss_ZREALLOCARRAY(*listp, ckcapiInternalObject *, \ + (size + \ + CKAPI_ITEM_CHUNK)) \ + : nss_ZNEWARRAY(NULL, ckcapiInternalObject *, \ + (size + \ + CKAPI_ITEM_CHUNK)); \ + if ((ckcapiInternalObject **)NULL == *listp) { \ + err = CKR_HOST_MEMORY; \ + goto loser; \ + } \ + size += CKAPI_ITEM_CHUNK; \ + } \ + (*listp)[count] = (obj); \ + count++; \ } /* @@ -338,8 +335,7 @@ collect_class( 1) != 0)) { continue; } - } - else { + } else { int reason = GetLastError(); /* we only care if it exists, we don't really need to fetch it yet */ @@ -375,8 +371,7 @@ collect_class( next->u.cert.certStore = storeStr; PUT_Object(next, *pError); next = NULL; /* need to allocate a new one now */ - } - else { + } else { /* don't cache the values we just loaded */ memset(&next->u.cert, 0, sizeof(next->u.cert)); } diff --git a/security/nss/lib/ckfw/capi/cobject.c b/security/nss/lib/ckfw/capi/cobject.c index 03a8a5e7b387..c4b77d27aebf 100644 --- a/security/nss/lib/ckfw/capi/cobject.c +++ b/security/nss/lib/ckfw/capi/cobject.c @@ -471,8 +471,7 @@ nss_ckcapi_FetchKeyContainer( if (!rc) { goto loser; } - } - else { + } else { *hProv = ko->hProv; } @@ -684,8 +683,7 @@ ckcapi_PopulateModulusExponent( { if (ckcapiCert == io->type) { ckcapi_CertPopulateModulusExponent(io); - } - else { + } else { ckcapi_FetchPublicKey(io); } return; @@ -713,8 +711,7 @@ ckcapi_FetchLabel( co->labelData = nss_ckcapi_WideToUTF8((LPCWSTR)labelDataUTF16); if ((CHAR *)NULL == co->labelData) { rv = 0; - } - else { + } else { size = strlen(co->labelData); } } @@ -862,8 +859,7 @@ ckcapi_FetchHashKey( { if (ckcapiCert == io->type) { ckcapi_CertFetchHashKey(io); - } - else { + } else { ckcapi_KeyFetchHashKey(io); } return; @@ -1336,8 +1332,7 @@ ckcapi_mdObject_Destroy( goto loser; } rc = CertDeleteCertificateFromStore(certContext); - } - else { + } else { char *provName = NULL; char *containerName = NULL; HCRYPTPROV hProv; @@ -1353,8 +1348,7 @@ ckcapi_mdObject_Destroy( containerName = nss_ckcapi_WideToUTF8(provInfo->pwszContainerName); provType = provInfo->dwProvType; nss_ZFreeIf(provInfo); - } - else { + } else { provName = io->u.key.provName; containerName = io->u.key.containerName; provType = io->u.key.provInfo.dwProvType; @@ -1461,8 +1455,7 @@ ckcapi_mdObject_GetAttributeTypes( } if (io->type == ckcapiRaw) { attrs = io->u.raw.types; - } - else + } else switch (io->objClass) { case CKO_CERTIFICATE: attrs = @@ -1613,8 +1606,7 @@ nss_ckcapi_CreateMDObject( nssHash_Lookup(ckcapiInternalObjectHash, key); if (!old_o) { nssHash_Add(ckcapiInternalObjectHash, key, io); - } - else if (old_o != io) { + } else if (old_o != io) { nss_ckcapi_DestroyInternalObject(io); io = old_o; } @@ -1751,15 +1743,12 @@ nss_ckcapi_CreateCertificate( } /* does it look like a CA */ - } - else if (ckcapi_cert_isCA(certContext)) { + } else if (ckcapi_cert_isCA(certContext)) { storeStr = ckcapi_cert_isRoot(certContext) ? "CA" : "Root"; /* does it look like an S/MIME cert */ - } - else if (ckcapi_cert_hasEmail(certContext)) { + } else if (ckcapi_cert_hasEmail(certContext)) { storeStr = "AddressBook"; - } - else { + } else { /* just pick a store */ storeStr = "CA"; } @@ -2223,12 +2212,10 @@ nss_ckcapi_CreateObject( if (objClass == CKO_CERTIFICATE) { io = nss_ckcapi_CreateCertificate(fwSession, pTemplate, ulAttributeCount, pError); - } - else if (objClass == CKO_PRIVATE_KEY) { + } else if (objClass == CKO_PRIVATE_KEY) { io = nss_ckcapi_CreatePrivateKey(fwSession, pTemplate, ulAttributeCount, pError); - } - else { + } else { *pError = CKR_ATTRIBUTE_VALUE_INVALID; } diff --git a/security/nss/lib/ckfw/dbm/anchor.c b/security/nss/lib/ckfw/dbm/anchor.c index 2ac7e96432eb..c904d25ae660 100644 --- a/security/nss/lib/ckfw/dbm/anchor.c +++ b/security/nss/lib/ckfw/dbm/anchor.c @@ -13,5 +13,5 @@ #include "ckdbm.h" #define MODULE_NAME dbm -#define INSTANCE_NAME (NSSCKMDInstance *) & nss_dbm_mdInstance +#define INSTANCE_NAME (NSSCKMDInstance *)&nss_dbm_mdInstance #include "nssck.api" diff --git a/security/nss/lib/ckfw/dbm/db.c b/security/nss/lib/ckfw/dbm/db.c index 44b47e7f3d24..bbf2b9510696 100644 --- a/security/nss/lib/ckfw/dbm/db.c +++ b/security/nss/lib/ckfw/dbm/db.c @@ -94,8 +94,7 @@ nss_dbm_db_get_format_version( (void)PR_sscanf(v.data, "%ld.%ld", &major, &minor); rv.major = major; rv.minor = minor; - } - else if (dbrv > 0) { + } else if (dbrv > 0) { (void)PR_snprintf(buffer, sizeof(buffer), "%ld.%ld", nss_dbm_db_format_version.major, nss_dbm_db_format_version.minor); v.data = buffer; @@ -103,8 +102,7 @@ nss_dbm_db_get_format_version( dbrv = db->db->put(db->db, &k, &v, 0); (void)db->db->sync(db->db, 0); rv = nss_dbm_db_format_version; - } - else { + } else { /* No error return.. */ ; } @@ -177,12 +175,10 @@ nss_dbm_db_get_label( if ((NSSUTF8 *)NULL == rv) { *pError = CKR_HOST_MEMORY; } - } - else if (dbrv > 0) { + } else if (dbrv > 0) { /* Just return null */ ; - } - else { + } else { *pError = CKR_DEVICE_ERROR; ; } @@ -256,11 +252,9 @@ nss_dbm_db_new_handle( if (0 == rv) { (void)memcpy(&align, v.data, sizeof(CK_ULONG)); id = ntohl(align); - } - else if (rv > 0) { + } else if (rv > 0) { id = 0; - } - else { + } else { goto done; } @@ -762,8 +756,7 @@ nss_dbm_db_object_still_exists( dbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); if (0 == dbrv) { rv = CK_TRUE; - } - else { + } else { rv = CK_FALSE; } @@ -792,12 +785,10 @@ nss_dbm_db_get_object_attribute_count( *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); if (0 == *pdbrv) { ; - } - else if (*pdbrv > 0) { + } else if (*pdbrv > 0) { *pError = CKR_OBJECT_HANDLE_INVALID; goto done; - } - else { + } else { *pError = CKR_DEVICE_ERROR; goto done; } @@ -834,12 +825,10 @@ nss_dbm_db_get_object_attribute_types( *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); if (0 == *pdbrv) { ; - } - else if (*pdbrv > 0) { + } else if (*pdbrv > 0) { rv = CKR_OBJECT_HANDLE_INVALID; goto done; - } - else { + } else { rv = CKR_DEVICE_ERROR; goto done; } @@ -885,12 +874,10 @@ nss_dbm_db_get_object_attribute_size( *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); if (0 == *pdbrv) { ; - } - else if (*pdbrv > 0) { + } else if (*pdbrv > 0) { *pError = CKR_OBJECT_HANDLE_INVALID; goto done; - } - else { + } else { *pError = CKR_DEVICE_ERROR; goto done; } @@ -900,8 +887,7 @@ nss_dbm_db_get_object_attribute_size( for (i = 0; i < n; i++) { if (type == ntohl(pulData[1 + i * 3])) { - rv = ntohl(pulData[2 + i * - 3]); + rv = ntohl(pulData[2 + i * 3]); } } @@ -942,12 +928,10 @@ nss_dbm_db_get_object_attribute( *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); if (0 == *pdbrv) { ; - } - else if (*pdbrv > 0) { + } else if (*pdbrv > 0) { *pError = CKR_OBJECT_HANDLE_INVALID; goto done; - } - else { + } else { *pError = CKR_DEVICE_ERROR; goto done; } @@ -1017,12 +1001,10 @@ nss_dbm_db_set_object_attribute( *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0); if (0 == *pdbrv) { ; - } - else if (*pdbrv > 0) { + } else if (*pdbrv > 0) { rv = CKR_OBJECT_HANDLE_INVALID; goto done; - } - else { + } else { rv = CKR_DEVICE_ERROR; goto done; } diff --git a/security/nss/lib/ckfw/dbm/slot.c b/security/nss/lib/ckfw/dbm/slot.c index 827b4ca8a6a0..06824d59eb1c 100644 --- a/security/nss/lib/ckfw/dbm/slot.c +++ b/security/nss/lib/ckfw/dbm/slot.c @@ -75,8 +75,7 @@ nss_dbm_mdSlot_GetTokenPresent( if ((nss_dbm_db_t *)NULL == slot->token_db) { return CK_FALSE; - } - else { + } else { return CK_TRUE; } } diff --git a/security/nss/lib/ckfw/dbm/token.c b/security/nss/lib/ckfw/dbm/token.c index 4648b8bef10e..6873bf0ece3d 100644 --- a/security/nss/lib/ckfw/dbm/token.c +++ b/security/nss/lib/ckfw/dbm/token.c @@ -150,8 +150,7 @@ nss_dbm_mdToken_GetIsWriteProtected( if (token->slot->flags & O_RDWR) { return CK_FALSE; - } - else { + } else { return CK_TRUE; } } diff --git a/security/nss/lib/ckfw/find.c b/security/nss/lib/ckfw/find.c index 798a20b2f42d..55732e626ba4 100644 --- a/security/nss/lib/ckfw/find.c +++ b/security/nss/lib/ckfw/find.c @@ -270,8 +270,7 @@ nssCKFWFindObjects_Next( fwFindObjects->mdToken, fwFindObjects->fwToken, fwFindObjects->mdInstance, fwFindObjects->fwInstance); fwFindObjects->mdfo1 = (NSSCKMDFindObjects *)NULL; - } - else { + } else { goto wrap; } } @@ -296,8 +295,7 @@ nssCKFWFindObjects_Next( fwFindObjects->mdToken, fwFindObjects->fwToken, fwFindObjects->mdInstance, fwFindObjects->fwInstance); fwFindObjects->mdfo2 = (NSSCKMDFindObjects *)NULL; - } - else { + } else { goto wrap; } } diff --git a/security/nss/lib/ckfw/hash.c b/security/nss/lib/ckfw/hash.c index eb0d4066b4c3..50de4ce148b1 100644 --- a/security/nss/lib/ckfw/hash.c +++ b/security/nss/lib/ckfw/hash.c @@ -135,8 +135,7 @@ nssCKFWHash_Add( he = PL_HashTableAdd(hash->plHashTable, key, (void *)value); if (!he) { error = CKR_HOST_MEMORY; - } - else { + } else { hash->count++; } @@ -211,8 +210,7 @@ nssCKFWHash_Exists( if (!value) { return CK_FALSE; - } - else { + } else { return CK_TRUE; } } diff --git a/security/nss/lib/ckfw/instance.c b/security/nss/lib/ckfw/instance.c index 3ef3fea155aa..f585eb58d127 100644 --- a/security/nss/lib/ckfw/instance.c +++ b/security/nss/lib/ckfw/instance.c @@ -190,13 +190,11 @@ nssCKFWInstance_Create( fwInstance->pInitArgs = &fwInstance->initArgs; if (pInitArgs->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS) { fwInstance->mayCreatePthreads = CK_FALSE; - } - else { + } else { fwInstance->mayCreatePthreads = CK_TRUE; } fwInstance->configurationData = (NSSUTF8 *)(pInitArgs->pReserved); - } - else { + } else { fwInstance->mayCreatePthreads = CK_TRUE; } @@ -221,8 +219,7 @@ nssCKFWInstance_Create( if (mdInstance->ModuleHandlesSessionObjects) { fwInstance->moduleHandlesSessionObjects = mdInstance->ModuleHandlesSessionObjects(mdInstance, fwInstance); - } - else { + } else { fwInstance->moduleHandlesSessionObjects = CK_FALSE; } @@ -879,8 +876,7 @@ nssCKFWInstance_GetCryptokiVersion( if (fwInstance->mdInstance->GetCryptokiVersion) { fwInstance->cryptokiVersion = fwInstance->mdInstance->GetCryptokiVersion( fwInstance->mdInstance, fwInstance); - } - else { + } else { fwInstance->cryptokiVersion.major = 2; fwInstance->cryptokiVersion.minor = 1; } @@ -926,8 +922,7 @@ nssCKFWInstance_GetManufacturerID( if ((!fwInstance->manufacturerID) && (CKR_OK != error)) { goto done; } - } - else { + } else { fwInstance->manufacturerID = (NSSUTF8 *)""; } } @@ -992,8 +987,7 @@ nssCKFWInstance_GetLibraryDescription( if ((!fwInstance->libraryDescription) && (CKR_OK != error)) { goto done; } - } - else { + } else { fwInstance->libraryDescription = (NSSUTF8 *)""; } } @@ -1037,8 +1031,7 @@ nssCKFWInstance_GetLibraryVersion( if (fwInstance->mdInstance->GetLibraryVersion) { fwInstance->libraryVersion = fwInstance->mdInstance->GetLibraryVersion( fwInstance->mdInstance, fwInstance); - } - else { + } else { fwInstance->libraryVersion.major = 0; fwInstance->libraryVersion.minor = 3; } diff --git a/security/nss/lib/ckfw/nssmkey/manchor.c b/security/nss/lib/ckfw/nssmkey/manchor.c index 6261eff951bd..3b8bc2dbbe84 100644 --- a/security/nss/lib/ckfw/nssmkey/manchor.c +++ b/security/nss/lib/ckfw/nssmkey/manchor.c @@ -13,5 +13,5 @@ #include "ckmk.h" #define MODULE_NAME ckmk -#define INSTANCE_NAME (NSSCKMDInstance *) & nss_ckmk_mdInstance +#define INSTANCE_NAME (NSSCKMDInstance *)&nss_ckmk_mdInstance #include "nssck.api" diff --git a/security/nss/lib/ckfw/nssmkey/mfind.c b/security/nss/lib/ckfw/nssmkey/mfind.c index 41deef5e97f6..d193a8de70d3 100644 --- a/security/nss/lib/ckfw/nssmkey/mfind.c +++ b/security/nss/lib/ckfw/nssmkey/mfind.c @@ -110,8 +110,7 @@ ckmk_attrmatch( if (PR_TRUE == prb) { return CK_TRUE; - } - else { + } else { return CK_FALSE; } } @@ -136,25 +135,23 @@ ckmk_match( #define CKMK_ITEM_CHUNK 20 -#define PUT_OBJECT(obj, err, size, count, list) \ - { \ - if (count >= size) { \ - (list) = (list) ? \ - nss_ZREALLOCARRAY(list, ckmkInternalObject *, \ - ((size) + \ - CKMK_ITEM_CHUNK)) \ - : \ - nss_ZNEWARRAY(NULL, ckmkInternalObject *, \ - ((size) + \ - CKMK_ITEM_CHUNK)); \ - if ((ckmkInternalObject **)NULL == list) { \ - err = CKR_HOST_MEMORY; \ - goto loser; \ - } \ - (size) += CKMK_ITEM_CHUNK; \ - } \ - (list)[count] = (obj); \ - count++; \ +#define PUT_OBJECT(obj, err, size, count, list) \ + { \ + if (count >= size) { \ + (list) = (list) ? nss_ZREALLOCARRAY(list, ckmkInternalObject *, \ + ((size) + \ + CKMK_ITEM_CHUNK)) \ + : nss_ZNEWARRAY(NULL, ckmkInternalObject *, \ + ((size) + \ + CKMK_ITEM_CHUNK)); \ + if ((ckmkInternalObject **)NULL == list) { \ + err = CKR_HOST_MEMORY; \ + goto loser; \ + } \ + (size) += CKMK_ITEM_CHUNK; \ + } \ + (list)[count] = (obj); \ + count++; \ } /* find all the certs that represent the appropriate object (cert, priv key, or @@ -201,8 +198,7 @@ collect_class( /* yes, put it on the list */ PUT_OBJECT(next, *pError, *sizep, count, *listp); next = NULL; /* this one is on the list, need to allocate a new one now */ - } - else { + } else { /* no , release the current item and clear out the structure for reuse */ CFRelease(itemRef); /* don't cache the values we just loaded */ diff --git a/security/nss/lib/ckfw/nssmkey/mobject.c b/security/nss/lib/ckfw/nssmkey/mobject.c index 0b5f0a4851cc..b19a8fdbdef4 100644 --- a/security/nss/lib/ckfw/nssmkey/mobject.c +++ b/security/nss/lib/ckfw/nssmkey/mobject.c @@ -322,8 +322,7 @@ ckmk_encodeInt(NSSItem *dest, void *src, int srcLen) data[0] = DER_INTEGER; if (1 == lenLen) { data[1] = dataLen; - } - else { + } else { data[1] = 0x80 + lenLen; for (i = 0; i < lenLen; i++) { data[i + 1] = ((dataLen >> ((lenLen - @@ -505,7 +504,7 @@ loser: #define CKMK_HANDLE_OPT_ITEM(func, io, type, loc, item, error, str) \ if (0 == (item)->loc.size) { \ - (void) func(io, type, &(item)->loc, str); \ + (void)func(io, type, &(item)->loc, str); \ } \ return &(item)->loc; @@ -528,8 +527,7 @@ ckmk_FetchHashKey( if (io->objClass == CKO_CERTIFICATE) { ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr, PR_TRUE, key, "Fetching HashKey (cert)"); - } - else { + } else { ckmk_GetCommonAttribute(io, kSecKeyLabel, PR_FALSE, key, "Fetching HashKey (key)"); } @@ -992,8 +990,7 @@ ckmk_mdObject_GetAttributeTypes( } if (io->type == ckmkRaw) { attrs = io->u.raw.types; - } - else + } else switch (io->objClass) { case CKO_CERTIFICATE: attrs = @@ -1184,8 +1181,7 @@ nss_ckmk_CreateMDObject( nssHash_Lookup(ckmkInternalObjectHash, key); if (!old_o) { nssHash_Add(ckmkInternalObjectHash, key, io); - } - else if (old_o != io) { + } else if (old_o != io) { nss_ckmk_DestroyInternalObject(io); io = old_o; } @@ -1785,8 +1781,7 @@ nss_ckmk_CreatePrivateKey( if (nickname) { ckmk_updateAttribute(itemRef, kSecKeyPrintName, nickname, strlen(nickname) + 1, "Modify Key Label"); - } - else { + } else { #define DEFAULT_NICKNAME "NSS Imported Key" ckmk_updateAttribute(itemRef, kSecKeyPrintName, DEFAULT_NICKNAME, sizeof(DEFAULT_NICKNAME), "Modify Key Label"); @@ -1852,12 +1847,10 @@ nss_ckmk_CreateObject( if (objClass == CKO_CERTIFICATE) { io = nss_ckmk_CreateCertificate(fwSession, pTemplate, ulAttributeCount, pError); - } - else if (objClass == CKO_PRIVATE_KEY) { + } else if (objClass == CKO_PRIVATE_KEY) { io = nss_ckmk_CreatePrivateKey(fwSession, pTemplate, ulAttributeCount, pError); - } - else { + } else { *pError = CKR_ATTRIBUTE_VALUE_INVALID; } diff --git a/security/nss/lib/ckfw/object.c b/security/nss/lib/ckfw/object.c index bb2663aa299c..ff0542ee4f97 100644 --- a/security/nss/lib/ckfw/object.c +++ b/security/nss/lib/ckfw/object.c @@ -584,8 +584,7 @@ nssCKFWObject_GetAttribute( *pError = CKR_HOST_MEMORY; goto done; } - } - else { + } else { rv = itemOpt; } @@ -600,12 +599,10 @@ nssCKFWObject_GetAttribute( rv = (NSSItem *)NULL; goto done; } - } - else { + } else { if (rv->size >= mdItem.item->size) { rv->size = mdItem.item->size; - } - else { + } else { *pError = CKR_BUFFER_TOO_SMALL; /* Should we set rv->size to mdItem->size? */ /* rv can't have been allocated */ @@ -714,8 +711,7 @@ nssCKFWObject_SetAttribute( * not in the list. Add it. */ nssCKFWSession_RegisterSessionObject(fwSession, fwObject); - } - else { + } else { /* * New one is a token object, except since we "stole" the fwObject, it's * in the list. Remove it. @@ -731,8 +727,7 @@ nssCKFWObject_SetAttribute( nssCKFWObject_Destroy(newFwObject); return CKR_OK; - } - else { + } else { /* * An "ordinary" change. */ diff --git a/security/nss/lib/ckfw/session.c b/security/nss/lib/ckfw/session.c index 39d7f4f894fe..4320a3971211 100644 --- a/security/nss/lib/ckfw/session.c +++ b/security/nss/lib/ckfw/session.c @@ -696,8 +696,7 @@ nssCKFWSession_Login( default: return CKR_GENERAL_ERROR; } - } - else /* CKU_USER == userType */ { + } else /* CKU_USER == userType */ { switch (oldState) { case CKS_RO_PUBLIC_SESSION: newState = @@ -732,8 +731,7 @@ nssCKFWSession_Login( * it'll just rely on the Framework as needed. */ ; - } - else { + } else { error = fwSession->mdSession->Login(fwSession->mdSession, fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance, userType, pin, oldState, newState); @@ -802,8 +800,7 @@ nssCKFWSession_Logout( * The Module doesn't want to be informed. Okay. */ ; - } - else { + } else { error = fwSession->mdSession->Logout(fwSession->mdSession, fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance, oldState, newState); @@ -1123,15 +1120,13 @@ nssCKFWSession_SetOperationState( if (encryptionKey) { mdek = nssCKFWObject_GetMDObject(encryptionKey); - } - else { + } else { mdek = (NSSCKMDObject *)NULL; } if (authenticationKey) { mdak = nssCKFWObject_GetMDObject(authenticationKey); - } - else { + } else { mdak = (NSSCKMDObject *)NULL; } @@ -1164,8 +1159,7 @@ nss_attributes_form_token_object( if (sizeof(CK_BBOOL) == pTemplate[i].ulValueLen) { (void)nsslibc_memcpy(&rv, pTemplate[i].pValue, sizeof(CK_BBOOL)); return rv; - } - else { + } else { return CK_FALSE; } } @@ -1233,8 +1227,7 @@ nssCKFWSession_CreateObject( } goto callmdcreateobject; - } - else { + } else { /* === SESSION OBJECT === */ arena = nssCKFWSession_GetArena(fwSession, pError); @@ -1255,8 +1248,7 @@ nssCKFWSession_CreateObject( } goto callmdcreateobject; - } - else { + } else { /* --- framework handles the session object -- */ mdObject = nssCKMDSessionObject_Create(fwSession->fwToken, arena, pTemplate, ulAttributeCount, pError); @@ -1279,10 +1271,8 @@ gotmdobject: } fwObject = nssCKFWObject_Create(arena, mdObject, - isTokenObject ? - NULL - : - fwSession, + isTokenObject ? NULL + : fwSession, fwSession->fwToken, fwSession->fwInstance, pError); if (!fwObject) { if (CKR_OK == *pError) { @@ -1387,8 +1377,7 @@ nssCKFWSession_CopyObject( if (CK_TRUE == newIsToken) { arena = nssCKFWToken_GetArena(fwSession->fwToken, pError); - } - else { + } else { arena = nssCKFWSession_GetArena(fwSession, pError); } if (!arena) { @@ -1410,10 +1399,8 @@ nssCKFWSession_CopyObject( } rv = nssCKFWObject_Create(arena, mdObject, - newIsToken ? - NULL - : - fwSession, + newIsToken ? NULL + : fwSession, fwSession->fwToken, fwSession->fwInstance, pError); if (CK_FALSE == newIsToken) { @@ -1427,8 +1414,7 @@ nssCKFWSession_CopyObject( } return rv; - } - else { + } else { /* use create object */ NSSArena *tmpArena; CK_ATTRIBUTE_PTR newTemplate; @@ -1493,8 +1479,7 @@ nssCKFWSession_CopyObject( pTemplate[i].pValue) { /* This attribute is being deleted */ ; - } - else { + } else { /* This attribute is being replaced */ newTemplate[k].type = pTemplate[i].type; @@ -1611,8 +1596,7 @@ nssCKFWSession_FindObjectsInit( fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance, pTemplate, ulAttributeCount, pError); - } - else { + } else { /* Do the search ourselves */ mdfo1 = nssCKMDFindSessionObjects_Create(fwSession->fwToken, @@ -1665,8 +1649,7 @@ nssCKFWSession_FindObjectsInit( goto wrap; } /*NOTREACHED*/ - } - else { + } else { /* Module handles all its own objects. Pass on to module's search */ mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession, fwSession, fwSession->mdToken, fwSession->fwToken, @@ -1766,8 +1749,7 @@ nssCKFWSession_GetRandom( if (!fwSession->mdSession->GetRandom) { if (CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken)) { return CKR_GENERAL_ERROR; - } - else { + } else { return CKR_RANDOM_NO_RNG; } } @@ -1880,8 +1862,7 @@ nssCKFWSession_Final( error = CKR_ARGUMENTS_BAD; goto done; } - } - else { + } else { CK_ULONG len = nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error); CK_ULONG maxBufLen = *outBufLen; @@ -2127,16 +2108,13 @@ nssCKFWSession_UpdateFinal( error = CKR_ARGUMENTS_BAD; goto done; } - } - else { + } else { CK_ULONG maxBufLen = *outBufLen; CK_ULONG len; - len = (isEncryptDecrypt) ? - nssCKFWCryptoOperation_GetOperationLength(fwOperation, - &inputBuffer, &error) - : - nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error); + len = (isEncryptDecrypt) ? nssCKFWCryptoOperation_GetOperationLength(fwOperation, + &inputBuffer, &error) + : nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error); if (CKR_OK != error) { goto done; @@ -2159,10 +2137,8 @@ nssCKFWSession_UpdateFinal( /* UpdateFinal isn't support, manually use Update and Final */ if (CKR_FUNCTION_FAILED == error) { - error = isEncryptDecrypt ? - nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer) - : - nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer); + error = isEncryptDecrypt ? nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer) + : nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer); if (CKR_OK == error) { error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer); diff --git a/security/nss/lib/ckfw/sessobj.c b/security/nss/lib/ckfw/sessobj.c index a144de288a6c..11721b8aa5b1 100644 --- a/security/nss/lib/ckfw/sessobj.c +++ b/security/nss/lib/ckfw/sessobj.c @@ -794,8 +794,7 @@ items_match( if (PR_TRUE == nsslibc_memequal(a->data, pValue, ulValueLen, (PRStatus *)NULL)) { return CK_TRUE; - } - else { + } else { return CK_FALSE; } } @@ -826,8 +825,7 @@ findfcn( if (mdso->types[j] == p->type) { if (!items_match(&mdso->attributes[j], p->pValue, p->ulValueLen)) { return; - } - else { + } else { break; } } diff --git a/security/nss/lib/ckfw/slot.c b/security/nss/lib/ckfw/slot.c index fa3ffbced832..495e54625c89 100644 --- a/security/nss/lib/ckfw/slot.c +++ b/security/nss/lib/ckfw/slot.c @@ -336,8 +336,7 @@ nssCKFWSlot_GetSlotDescription( if ((!fwSlot->slotDescription) && (CKR_OK != error)) { goto done; } - } - else { + } else { fwSlot->slotDescription = (NSSUTF8 *)""; } } @@ -385,8 +384,7 @@ nssCKFWSlot_GetManufacturerID( if ((!fwSlot->manufacturerID) && (CKR_OK != error)) { goto done; } - } - else { + } else { fwSlot->manufacturerID = (NSSUTF8 *)""; } } @@ -496,8 +494,7 @@ nssCKFWSlot_GetHardwareVersion( if (fwSlot->mdSlot->GetHardwareVersion) { fwSlot->hardwareVersion = fwSlot->mdSlot->GetHardwareVersion( fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance); - } - else { + } else { fwSlot->hardwareVersion.major = 0; fwSlot->hardwareVersion.minor = 1; } @@ -539,8 +536,7 @@ nssCKFWSlot_GetFirmwareVersion( if (fwSlot->mdSlot->GetFirmwareVersion) { fwSlot->firmwareVersion = fwSlot->mdSlot->GetFirmwareVersion( fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance); - } - else { + } else { fwSlot->firmwareVersion.major = 0; fwSlot->firmwareVersion.minor = 1; } @@ -597,8 +593,7 @@ nssCKFWSlot_GetToken( fwToken = nssCKFWToken_Create(fwSlot, mdToken, pError); fwSlot->fwToken = fwToken; - } - else { + } else { fwToken = fwSlot->fwToken; } diff --git a/security/nss/lib/ckfw/token.c b/security/nss/lib/ckfw/token.c index d8d37fc8d22f..4483bb5c9929 100644 --- a/security/nss/lib/ckfw/token.c +++ b/security/nss/lib/ckfw/token.c @@ -498,8 +498,7 @@ nssCKFWToken_InitToken( if (!pin) { if (nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken)) { ; /* okay */ - } - else { + } else { error = CKR_PIN_INCORRECT; goto done; } @@ -551,8 +550,7 @@ nssCKFWToken_GetLabel( if ((!fwToken->label) && (CKR_OK != error)) { goto done; } - } - else { + } else { fwToken->label = (NSSUTF8 *)""; } } @@ -599,8 +597,7 @@ nssCKFWToken_GetManufacturerID( if ((!fwToken->manufacturerID) && (CKR_OK != error)) { goto done; } - } - else { + } else { fwToken->manufacturerID = (NSSUTF8 *)""; } } @@ -647,8 +644,7 @@ nssCKFWToken_GetModel( if ((!fwToken->model) && (CKR_OK != error)) { goto done; } - } - else { + } else { fwToken->model = (NSSUTF8 *)""; } } @@ -695,8 +691,7 @@ nssCKFWToken_GetSerialNumber( if ((!fwToken->serialNumber) && (CKR_OK != error)) { goto done; } - } - else { + } else { fwToken->serialNumber = (NSSUTF8 *)""; } } @@ -1092,8 +1087,7 @@ nssCKFWToken_GetHardwareVersion( if (fwToken->mdToken->GetHardwareVersion) { fwToken->hardwareVersion = fwToken->mdToken->GetHardwareVersion( fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); - } - else { + } else { fwToken->hardwareVersion.major = 0; fwToken->hardwareVersion.minor = 1; } @@ -1136,8 +1130,7 @@ nssCKFWToken_GetFirmwareVersion( if (fwToken->mdToken->GetFirmwareVersion) { fwToken->firmwareVersion = fwToken->mdToken->GetFirmwareVersion( fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance); - } - else { + } else { fwToken->firmwareVersion.major = 0; fwToken->firmwareVersion.minor = 1; } @@ -1218,8 +1211,7 @@ nssCKFWToken_GetUTCTime( if (D > dims[M - 1]) goto badtime; /* per-month check */ - if ((2 == M) && (((Y % 4) || !(Y % - 100)) && + if ((2 == M) && (((Y % 4) || !(Y % 100)) && (Y % 400)) && (D > 28)) goto badtime; /* leap years */ @@ -1292,8 +1284,7 @@ nssCKFWToken_OpenSession( *pError = CKR_TOKEN_WRITE_PROTECTED; goto done; } - } - else { + } else { /* Read-only session desired */ if (CKS_RW_SO_FUNCTIONS == nssCKFWToken_GetSessionState(fwToken)) { *pError = CKR_SESSION_READ_WRITE_SO_EXISTS; diff --git a/security/nss/lib/ckfw/wrap.c b/security/nss/lib/ckfw/wrap.c index 7a8d42f8e9f0..44c2e8e5b189 100644 --- a/security/nss/lib/ckfw/wrap.c +++ b/security/nss/lib/ckfw/wrap.c @@ -365,8 +365,7 @@ NSSCKFWC_GetSlotList( *pulCount = nSlots; error = CKR_BUFFER_TOO_SMALL; goto loser; - } - else { + } else { CK_ULONG i; *pulCount = nSlots; @@ -803,8 +802,7 @@ NSSCKFWC_GetMechanismList( if (0 != count) { error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList); - } - else { + } else { error = CKR_OK; } @@ -1098,8 +1096,7 @@ NSSCKFWC_InitPIN( if ((CK_CHAR_PTR)CK_NULL_PTR == pPin) { arg = (NSSItem *)NULL; - } - else { + } else { arg = &pin; pin.size = (PRUint32)ulPinLen; pin.data = (void *)pPin; @@ -1173,8 +1170,7 @@ NSSCKFWC_SetPIN( if ((CK_CHAR_PTR)CK_NULL_PTR == pOldPin) { oldArg = (NSSItem *)NULL; - } - else { + } else { oldArg = &oldPin; oldPin.size = (PRUint32)ulOldLen; oldPin.data = (void *)pOldPin; @@ -1182,8 +1178,7 @@ NSSCKFWC_SetPIN( if ((CK_CHAR_PTR)CK_NULL_PTR == pNewPin) { newArg = (NSSItem *)NULL; - } - else { + } else { newArg = &newPin; newPin.size = (PRUint32)ulNewLen; newPin.data = (void *)pNewPin; @@ -1266,15 +1261,13 @@ NSSCKFWC_OpenSession( if (flags & CKF_RW_SESSION) { rw = CK_TRUE; - } - else { + } else { rw = CK_FALSE; } if (flags & CKF_SERIAL_SESSION) { ; - } - else { + } else { error = CKR_SESSION_PARALLEL_NOT_SUPPORTED; goto loser; } @@ -1699,8 +1692,7 @@ NSSCKFWC_SetOperationState( if ((CK_OBJECT_HANDLE)0 == hEncryptionKey) { eKey = (NSSCKFWObject *)NULL; - } - else { + } else { eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey); if (!eKey) { error = CKR_KEY_HANDLE_INVALID; @@ -1710,8 +1702,7 @@ NSSCKFWC_SetOperationState( if ((CK_OBJECT_HANDLE)0 == hAuthenticationKey) { aKey = (NSSCKFWObject *)NULL; - } - else { + } else { aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey); if (!aKey) { error = CKR_KEY_HANDLE_INVALID; @@ -1787,8 +1778,7 @@ NSSCKFWC_Login( if ((CK_CHAR_PTR)CK_NULL_PTR == pPin) { arg = (NSSItem *)NULL; - } - else { + } else { arg = &pin; pin.size = (PRUint32)ulPinLen; pin.data = (void *)pPin; @@ -2277,8 +2267,7 @@ NSSCKFWC_GetAttributeValue( if ((CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue) { pTemplate[i].ulValueLen = size; - } - else { + } else { NSSItem it, *p; if (pTemplate[i].ulValueLen < size) { @@ -2317,12 +2306,10 @@ NSSCKFWC_GetAttributeValue( if (sensitive) { error = CKR_ATTRIBUTE_SENSITIVE; goto loser; - } - else if (invalid) { + } else if (invalid) { error = CKR_ATTRIBUTE_TYPE_INVALID; goto loser; - } - else if (tooSmall) { + } else if (tooSmall) { error = CKR_BUFFER_TOO_SMALL; goto loser; } diff --git a/security/nss/lib/crmf/challcli.c b/security/nss/lib/crmf/challcli.c index f2e68594af71..a92843894855 100644 --- a/security/nss/lib/crmf/challcli.c +++ b/security/nss/lib/crmf/challcli.c @@ -182,8 +182,7 @@ CMMF_POPODecKeyChallContentGetRandomNumber(CMMFPOPODecKeyChallContent *inKeyChal CMMFChallenge *challenge; PORT_Assert(inKeyChallCont != NULL); - if (inKeyChallCont == NULL || inIndex > 0 || inIndex >= - inKeyChallCont->numChallenges) { + if (inKeyChallCont == NULL || inIndex > 0 || inIndex >= inKeyChallCont->numChallenges) { return SECFailure; } challenge = inKeyChallCont->challenges[inIndex]; diff --git a/security/nss/lib/crmf/cmmfchal.c b/security/nss/lib/crmf/cmmfchal.c index b2d33b9d72e7..13be227c3cf7 100644 --- a/security/nss/lib/crmf/cmmfchal.c +++ b/security/nss/lib/crmf/cmmfchal.c @@ -214,8 +214,7 @@ CMMF_POPODecKeyChallContentSetNextChallenge(CMMFPOPODecKeyChallContent *inDecKey if (inDecKeyChall->numChallenges == 0) { rv = cmmf_create_first_challenge(inDecKeyChall, inRandom, genNameDER, inPubKey, passwdArg); - } - else { + } else { curChallenge = PORT_ArenaZNew(poolp, CMMFChallenge); if (curChallenge == NULL) { rv = SECFailure; diff --git a/security/nss/lib/crmf/cmmfrec.c b/security/nss/lib/crmf/cmmfrec.c index 068a0d84d5ed..5dfe1fcca0f3 100644 --- a/security/nss/lib/crmf/cmmfrec.c +++ b/security/nss/lib/crmf/cmmfrec.c @@ -107,8 +107,7 @@ CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep, &inKeyRecRep->caCerts); if (rv != SECSuccess) { PORT_ArenaRelease(inKeyRecRep->poolp, mark); - } - else { + } else { PORT_ArenaUnmark(inKeyRecRep->poolp, mark); } return rv; diff --git a/security/nss/lib/crmf/cmmfresp.c b/security/nss/lib/crmf/cmmfresp.c index 1be8c47f344e..c8ff4bd75173 100644 --- a/security/nss/lib/crmf/cmmfresp.c +++ b/security/nss/lib/crmf/cmmfresp.c @@ -52,8 +52,7 @@ cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert, if (derDest == NULL) { goto loser; } - } - else { + } else { derDest = SECITEM_DupItem(&inCert->derCert); if (derDest == NULL) { goto loser; @@ -67,8 +66,7 @@ cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert, if (rv != SECSuccess) { goto loser; } - } - else { + } else { certOrEncCert->derValue = *derDest; } PORT_Free(derDest); @@ -218,8 +216,7 @@ CMMF_CertResponseSetCertificate(CMMFCertResponse *inCertResp, if (inCertResp->certifiedKeyPair == NULL) { keyPair = inCertResp->certifiedKeyPair = PORT_ZNew(CMMFCertifiedKeyPair); - } - else { + } else { keyPair = inCertResp->certifiedKeyPair; } if (keyPair == NULL) { @@ -266,8 +263,7 @@ CMMF_CertRepContentSetCAPubs(CMMFCertRepContent *inCertRepContent, if (rv != SECSuccess) { PORT_ArenaRelease(poolp, mark); - } - else { + } else { PORT_ArenaUnmark(poolp, mark); } return rv; diff --git a/security/nss/lib/crmf/crmfcont.c b/security/nss/lib/crmf/crmfcont.c index 6c7c10580a4c..9cafdb1d7c9d 100644 --- a/security/nss/lib/crmf/crmfcont.c +++ b/security/nss/lib/crmf/crmfcont.c @@ -19,8 +19,7 @@ crmf_modify_control_array(CRMFCertRequest *inCertReq, int count) return SECFailure; } inCertReq->controls = dummy; - } - else { + } else { inCertReq->controls = PORT_ZNewArray(CRMFControl *, 2); } return (inCertReq->controls == NULL) ? SECFailure : SECSuccess; @@ -593,8 +592,7 @@ crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest) if (rv != SECSuccess) { dest = NULL; } - } - else { + } else { dest = SECITEM_ArenaDupItem(NULL, src); } return dest; @@ -673,8 +671,7 @@ crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp, if (wrappingKey == NULL) { goto loser; } /* Make the length a byte length instead of bit length*/ - params = (encValue->symmAlg != NULL) ? - crmf_decode_params(&encValue->symmAlg->parameters) + params = (encValue->symmAlg != NULL) ? crmf_decode_params(&encValue->symmAlg->parameters) : NULL; origLen = encValue->encValue.len; encValue->encValue.len = CRMF_BITS_TO_BYTES(origLen); diff --git a/security/nss/lib/crmf/crmfget.c b/security/nss/lib/crmf/crmfget.c index 86514a7ac070..a61082c679e0 100644 --- a/security/nss/lib/crmf/crmfget.c +++ b/security/nss/lib/crmf/crmfget.c @@ -43,10 +43,8 @@ crmf_copy_cert_request_validity(PLArenaPool *poolp, CRMFOptionalValidity *myValidity = NULL; SECStatus rv; - *destValidity = myValidity = (poolp == NULL) ? - PORT_ZNew(CRMFOptionalValidity) - : - PORT_ArenaZNew(poolp, CRMFOptionalValidity); + *destValidity = myValidity = (poolp == NULL) ? PORT_ZNew(CRMFOptionalValidity) + : PORT_ArenaZNew(poolp, CRMFOptionalValidity); if (myValidity == NULL) { goto loser; } diff --git a/security/nss/lib/crmf/crmfpop.c b/security/nss/lib/crmf/crmfpop.c index 019875616e83..e20353c4eef2 100644 --- a/security/nss/lib/crmf/crmfpop.c +++ b/security/nss/lib/crmf/crmfpop.c @@ -203,8 +203,7 @@ crmf_create_poposignkey(PLArenaPool *poolp, if (useSignKeyInput) { goto loser; - } - else { + } else { rv = crmf_sign_certreq(poolp, signKey, certReq, inPrivKey, inAlgID); if (rv != SECSuccess) { goto loser; diff --git a/security/nss/lib/crmf/crmfreq.c b/security/nss/lib/crmf/crmfreq.c index 7dbf94c7c193..483251636c89 100644 --- a/security/nss/lib/crmf/crmfreq.c +++ b/security/nss/lib/crmf/crmfreq.c @@ -351,8 +351,7 @@ crmf_template_add_extensions(PLArenaPool *poolp, CRMFCertTemplate *inTemplate, if (inTemplate->extensions == NULL) { newSize = extensions->numExtensions; extArray = PORT_ZNewArray(CRMFCertExtension *, newSize + 1); - } - else { + } else { newSize = inTemplate->numExtensions + extensions->numExtensions; extArray = PORT_Realloc(inTemplate->extensions, sizeof(CRMFCertExtension *) * (newSize + 1)); @@ -459,8 +458,7 @@ CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq, } if (rv != SECSuccess) { PORT_ArenaRelease(poolp, mark); - } - else { + } else { PORT_ArenaUnmark(poolp, mark); } return rv; @@ -551,10 +549,8 @@ crmf_create_cert_extension(PLArenaPool *poolp, } if (isCritical) { - newExt->critical.data = (poolp == NULL) ? - PORT_New(unsigned char) - : - PORT_ArenaNew(poolp, unsigned char); + newExt->critical.data = (poolp == NULL) ? PORT_New(unsigned char) + : PORT_ArenaNew(poolp, unsigned char); if (newExt->critical.data == NULL) { goto loser; } diff --git a/security/nss/lib/crmf/respcmn.c b/security/nss/lib/crmf/respcmn.c index 3f5f15ace786..ecd006e9757e 100644 --- a/security/nss/lib/crmf/respcmn.c +++ b/security/nss/lib/crmf/respcmn.c @@ -218,8 +218,7 @@ cmmf_copy_secitem(PLArenaPool *poolp, SECItem *dest, SECItem *src) if (src->data != NULL) { rv = SECITEM_CopyItem(poolp, dest, src); - } - else { + } else { dest->data = NULL; dest->len = 0; rv = SECSuccess; diff --git a/security/nss/lib/crmf/servget.c b/security/nss/lib/crmf/servget.c index c36abfe23828..5c72cb530c65 100644 --- a/security/nss/lib/crmf/servget.c +++ b/security/nss/lib/crmf/servget.c @@ -356,10 +356,8 @@ crmf_copy_poposigningkey(PLArenaPool *poolp, rv = SECITEM_CopyItem(poolp, &destPopoSignKey->derInput, &inPopoSignKey->derInput); } - destPopoSignKey->algorithmIdentifier = (poolp == NULL) ? - PORT_ZNew(SECAlgorithmID) - : - PORT_ArenaZNew(poolp, SECAlgorithmID); + destPopoSignKey->algorithmIdentifier = (poolp == NULL) ? PORT_ZNew(SECAlgorithmID) + : PORT_ArenaZNew(poolp, SECAlgorithmID); if (destPopoSignKey->algorithmIdentifier == NULL) { goto loser; @@ -634,8 +632,7 @@ crmf_copy_name(CERTName *destName, CERTName *srcName) if (destName->arena != NULL) { poolp = destName->arena; - } - else { + } else { poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); } if (poolp == NULL) { diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c index f318678283f7..827413a7012c 100644 --- a/security/nss/lib/cryptohi/seckey.c +++ b/security/nss/lib/cryptohi/seckey.c @@ -348,8 +348,7 @@ seckey_UpdateCertPQGChain(CERTCertificate *subjectCert, int count) return SECSuccess; } - } - else { + } else { return SECFailure; /* return failure if oid is NULL */ } @@ -393,8 +392,7 @@ seckey_UpdateCertPQGChain(CERTCertificate *subjectCert, int count) rv = SECFailure; goto loser; } - } - else { + } else { rv = SECFailure; /* return failure if oid is NULL */ goto loser; } @@ -481,8 +479,7 @@ seckey_DSADecodePQG(PLArenaPool *arena, SECKEYPublicKey *pubk, SECKEY_PQGParamsTemplate, &newparams); } - } - else { + } else { if (SECSuccess == rv) { /* else the old fortezza-only wrapped format is used. */ @@ -1080,16 +1077,14 @@ SECKEY_CopyPrivateKey(const SECKEYPrivateKey *privk) PK11_CopyKey(privk->pkcs11Slot, privk->pkcs11ID); if (copyk->pkcs11ID == CK_INVALID_HANDLE) goto fail; - } - else { + } else { copyk->pkcs11ID = privk->pkcs11ID; } copyk->pkcs11IsTemp = privk->pkcs11IsTemp; copyk->wincx = privk->wincx; copyk->staticflags = privk->staticflags; return copyk; - } - else { + } else { PORT_SetError(SEC_ERROR_NO_MEMORY); } @@ -1124,8 +1119,7 @@ SECKEY_CopyPublicKey(const SECKEYPublicKey *pubk) PK11_IsPermObject(pubk->pkcs11Slot, pubk->pkcs11ID)) { copyk->pkcs11Slot = PK11_ReferenceSlot(pubk->pkcs11Slot); copyk->pkcs11ID = pubk->pkcs11ID; - } - else { + } else { copyk->pkcs11Slot = NULL; /* go get own reference */ copyk->pkcs11ID = CK_INVALID_HANDLE; } @@ -1358,8 +1352,7 @@ seckey_CreateSubjectPublicKeyInfo_helper(SECKEYPublicKey *pubk) default: break; } - } - else { + } else { PORT_SetError(SEC_ERROR_NO_MEMORY); } @@ -1445,8 +1438,7 @@ SECKEY_DecodeDERSubjectPublicKeyInfo(const SECItem *spkider) } if (rv == SECSuccess) return spki; - } - else { + } else { PORT_SetError(SEC_ERROR_NO_MEMORY); } @@ -1593,12 +1585,10 @@ SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk, PORT_Memset(pvk, 0, sizeof(*pvk)); if (freeit == PR_TRUE) { PORT_FreeArena(poolp, PR_TRUE); - } - else { + } else { pvk->arena = poolp; } - } - else { + } else { SECITEM_ZfreeItem(&pvk->version, PR_FALSE); SECITEM_ZfreeItem(&pvk->privateKey, PR_FALSE); SECOID_DestroyAlgorithmID(&pvk->algorithm, PR_FALSE); @@ -1626,12 +1616,10 @@ SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki, PORT_Memset(epki, 0, sizeof(*epki)); if (freeit == PR_TRUE) { PORT_FreeArena(poolp, PR_TRUE); - } - else { + } else { epki->arena = poolp; } - } - else { + } else { SECITEM_ZfreeItem(&epki->encryptedData, PR_FALSE); SECOID_DestroyAlgorithmID(&epki->algorithm, PR_FALSE); PORT_Memset(epki, 0, sizeof(*epki)); @@ -1912,8 +1900,7 @@ loser: #define SECKEY_CacheAttribute(key, attribute) \ if (CK_TRUE == PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute, PR_FALSE)) { \ key->staticflags |= SECKEY_##attribute; \ - } \ - else { \ + } else { \ key->staticflags &= (~SECKEY_##attribute); \ } diff --git a/security/nss/lib/cryptohi/secsign.c b/security/nss/lib/cryptohi/secsign.c index c59114c3626c..0243c2648239 100644 --- a/security/nss/lib/cryptohi/secsign.c +++ b/security/nss/lib/cryptohi/secsign.c @@ -177,8 +177,7 @@ SGN_End(SGNContext *cx, SECItem *result) if (rv != SECSuccess) { goto loser; } - } - else { + } else { digder.data = digest; digder.len = part1; } @@ -215,8 +214,7 @@ SGN_End(SGNContext *cx, SECItem *result) PORT_Free(sigitem.data); if (rv != SECSuccess) goto loser; - } - else { + } else { result->len = sigitem.len; result->data = sigitem.data; } @@ -396,8 +394,7 @@ SGN_Digest(SECKEYPrivateKey *privKey, if (rv != SECSuccess) { goto loser; } - } - else { + } else { digder.data = digest->data; digder.len = digest->len; } diff --git a/security/nss/lib/cryptohi/secvfy.c b/security/nss/lib/cryptohi/secvfy.c index 5090f1aeb234..2ac21abd4dbb 100644 --- a/security/nss/lib/cryptohi/secvfy.c +++ b/security/nss/lib/cryptohi/secvfy.c @@ -105,8 +105,7 @@ recoverPKCS1DigestInfo(SECOidTag givenDigestAlg, if (rv == SECSuccess) { *digestInfoLen = it.len; *digestInfo = (unsigned char *)it.data; - } - else { + } else { if (it.data) { PORT_Free(it.data); } @@ -195,8 +194,7 @@ decodeECorDSASignature(SECOidTag algid, const SECItem *sig, unsigned char *dsig, if ((dsasig == NULL) || (dsasig->len != len)) { rv = SECFailure; - } - else { + } else { PORT_Memcpy(dsig, dsasig->data, dsasig->len); } @@ -296,17 +294,13 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, len = SECKEY_PublicKeyStrength(key); if (len < 28) { /* 28 bytes == 224 bits */ *hashalg = SEC_OID_SHA1; - } - else if (len < 32) { /* 32 bytes == 256 bits */ + } else if (len < 32) { /* 32 bytes == 256 bits */ *hashalg = SEC_OID_SHA224; - } - else if (len < 48) { /* 48 bytes == 384 bits */ + } else if (len < 48) { /* 48 bytes == 384 bits */ *hashalg = SEC_OID_SHA256; - } - else if (len < 64) { /* 48 bytes == 512 bits */ + } else if (len < 64) { /* 48 bytes == 512 bits */ *hashalg = SEC_OID_SHA384; - } - else { + } else { /* use the largest in this case */ *hashalg = SEC_OID_SHA512; } @@ -667,8 +661,7 @@ vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key, if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) != SECSuccess) { PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - } - else { + } else { rv = SECSuccess; } break; diff --git a/security/nss/lib/dbm/include/hash.h b/security/nss/lib/dbm/include/hash.h index e05d5a18736f..9faa0b724a59 100644 --- a/security/nss/lib/dbm/include/hash.h +++ b/security/nss/lib/dbm/include/hash.h @@ -163,9 +163,8 @@ typedef struct htab { /* Memory resident data structure */ #define ALL_CLEAR 0 #define PTROF(X) ((ptrdiff_t)(X) == BUF_DISK ? 0 : (X)) -#define ISDISK(X) ((X) ? ((ptrdiff_t)(X) == BUF_DISK ? BUF_DISK \ - : \ - (X)->is_disk) \ +#define ISDISK(X) ((X) ? ((ptrdiff_t)(X) == BUF_DISK ? BUF_DISK \ + : (X)->is_disk) \ : 0) #define BITS_PER_MAP 32 diff --git a/security/nss/lib/dbm/src/dirent.c b/security/nss/lib/dbm/src/dirent.c index c0a57279317f..da3e83e5c8cb 100644 --- a/security/nss/lib/dbm/src/dirent.c +++ b/security/nss/lib/dbm/src/dirent.c @@ -81,8 +81,7 @@ getFSType(const char *path) if (isalpha(path[0]) && path[1] == ':') { unit = toupper(path[0]) - '@'; path += 2; - } - else { + } else { ULONG driveMap; #if OS2 >= 2 if (DosQueryCurrentDisk(&unit, &driveMap)) @@ -109,8 +108,7 @@ getFSType(const char *path) if (infolen >= sizeof(FSQBUFFER2)) { FSQBUFFER2 *p = (FSQBUFFER2 *)info; r = p->szFSDName[p->cbName]; - } - else + } else #else if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0)) return 0; @@ -118,8 +116,7 @@ getFSType(const char *path) char *p = info + sizeof(USHORT); p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT); r = *p; - } - else + } else #endif r = 0; return cache[unit] = r; diff --git a/security/nss/lib/dbm/src/dirent.h b/security/nss/lib/dbm/src/dirent.h index 0db1485ad57b..0b4ae5dd2cc0 100644 --- a/security/nss/lib/dbm/src/dirent.h +++ b/security/nss/lib/dbm/src/dirent.h @@ -61,7 +61,7 @@ struct dirent { #else char d_name[MAXNAMLEN + 1]; /* garentee null termination */ char d_attribute; /* .. extension .. */ - unsigned long d_size; /* .. extension .. */ + unsigned long d_size; /* .. extension .. */ #endif }; diff --git a/security/nss/lib/dbm/src/h_bigkey.c b/security/nss/lib/dbm/src/h_bigkey.c index f4f9288d3c9d..6edfe7f5a32a 100644 --- a/security/nss/lib/dbm/src/h_bigkey.c +++ b/security/nss/lib/dbm/src/h_bigkey.c @@ -129,8 +129,7 @@ __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) p[n - 2] = FULL_KEY_DATA; FREESPACE(p) = FREESPACE(p) - move_bytes; OFFSET(p) = off; - } - else + } else p[n - 2] = FULL_KEY; } p = (uint16 *)bufp->page; @@ -164,8 +163,7 @@ __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) return (-1); cp = bufp->page; p = (uint16 *)cp; - } - else + } else p[n] = FULL_KEY_DATA; bufp->flags |= BUF_MOD; } @@ -236,8 +234,7 @@ __big_delete(HTAB *hashp, BUFHEAD *bufp) bp[1] = pageno; bp[2] = OVFLPAGE; bufp->ovfl = rbufp->ovfl; - } - else + } else /* This is the last page. */ bufp->ovfl = NULL; n -= 2; @@ -295,8 +292,7 @@ __find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size) ++hash_collisions; #endif return (-2); - } - else + } else return (ndx); } @@ -384,8 +380,7 @@ __big_return( save_addr = save_p->addr; off = bp[1]; len = 0; - } - else if (!FREESPACE(bp)) { + } else if (!FREESPACE(bp)) { /* * This is a hack. We can't distinguish between * FULL_KEY_DATA that contains complete data or @@ -401,8 +396,7 @@ __big_return( if (!bufp) return (-1); bp = (uint16 *)bufp->page; - } - else { + } else { /* The data is all on one page. */ tp = (char *)bp; off = bp[bp[0]]; @@ -414,8 +408,7 @@ __big_return( hashp->cpage = NULL; hashp->cbucket++; hashp->cndx = 1; - } - else { + } else { hashp->cpage = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); if (!hashp->cpage) @@ -528,8 +521,7 @@ collect_data( if (bp[0] == 2) { /* No more buckets in chain */ hashp->cpage = NULL; hashp->cbucket++; - } - else { + } else { hashp->cpage = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); if (!hashp->cpage) return (-1); @@ -589,8 +581,7 @@ collect_key( return (-1); if (__big_return(hashp, bufp, 1, val, set)) return (-1); - } - else { + } else { xbp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); if (!xbp || ((totlen = collect_key(hashp, xbp, totlen, val, set)) < 1)) @@ -639,8 +630,7 @@ __big_split( __get_buf(hashp, ret->next_addr, big_keyp, 0))) return (-1); ; - } - else + } else ret->nextp = NULL; /* Now make one of np/op point to the big key/data pair */ @@ -706,8 +696,7 @@ __big_split( if (!tmpp) return (-1); tp[4] = n; - } - else + } else tmpp = big_keyp; if (change) diff --git a/security/nss/lib/dbm/src/h_page.c b/security/nss/lib/dbm/src/h_page.c index ecdc29310b12..bf1252aeb53f 100644 --- a/security/nss/lib/dbm/src/h_page.c +++ b/security/nss/lib/dbm/src/h_page.c @@ -256,8 +256,7 @@ __delpair(HTAB *hashp, BUFHEAD *bufp, int ndx) if (bp[i + 1] == OVFLPAGE) { bp[i - 2] = bp[i]; bp[i - 1] = bp[i + 1]; - } - else { + } else { bp[i - 2] = bp[i] + pairlen; bp[i - 1] = bp[i + 1] + pairlen; } @@ -341,12 +340,10 @@ __split_page(HTAB *hashp, uint32 obucket, uint32 nbucket) off - ino[n + 1]); ino[ndx] = copyto + ino[n] - ino[n + 1]; ino[ndx + 1] = copyto; - } - else + } else copyto = ino[n + 1]; ndx += 2; - } - else { + } else { /* Switch page */ val.data = (uint8 *)op + ino[n + 1]; val.size = ino[n] - ino[n + 1]; @@ -460,8 +457,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp, cino = (char *)bufp->page; ino = (uint16 *)cino; last_bfp = ret.nextp; - } - else if (ino[n + 1] == OVFLPAGE) { + } else if (ino[n + 1] == OVFLPAGE) { ov_addr = ino[n]; /* * Fix up the old page -- the extra 2 are the fields @@ -508,8 +504,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp, putpair((char *)op, &key, &val); } old_bufp->flags |= BUF_MOD; - } - else { + } else { /* Move to new page */ if (PAIRFITS(np, (&key), (&val))) putpair((char *)np, &key, &val); @@ -560,8 +555,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) return (-1); } bp = (uint16 *)bufp->page; - } - else + } else /* Try to squeeze key on this page */ if (FREESPACE(bp) > PAIRSIZE(key, val)) { { @@ -575,8 +569,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) hashp->NKEYS++; return (0); } - } - else { + } else { bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); if (!bufp) { #ifdef DEBUG @@ -716,8 +709,7 @@ __get_page(HTAB *hashp, if (!is_bitmap && !bp[0]) { PAGE_INIT(p); - } - else { + } else { if (hashp->LORDER != BYTE_ORDER) { register int i, max; @@ -726,8 +718,7 @@ __get_page(HTAB *hashp, max = hashp->BSIZE >> 2; /* divide by 4 */ for (i = 0; i < max; i++) M_32_SWAP(((int *)p)[i]); - } - else { + } else { M_16_SWAP(bp[0]); max = bp[0] + 2; @@ -779,8 +770,7 @@ __get_page(HTAB *hashp, return (DATABASE_CORRUPTED_ERROR); offset = bp[i + 1]; - } - else { + } else { /* there are no other valid keys after * seeing a non REAL_KEY */ @@ -820,8 +810,7 @@ __put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap) max = hashp->BSIZE >> 2; /* divide by 4 */ for (i = 0; i < max; i++) M_32_SWAP(((int *)p)[i]); - } - else { + } else { max = ((uint16 *)p)[0] + 2; /* bound the size of max by @@ -865,8 +854,7 @@ __put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap) max = hashp->BSIZE >> 2; /* divide by 4 */ for (i = 0; i < max; i++) M_32_SWAP(((int *)p)[i]); - } - else { + } else { uint16 *bp = (uint16 *)p; M_16_SWAP(bp[0]); @@ -959,8 +947,7 @@ overflow_page(HTAB *hashp) ((hashp->BSIZE << BYTE_SHIFT) - 1); j = bit / BITS_PER_MAP; bit = bit & ~(BITS_PER_MAP - 1); - } - else { + } else { bit = 0; j = 0; } @@ -1029,8 +1016,7 @@ overflow_page(HTAB *hashp) hashp->SPARES[splitnum - 1]--; offset = 0; } - } - else { + } else { /* * Free_bit addresses the last used bit. Bump it to address * the first available bit. diff --git a/security/nss/lib/dbm/src/hash.c b/security/nss/lib/dbm/src/hash.c index d9a90ad0214d..5af4db73d22d 100644 --- a/security/nss/lib/dbm/src/hash.c +++ b/security/nss/lib/dbm/src/hash.c @@ -173,8 +173,7 @@ __hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dfl if (errno == ENOENT) errno = 0; /* Just in case someone looks at errno */ new_table = 1; - } - else if (statbuf.st_mtime && statbuf.st_size == 0) { + } else if (statbuf.st_mtime && statbuf.st_size == 0) { /* check for a zero length file and delete it * if it exists */ @@ -195,8 +194,7 @@ __hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dfl if (new_table) { if (!init_hash(hashp, file, (HASHINFO *)info)) RETURN_ERROR(errno, error1); - } - else { + } else { /* Table already exists */ if (info && info->hash) hashp->hash = info->hash; @@ -706,10 +704,8 @@ hash_put( return (DBM_ERROR); } - rv = hash_access(hashp, flag == R_NOOVERWRITE ? - HASH_PUTNEW - : - HASH_PUT, + rv = hash_access(hashp, flag == R_NOOVERWRITE ? HASH_PUTNEW + : HASH_PUT, (DBT *)key, (DBT *)data); if (rv == DATABASE_CORRUPTED_ERROR) { @@ -802,8 +798,7 @@ hash_access( #endif bp += 2; ndx += 2; - } - else if (bp[1] == OVFLPAGE) { + } else if (bp[1] == OVFLPAGE) { /* database corruption: overflow loop detection */ if (last_overflow_page_no == (int32)*bp) @@ -826,8 +821,7 @@ hash_access( n = *bp++; ndx = 1; off = hashp->BSIZE; - } - else if (bp[1] < REAL_KEY) { + } else if (bp[1] < REAL_KEY) { if ((ndx = __find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0) goto found; @@ -849,8 +843,7 @@ hash_access( n = *bp++; ndx = 1; off = hashp->BSIZE; - } - else { + } else { save_bufp->flags &= ~BUF_PIN; return (DBM_ERROR); } @@ -864,8 +857,7 @@ hash_access( if (__addel(hashp, rbufp, key, val)) { save_bufp->flags &= ~BUF_PIN; return (DBM_ERROR); - } - else { + } else { save_bufp->flags &= ~BUF_PIN; return (SUCCESS); } @@ -886,8 +878,7 @@ found: if (bp[ndx + 1] < REAL_KEY) { if (__big_return(hashp, rbufp, ndx, val, 0)) return (DBM_ERROR); - } - else { + } else { val->data = (uint8 *)rbufp->page + (int)bp[ndx + 1]; val->size = bp[ndx] - bp[ndx + 1]; } @@ -956,8 +947,7 @@ hash_seq( hashp->cbucket = -1; return (ABNORMAL); } - } - else + } else bp = (uint16 *)hashp->cpage->page; #ifdef DEBUG @@ -981,8 +971,7 @@ hash_seq( if (bp[ndx + 1] < REAL_KEY) { if (__big_keydata(hashp, bufp, key, data, 1)) return (DBM_ERROR); - } - else { + } else { key->data = (uint8 *)hashp->cpage->page + bp[ndx]; key->size = (ndx > 1 ? bp[ndx - 1] : hashp->BSIZE) - bp[ndx]; data->data = (uint8 *)hashp->cpage->page + bp[ndx + 1]; @@ -992,8 +981,7 @@ hash_seq( hashp->cpage = NULL; hashp->cbucket++; hashp->cndx = 1; - } - else + } else hashp->cndx = ndx; } return (SUCCESS); diff --git a/security/nss/lib/dbm/src/hash_buf.c b/security/nss/lib/dbm/src/hash_buf.c index 22e98c90a3d2..581ba169a4ea 100644 --- a/security/nss/lib/dbm/src/hash_buf.c +++ b/security/nss/lib/dbm/src/hash_buf.c @@ -120,8 +120,7 @@ __get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage) bp = NULL; if (!newpage) is_disk = BUF_DISK; - } - else { + } else { /* Grab buffer out of directory */ segment_ndx = addr & (hashp->SGSIZE - 1); @@ -173,8 +172,7 @@ __get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage) segp[segment_ndx] = bp; #endif } - } - else { + } else { BUF_REMOVE(bp); MRU_INSERT(bp); } @@ -225,8 +223,7 @@ newbuf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp) if (hashp->nbufs) hashp->nbufs--; - } - else { + } else { /* Kick someone out */ BUF_REMOVE(bp); /* @@ -331,8 +328,7 @@ newbuf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp) #endif prev_bp->ovfl = bp; bp->flags = 0; - } - else + } else bp->flags = BUF_BUCKET; MRU_INSERT(bp); return (bp); @@ -394,8 +390,7 @@ __buf_free(HTAB *hashp, int do_free, int to_disk) BUF_REMOVE(bp); free(bp); bp = LRU; - } - else + } else bp = bp->prev; } return (0); diff --git a/security/nss/lib/dbm/src/memmove.c b/security/nss/lib/dbm/src/memmove.c index c938774e5d62..93e8873a488c 100644 --- a/security/nss/lib/dbm/src/memmove.c +++ b/security/nss/lib/dbm/src/memmove.c @@ -111,8 +111,7 @@ register size_t length; TLOOP(*(word *)dst = *(word *)src; src += wsize; dst += wsize); t = length & wmask; TLOOP(*dst++ = *src++); - } - else { + } else { /* * Copy backwards. Otherwise essentially the same. * Alignment works as before, except that it takes diff --git a/security/nss/lib/dbm/src/mktemp.c b/security/nss/lib/dbm/src/mktemp.c index 7a4be2b1ad41..b668ece182cf 100644 --- a/security/nss/lib/dbm/src/mktemp.c +++ b/security/nss/lib/dbm/src/mktemp.c @@ -127,8 +127,7 @@ _gettemp(char *path, register int *doopen, int extraFlags) return (1); if (errno != EEXIST) return (0); - } - else if (stat(path, &sbuf)) + } else if (stat(path, &sbuf)) return (errno == ENOENT ? 1 : 0); /* tricky little algorithm for backward compatibility */ diff --git a/security/nss/lib/dbm/tests/lots.c b/security/nss/lib/dbm/tests/lots.c index 0069b69134ba..91bba4965c4e 100644 --- a/security/nss/lib/dbm/tests/lots.c +++ b/security/nss/lib/dbm/tests/lots.c @@ -249,19 +249,16 @@ VerifyRange(int32 low, int32 high, int32 should_exist, key_type_enum key_type) /* got the item */ if (!should_exist) { ReportError("Item exists but shouldn't: %ld", num); - } - else { + } else { /* else verify the data */ VerifyData(&data, num, key_type); } - } - else if (status > 0) { + } else if (status > 0) { /* item not found */ if (should_exist) { ReportError("Item not found but should be: %ld", num); } - } - else { + } else { /* database error */ ReportError("Database error"); return (-1); @@ -285,8 +282,7 @@ GenData(int32 num) data = (DBT *)malloc(sizeof(DBT)); data->size = 0; data->data = 0; - } - else if (data->data) { + } else if (data->data) { free(data->data); } @@ -328,8 +324,7 @@ AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type) if (action == ADD_RANGE) { TraceMe(1, ("Adding: %ld to %ld: %s keys", low, high, key_type == USE_SMALL_KEY ? "SMALL" : "LARGE")); - } - else { + } else { TraceMe(1, ("Deleting: %ld to %ld: %s keys", low, high, key_type == USE_SMALL_KEY ? "SMALL" : "LARGE")); } @@ -341,8 +336,7 @@ AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type) if (action == ADD_RANGE) { data = GenData(num); status = (*database->put)(database, key, data, 0); - } - else { + } else { status = (*database->del)(database, key, 0); } @@ -350,13 +344,11 @@ AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type) ReportError("Database error %s item: %ld", action == ADD_RANGE ? "ADDING" : "DELETING", num); - } - else if (status > 0) { + } else if (status > 0) { ReportError("Could not %s item: %ld", action == ADD_RANGE ? "ADD" : "DELETE", num); - } - else if (action == ADD_RANGE) { + } else if (action == ADD_RANGE) { #define SYNC_EVERY_TIME #ifdef SYNC_EVERY_TIME status = (*database->sync)(database, 0); @@ -388,8 +380,7 @@ AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type) if (action == ADD_RANGE) { TraceMe(1, ("Successfully added: %ld to %ld", low, high)); - } - else { + } else { TraceMe(1, ("Successfully deleted: %ld to %ld", low, high)); } @@ -524,8 +515,7 @@ main(int argc, char **argv) if (1 || j) { TestRange(START_RANGE, i, USE_LARGE_KEY); j = 0; - } - else { + } else { TestRange(START_RANGE, i, USE_SMALL_KEY); j = 1; } @@ -545,8 +535,7 @@ main(int argc, char **argv) #endif exit(1); } - } - else { + } else { /* reopen database without closeing the other */ database = dbopen("test.db", O_RDWR | O_CREAT, 0644, DB_HASH, 0); if (!database) { diff --git a/security/nss/lib/dev/ckhelper.c b/security/nss/lib/dev/ckhelper.c index f58594228fbf..4f3972653109 100644 --- a/security/nss/lib/dev/ckhelper.c +++ b/security/nss/lib/dev/ckhelper.c @@ -145,8 +145,7 @@ loser: if (arenaOpt) { /* release all arena memory allocated before the failure. */ (void)nssArena_Release(arenaOpt, mark); - } - else { + } else { CK_ULONG j; /* free each heap object that was allocated before the failure. */ for (j = 0; j < i; j++) { @@ -222,8 +221,7 @@ nssCKObject_SetAttributes( nssSession_ExitMonitor(session); if (ckrv == CKR_OK) { return PR_SUCCESS; - } - else { + } else { return PR_FAILURE; } } @@ -311,10 +309,8 @@ nssCryptokiCertificate_GetAttributes( cert_template, template_size); if (status != PR_SUCCESS) { - session = sessionOpt ? - sessionOpt - : - nssToken_GetDefaultSession(certObject->token); + session = sessionOpt ? sessionOpt + : nssToken_GetDefaultSession(certObject->token); if (!session) { nss_SetError(NSS_ERROR_INVALID_ARGUMENT); return PR_FAILURE; @@ -429,10 +425,8 @@ nssCryptokiTrust_GetAttributes( CKO_NSS_TRUST, trust_template, trust_size); if (status != PR_SUCCESS) { - session = sessionOpt ? - sessionOpt - : - nssToken_GetDefaultSession(trustObject->token); + session = sessionOpt ? sessionOpt + : nssToken_GetDefaultSession(trustObject->token); if (!session) { nss_SetError(NSS_ERROR_INVALID_ARGUMENT); return PR_FAILURE; @@ -503,10 +497,8 @@ nssCryptokiCRL_GetAttributes( CKO_NSS_CRL, crl_template, crl_size); if (status != PR_SUCCESS) { - session = sessionOpt ? - sessionOpt - : - nssToken_GetDefaultSession(crlObject->token); + session = sessionOpt ? sessionOpt + : nssToken_GetDefaultSession(crlObject->token); if (session == NULL) { nss_SetError(NSS_ERROR_INVALID_ARGUMENT); return PR_FAILURE; @@ -575,11 +567,9 @@ nssCryptokiPrivateKey_SetCertificate( return PR_FAILURE; } session = sessionOpt; - } - else if (defaultSession && nssSession_IsReadWrite(defaultSession)) { + } else if (defaultSession && nssSession_IsReadWrite(defaultSession)) { session = defaultSession; - } - else { + } else { NSSSlot *slot = nssToken_GetSlot(token); session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE); nssSlot_Destroy(slot); diff --git a/security/nss/lib/dev/ckhelper.h b/security/nss/lib/dev/ckhelper.h index a2927f8cb955..169fc207db1a 100644 --- a/security/nss/lib/dev/ckhelper.h +++ b/security/nss/lib/dev/ckhelper.h @@ -68,8 +68,7 @@ NSS_EXTERN_DATA const NSSItem g_ck_class_privkey; if ((CK_LONG)(attrib)->ulValueLen > 0) { \ (item)->data = (void *)(attrib)->pValue; \ (item)->size = (PRUint32)(attrib)->ulValueLen; \ - } \ - else { \ + } else { \ (item)->data = 0; \ (item)->size = 0; \ } @@ -78,8 +77,7 @@ NSS_EXTERN_DATA const NSSItem g_ck_class_privkey; if ((attrib)->ulValueLen > 0) { \ if (*((CK_BBOOL *)(attrib)->pValue) == CK_TRUE) { \ boolvar = PR_TRUE; \ - } \ - else { \ + } else { \ boolvar = PR_FALSE; \ } \ } diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c index ded7b51d69c4..0adbca8bc74f 100644 --- a/security/nss/lib/dev/devtoken.c +++ b/security/nss/lib/dev/devtoken.c @@ -135,8 +135,7 @@ nssToken_DeleteStoredObject( if (token->defaultSession && nssSession_IsReadWrite(token->defaultSession)) { session = token->defaultSession; - } - else { + } else { session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE); createdSession = PR_TRUE; } @@ -180,17 +179,14 @@ import_object( return NULL; } session = sessionOpt; - } - else if (tok->defaultSession && - nssSession_IsReadWrite(tok->defaultSession)) { + } else if (tok->defaultSession && + nssSession_IsReadWrite(tok->defaultSession)) { session = tok->defaultSession; - } - else { + } else { session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE); createdSession = PR_TRUE; } - } - else { + } else { session = (sessionOpt) ? sessionOpt : tok->defaultSession; } if (session == NULL) { @@ -204,8 +200,7 @@ import_object( nssSession_ExitMonitor(session); if (ckrv == CKR_OK) { object = nssCryptokiObject_Create(tok, session, handle); - } - else { + } else { nss_SetError(ckrv); nss_SetError(NSS_ERROR_PKCS11); } @@ -268,15 +263,13 @@ find_objects( /* the arena is only for the array of object handles */ if (maximumOpt > 0) { arraySize = maximumOpt; - } - else { + } else { arraySize = OBJECT_STACK_SIZE; } numHandles = 0; if (arraySize <= OBJECT_STACK_SIZE) { objectHandles = staticObjects; - } - else { + } else { objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize); } if (!objectHandles) { @@ -318,8 +311,7 @@ find_objects( PORT_Memcpy(objectHandles, staticObjects, OBJECT_STACK_SIZE * sizeof(objectHandles[1])); } - } - else { + } else { objectHandles = nss_ZREALLOCARRAY(objectHandles, CK_OBJECT_HANDLE, arraySize); @@ -338,8 +330,7 @@ find_objects( if (numHandles > 0) { objects = create_objects_from_handles(tok, session, objectHandles, numHandles); - } - else { + } else { nss_SetError(NSS_ERROR_NOT_FOUND); objects = NULL; } @@ -368,8 +359,7 @@ loser: nss_SetError(NSS_ERROR_NOT_FOUND); if (statusOpt) *statusOpt = PR_SUCCESS; - } - else { + } else { nss_SetError(ckrv); nss_SetError(NSS_ERROR_PKCS11); if (statusOpt) @@ -463,16 +453,14 @@ nssToken_ImportCertificate( } if (certType == NSSCertificateType_PKIX) { cert_type = CKC_X_509; - } - else { + } else { return (nssCryptokiObject *)NULL; } NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize); if (asTokenObject) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); searchType = nssTokenSearchType_TokenOnly; - } - else { + } else { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); searchType = nssTokenSearchType_SessionOnly; } @@ -546,8 +534,7 @@ nssToken_ImportCertificate( } nssSession_Destroy(session); nssSlot_Destroy(slot); - } - else { + } else { /* Import the certificate onto the token */ rvObject = import_object(tok, sessionOpt, cert_tmpl, ctsize); } @@ -582,9 +569,8 @@ nssToken_FindObjects( /* Set the search to token/session only if provided */ if (searchType == nssTokenSearchType_SessionOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } - else if (searchType == nssTokenSearchType_TokenOnly || - searchType == nssTokenSearchType_TokenForced) { + } else if (searchType == nssTokenSearchType_TokenOnly || + searchType == nssTokenSearchType_TokenForced) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, objclass); @@ -594,8 +580,7 @@ nssToken_FindObjects( objects = find_objects(token, sessionOpt, obj_template, obj_size, maximumOpt, statusOpt); - } - else { + } else { objects = find_objects_by_template(token, sessionOpt, obj_template, obj_size, maximumOpt, statusOpt); @@ -620,8 +605,7 @@ nssToken_FindCertificatesBySubject( /* Set the search to token/session only if provided */ if (searchType == nssTokenSearchType_SessionOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } - else if (searchType == nssTokenSearchType_TokenOnly) { + } else if (searchType == nssTokenSearchType_TokenOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); @@ -652,8 +636,7 @@ nssToken_FindCertificatesByNickname( /* Set the search to token/session only if provided */ if (searchType == nssTokenSearchType_SessionOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } - else if (searchType == nssTokenSearchType_TokenOnly) { + } else if (searchType == nssTokenSearchType_TokenOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); @@ -701,8 +684,7 @@ nssToken_FindCertificatesByEmail( /* Set the search to token/session only if provided */ if (searchType == nssTokenSearchType_SessionOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } - else if (searchType == nssTokenSearchType_TokenOnly) { + } else if (searchType == nssTokenSearchType_TokenOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); @@ -744,8 +726,7 @@ nssToken_FindCertificatesByID( /* Set the search to token/session only if provided */ if (searchType == nssTokenSearchType_SessionOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } - else if (searchType == nssTokenSearchType_TokenOnly) { + } else if (searchType == nssTokenSearchType_TokenOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); @@ -825,9 +806,8 @@ nssToken_FindCertificateByIssuerAndSerialNumber( /* Set the search to token/session only if provided */ if (searchType == nssTokenSearchType_SessionOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } - else if ((searchType == nssTokenSearchType_TokenOnly) || - (searchType == nssTokenSearchType_TokenForced)) { + } else if ((searchType == nssTokenSearchType_TokenOnly) || + (searchType == nssTokenSearchType_TokenForced)) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } /* Set the unique id */ @@ -841,8 +821,7 @@ nssToken_FindCertificateByIssuerAndSerialNumber( objects = find_objects(token, sessionOpt, cert_template, ctsize, 1, statusOpt); - } - else { + } else { objects = find_objects_by_template(token, sessionOpt, cert_template, ctsize, 1, statusOpt); @@ -869,8 +848,7 @@ nssToken_FindCertificateByIssuerAndSerialNumber( objects = find_objects(token, sessionOpt, cert_template, ctsize, 1, statusOpt); - } - else { + } else { objects = find_objects_by_template(token, sessionOpt, cert_template, ctsize, 1, statusOpt); @@ -900,8 +878,7 @@ nssToken_FindCertificateByEncodedCertificate( /* Set the search to token/session only if provided */ if (searchType == nssTokenSearchType_SessionOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } - else if (searchType == nssTokenSearchType_TokenOnly) { + } else if (searchType == nssTokenSearchType_TokenOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); @@ -935,8 +912,7 @@ nssToken_FindPrivateKeys( NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_privkey); if (searchType == nssTokenSearchType_SessionOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } - else if (searchType == nssTokenSearchType_TokenOnly) { + } else if (searchType == nssTokenSearchType_TokenOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize); @@ -1094,8 +1070,7 @@ nssToken_ImportTrust( NSS_CK_TEMPLATE_START(trust_tmpl, attr, tsize); if (asTokenObject) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); - } - else { + } else { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); } NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, tobjc); @@ -1111,8 +1086,7 @@ nssToken_ImportTrust( if (stepUpApproved) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED, &g_ck_true); - } - else { + } else { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED, &g_ck_false); } @@ -1185,8 +1159,7 @@ nssToken_ImportCRL( NSS_CK_TEMPLATE_START(crl_tmpl, attr, crlsize); if (asTokenObject) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); - } - else { + } else { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); } NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, crlobjc); @@ -1195,8 +1168,7 @@ nssToken_ImportCRL( NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_URL, url); if (isKRL) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_true); - } - else { + } else { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_false); } NSS_CK_TEMPLATE_FINISH(crl_tmpl, attr, crlsize); @@ -1235,9 +1207,8 @@ nssToken_FindCRLsBySubject( NSS_CK_TEMPLATE_START(crlobj_template, attr, crlobj_size); if (searchType == nssTokenSearchType_SessionOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } - else if (searchType == nssTokenSearchType_TokenOnly || - searchType == nssTokenSearchType_TokenForced) { + } else if (searchType == nssTokenSearchType_TokenOnly || + searchType == nssTokenSearchType_TokenForced) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, crlobjc); @@ -1488,9 +1459,8 @@ nssToken_TraverseCertificates( NSS_CK_TEMPLATE_START(cert_template, attr, ctsize); if (searchType == nssTokenSearchType_SessionOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } - else if (searchType == nssTokenSearchType_TokenOnly || - searchType == nssTokenSearchType_TokenForced) { + } else if (searchType == nssTokenSearchType_TokenOnly || + searchType == nssTokenSearchType_TokenForced) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); diff --git a/security/nss/lib/dev/devutil.c b/security/nss/lib/dev/devutil.c index 980aa28522b9..b8f82c810b95 100644 --- a/security/nss/lib/dev/devutil.c +++ b/security/nss/lib/dev/devutil.c @@ -173,7 +173,7 @@ nssCryptokiObjectArray_Destroy( /* object cache for token */ typedef struct - { +{ NSSArena *arena; nssCryptokiObject *object; CK_ATTRIBUTE_PTR attributes; @@ -315,8 +315,7 @@ create_object_array( *doObjects = PR_FALSE; *status = PR_FAILURE; *numObjects = 0; - } - else { + } else { rvOandA = nss_ZNEWARRAY(NULL, nssCryptokiObjectAndAttributes *, *numObjects + 1); @@ -437,16 +436,14 @@ search_for_objects( /* Either no state change, or went from !logged in -> logged in */ cache->loggedIn = PR_TRUE; doSearch = PR_TRUE; - } - else { + } else { if (cache->loggedIn) { /* went from logged in -> !logged in, destroy cached objects */ clear_cache(cache); cache->loggedIn = PR_FALSE; } /* else no state change, still not logged in, so exit */ } - } - else { + } else { /* slot is friendly, thus always available for search */ doSearch = PR_TRUE; } @@ -578,8 +575,7 @@ get_token_objects_for_cache( } if (status == PR_SUCCESS) { nss_ZFreeIf(objects); - } - else { + } else { PRUint32 j; for (j = 0; j < i; j++) { /* sigh */ @@ -824,8 +820,7 @@ nssTokenObjectCache_GetObjectAttributes( atemplate[i].ulValueLen < attr->ulValueLen) { goto loser; } - } - else { + } else { atemplate[i].pValue = nss_ZAlloc(arena, attr->ulValueLen); if (!atemplate[i].pValue) { goto loser; @@ -906,15 +901,13 @@ nssTokenObjectCache_ImportObject( (*oa)->object->token = NULL; nssCryptokiObject_Destroy((*oa)->object); nssArena_Destroy((*oa)->arena); - } - else { + } else { /* Create space for a new entry */ if (count > 0) { *otype = nss_ZREALLOCARRAY(*otype, nssCryptokiObjectAndAttributes *, count + 2); - } - else { + } else { *otype = nss_ZNEWARRAY(NULL, nssCryptokiObjectAndAttributes *, 2); } } @@ -922,8 +915,7 @@ nssTokenObjectCache_ImportObject( nssCryptokiObject *copyObject = nssCryptokiObject_Clone(object); (*otype)[count] = create_object_of_type(copyObject, objectType, &status); - } - else { + } else { status = PR_FAILURE; } PZ_Unlock(cache->lock); diff --git a/security/nss/lib/ssl/authcert.c b/security/nss/lib/ssl/authcert.c index 85bbe8bbbdc0..88c7c084ae4d 100644 --- a/security/nss/lib/ssl/authcert.c +++ b/security/nss/lib/ssl/authcert.c @@ -45,13 +45,11 @@ NSS_GetClientAuthData(void *arg, privkey = PK11_FindKeyByAnyCert(cert, proto_win); if (privkey) { rv = SECSuccess; - } - else { + } else { CERT_DestroyCertificate(cert); } } - } - else { /* no name given, automatically find the right cert. */ + } else { /* no name given, automatically find the right cert. */ CERTCertNicknames *names; int i; diff --git a/security/nss/lib/ssl/cmpcert.c b/security/nss/lib/ssl/cmpcert.c index 168a6983cfc9..e6edbee83e11 100644 --- a/security/nss/lib/ssl/cmpcert.c +++ b/security/nss/lib/ssl/cmpcert.c @@ -52,8 +52,7 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames) if (rv == SECSuccess) { compatIssuerName.data = &issuerName.data[headerlen]; compatIssuerName.len = issuerName.len - headerlen; - } - else { + } else { compatIssuerName.data = NULL; compatIssuerName.len = 0; } @@ -64,8 +63,7 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames) rv = SECSuccess; CERT_DestroyCertificate(curcert); goto done; - } - else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) { + } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) { rv = SECSuccess; CERT_DestroyCertificate(curcert); goto done; @@ -79,8 +77,7 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames) &curcert->derIssuer); CERT_DestroyCertificate(oldcert); depth++; - } - else { + } else { CERT_DestroyCertificate(curcert); curcert = NULL; } diff --git a/security/nss/lib/ssl/derive.c b/security/nss/lib/ssl/derive.c index d325470515e6..026dbd2e029c 100644 --- a/security/nss/lib/ssl/derive.c +++ b/security/nss/lib/ssl/derive.c @@ -160,8 +160,7 @@ ssl3_KeyAndMacDeriveBypass( if (isTLS12) { status = TLS_P_hash(HASH_AlgSHA256, &pwSpec->msItem, "key expansion", &srcr, &keyblk, isFIPS); - } - else { + } else { status = TLS_PRF(&pwSpec->msItem, "key expansion", &srcr, &keyblk, isFIPS); } @@ -169,8 +168,7 @@ ssl3_KeyAndMacDeriveBypass( goto key_and_mac_derive_fail; } block_bytes = keyblk.len; - } - else { + } else { /* key_block = * MD5(master_secret + SHA('A' + master_secret + * ServerHello.random + ClientHello.random)) + @@ -215,41 +213,40 @@ ssl3_KeyAndMacDeriveBypass( * The key_block is partitioned as follows: * client_write_MAC_secret[CipherSpec.hash_size] */ - buildSSLKey(&key_block[i], macSize, &pwSpec->client.write_mac_key_item, \ + buildSSLKey(&key_block[i], macSize, &pwSpec->client.write_mac_key_item, "Client Write MAC Secret"); i += macSize; /* * server_write_MAC_secret[CipherSpec.hash_size] */ - buildSSLKey(&key_block[i], macSize, &pwSpec->server.write_mac_key_item, \ + buildSSLKey(&key_block[i], macSize, &pwSpec->server.write_mac_key_item, "Server Write MAC Secret"); i += macSize; if (!keySize) { /* only MACing */ - buildSSLKey(NULL, 0, &pwSpec->client.write_key_item, \ + buildSSLKey(NULL, 0, &pwSpec->client.write_key_item, "Client Write Key (MAC only)"); - buildSSLKey(NULL, 0, &pwSpec->server.write_key_item, \ + buildSSLKey(NULL, 0, &pwSpec->server.write_key_item, "Server Write Key (MAC only)"); - buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item, \ + buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item, "Client Write IV (MAC only)"); - buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item, \ + buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item, "Server Write IV (MAC only)"); - } - else if (!isExport) { + } else if (!isExport) { /* ** Generate Domestic write keys and IVs. ** client_write_key[CipherSpec.key_material] */ - buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item, \ + buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item, "Domestic Client Write Key"); i += keySize; /* ** server_write_key[CipherSpec.key_material] */ - buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item, \ + buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item, "Domestic Server Write Key"); i += keySize; @@ -257,34 +254,32 @@ ssl3_KeyAndMacDeriveBypass( if (explicitIV) { static unsigned char zero_block[32]; PORT_Assert(IVSize <= sizeof zero_block); - buildSSLKey(&zero_block[0], IVSize, \ - &pwSpec->client.write_iv_item, \ + buildSSLKey(&zero_block[0], IVSize, + &pwSpec->client.write_iv_item, "Domestic Client Write IV"); - buildSSLKey(&zero_block[0], IVSize, \ - &pwSpec->server.write_iv_item, \ + buildSSLKey(&zero_block[0], IVSize, + &pwSpec->server.write_iv_item, "Domestic Server Write IV"); - } - else { + } else { /* ** client_write_IV[CipherSpec.IV_size] */ - buildSSLKey(&key_block[i], IVSize, \ - &pwSpec->client.write_iv_item, \ + buildSSLKey(&key_block[i], IVSize, + &pwSpec->client.write_iv_item, "Domestic Client Write IV"); i += IVSize; /* ** server_write_IV[CipherSpec.IV_size] */ - buildSSLKey(&key_block[i], IVSize, \ - &pwSpec->server.write_iv_item, \ + buildSSLKey(&key_block[i], IVSize, + &pwSpec->server.write_iv_item, "Domestic Server Write IV"); i += IVSize; } } PORT_Assert(i <= block_bytes); - } - else if (!isTLS) { + } else if (!isTLS) { /* ** Generate SSL3 Export write keys and IVs. */ @@ -300,7 +295,7 @@ ssl3_KeyAndMacDeriveBypass( MD5_Update(md5Ctx, crsr.data, crsr.len); MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH); i += effKeySize; - buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \ + buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, "SSL3 Export Client Write Key"); key_block2 += keySize; @@ -314,7 +309,7 @@ ssl3_KeyAndMacDeriveBypass( MD5_Update(md5Ctx, srcr.data, srcr.len); MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH); i += effKeySize; - buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \ + buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, "SSL3 Export Server Write Key"); key_block2 += keySize; PORT_Assert(i <= block_bytes); @@ -327,7 +322,7 @@ ssl3_KeyAndMacDeriveBypass( MD5_Begin(md5Ctx); MD5_Update(md5Ctx, crsr.data, crsr.len); MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH); - buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item, \ + buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item, "SSL3 Export Client Write IV"); key_block2 += IVSize; @@ -338,14 +333,13 @@ ssl3_KeyAndMacDeriveBypass( MD5_Begin(md5Ctx); MD5_Update(md5Ctx, srcr.data, srcr.len); MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH); - buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item, \ + buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item, "SSL3 Export Server Write IV"); key_block2 += IVSize; } PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block); - } - else { + } else { /* ** Generate TLS Export write keys and IVs. */ @@ -369,7 +363,7 @@ ssl3_KeyAndMacDeriveBypass( if (status != SECSuccess) { goto key_and_mac_derive_fail; } - buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \ + buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, "TLS Export Client Write Key"); key_block2 += keySize; @@ -388,7 +382,7 @@ ssl3_KeyAndMacDeriveBypass( if (status != SECSuccess) { goto key_and_mac_derive_fail; } - buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \ + buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, "TLS Export Server Write Key"); key_block2 += keySize; @@ -406,11 +400,11 @@ ssl3_KeyAndMacDeriveBypass( if (status != SECSuccess) { goto key_and_mac_derive_fail; } - buildSSLKey(key_block2, IVSize, \ - &pwSpec->client.write_iv_item, \ + buildSSLKey(key_block2, IVSize, + &pwSpec->client.write_iv_item, "TLS Export Client Write IV"); - buildSSLKey(key_block2 + IVSize, IVSize, \ - &pwSpec->server.write_iv_item, \ + buildSSLKey(key_block2 + IVSize, IVSize, + &pwSpec->server.write_iv_item, "TLS Export Server Write IV"); key_block2 += 2 * IVSize; } @@ -485,15 +479,13 @@ ssl3_MasterSecretDeriveBypass( if (isTLS12) { rv = TLS_P_hash(HASH_AlgSHA256, pms, "master secret", &crsr, &master, isFIPS); - } - else { + } else { rv = TLS_PRF(pms, "master secret", &crsr, &master, isFIPS); } if (rv != SECSuccess) { PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); } - } - else { + } else { int i; unsigned int made = 0; for (i = 0; i < 3; i++) { @@ -552,8 +544,7 @@ ssl_canExtractMS(PK11SymKey *pms, PRBool isTLS, PRBool isDH, PRBool *pcbp) master_derive = CKM_TLS_MASTER_KEY_DERIVE; key_derive = CKM_TLS_KEY_AND_MAC_DERIVE; keyFlags = CKF_SIGN | CKF_VERIFY; - } - else { + } else { if (isDH) master_derive = CKM_SSL3_MASTER_KEY_DERIVE_DH; else @@ -689,8 +680,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, if (protocolmask & SSL_CBP_SSL3) { isTLS = PR_FALSE; protocolmask ^= SSL_CBP_SSL3; - } - else { + } else { isTLS = PR_TRUE; protocolmask ^= SSL_CBP_TLS1_0; } @@ -700,8 +690,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, *pcanbypass = PR_FALSE; rv = SECSuccess; break; - } - else + } else testrsa = PR_TRUE; } for (; privKeytype == rsaKey && testrsa;) { @@ -781,8 +770,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, if (privKeytype == ecKey && testecdhe) { /* TLS_ECDHE_ECDSA */ pecParams = &srvPubkey->u.ec.DEREncodedParams; - } - else if (privKeytype == rsaKey && testecdhe) { + } else if (privKeytype == rsaKey && testecdhe) { /* TLS_ECDHE_RSA */ ECName ec_curve; int serverKeyStrengthInBits; @@ -830,8 +818,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, rv = SECFailure; break; } - } - else { + } else { /* TLS_ECDH_ECDSA */ keapub = srvPubkey; keapriv = srvPrivkey; diff --git a/security/nss/lib/ssl/dtlscon.c b/security/nss/lib/ssl/dtlscon.c index 5044c7c805f7..35d995e91756 100644 --- a/security/nss/lib/ssl/dtlscon.c +++ b/security/nss/lib/ssl/dtlscon.c @@ -287,16 +287,14 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) /* Do not attempt to process rest of messages in this record */ break; } - } - else { + } else { if (message_seq < ss->ssl3.hs.recvMessageSeq) { /* Case 3: we do an immediate retransmit if we're * in a waiting state*/ if (ss->ssl3.hs.rtTimerCb == NULL) { /* Ignore */ - } - else if (ss->ssl3.hs.rtTimerCb == - dtls_RetransmitTimerExpiredCb) { + } else if (ss->ssl3.hs.rtTimerCb == + dtls_RetransmitTimerExpiredCb) { SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected", SSL_GETPID(), ss->fd)); /* Check to see if we retransmitted recently. If so, @@ -316,16 +314,14 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) dtls_RetransmitTimerExpiredCb(ss); rv = SECSuccess; break; - } - else { + } else { SSL_TRC(30, ("%d: SSL3[%d]: We just retransmitted. Ignoring.", SSL_GETPID(), ss->fd)); rv = SECSuccess; break; } - } - else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) { + } else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) { /* Retransmit the messages and re-arm the timer * Note that we are not backing off the timer here. * The spec isn't clear and my reasoning is that this @@ -340,8 +336,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) return rv; break; } - } - else if (message_seq > ss->ssl3.hs.recvMessageSeq) { + } else if (message_seq > ss->ssl3.hs.recvMessageSeq) { /* Case 2 * * Ignore this message. This means we don't handle out of @@ -350,8 +345,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) * * XXX OK for now. Maybe do something smarter at some point? */ - } - else { + } else { /* Case 1 * * Buffer the fragment for reassembly @@ -410,8 +404,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) * fragment */ ss->ssl3.hs.recvdHighWater = fragment_offset + fragment_length; - } - else { + } else { for (offset = fragment_offset; offset < fragment_offset + fragment_length; offset++) { @@ -429,8 +422,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) if (ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] & OFFSET_MASK(offset)) { ss->ssl3.hs.recvdHighWater++; - } - else { + } else { break; } } @@ -491,8 +483,7 @@ dtls_QueueMessage(sslSocket *ss, SSL3ContentType type, if (!msg) { PORT_SetError(SEC_ERROR_NO_MEMORY); rv = SECFailure; - } - else { + } else { PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight); } @@ -659,8 +650,7 @@ dtls_TransmitMessageFlight(sslSocket *ss) } room_left = ss->ssl3.mtu - ss->pendingBuf.len; - } - else { + } else { /* The message will not fit, so fragment. * * XXX OK for now. Arrange to coalesce the last fragment @@ -825,8 +815,7 @@ dtls_CompressMACEncryptRecord(sslSocket *ss, cwSpec = ss->ssl3.pwSpec; else cwSpec = NULL; - } - else { + } else { cwSpec = ss->ssl3.cwSpec; } @@ -835,12 +824,10 @@ dtls_CompressMACEncryptRecord(sslSocket *ss, rv = ssl3_CompressMACEncryptRecord(cwSpec, ss->sec.isServer, PR_TRUE, PR_FALSE, type, pIn, contentLen, wrBuf); - } - else { + } else { rv = tls13_ProtectRecord(ss, type, pIn, contentLen, wrBuf); } - } - else { + } else { PR_NOT_REACHED("Couldn't find a cipher spec matching epoch"); PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); } @@ -1160,8 +1147,7 @@ DTLS_GetHandshakeTimeout(PRFileDesc *socket, PRIntervalTime *timeout) if (elapsed > desired) { /* Timer expired */ *timeout = PR_INTERVAL_NO_WAIT; - } - else { + } else { *timeout = desired - elapsed; } diff --git a/security/nss/lib/ssl/os2_err.c b/security/nss/lib/ssl/os2_err.c index ae566f687a70..6e3d423f49a3 100644 --- a/security/nss/lib/ssl/os2_err.c +++ b/security/nss/lib/ssl/os2_err.c @@ -148,7 +148,7 @@ nss_MD_os2_map_send_error(PRInt32 err) { PRErrorCode prError; switch (err) { - // case WSAEMSGSIZE: prError = PR_INVALID_ARGUMENT_ERROR; break; + // case WSAEMSGSIZE: prError = PR_INVALID_ARGUMENT_ERROR; break; default: nss_MD_os2_map_default_error(err); return; diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index c40fc71224d0..aa9fef507af2 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -95,10 +95,16 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { /* cipher_suite policy enabled isPresent */ #ifndef NSS_DISABLE_ECC - { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +#ifdef __arm__ { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +#endif /* __arm__ */ + { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +#ifndef __arm__ + { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +#endif /* __arm__ */ /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around * bug 946147. */ @@ -114,8 +120,13 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, #endif /* NSS_DISABLE_ECC */ - { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +#ifdef __arm__ { TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE, PR_FALSE}, +#endif /* __arm__ */ + { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +#ifndef __arm__ + { TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE, PR_FALSE}, +#endif /* __arm__ */ { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -681,8 +692,7 @@ SSL_AtomicIncrementLong(long *x) { if ((sizeof *x) == sizeof(PRInt32)) { PR_ATOMIC_INCREMENT((PRInt32 *)x); - } - else { + } else { tooLong *tl = (tooLong *)x; if (PR_ATOMIC_INCREMENT(&tl->low) == 0) PR_ATOMIC_INCREMENT(&tl->high); @@ -1031,8 +1041,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, if (hash->hashAlg == ssl_hash_none) { hashItem.data = hash->u.s.sha; hashItem.len = sizeof(hash->u.s.sha); - } - else { + } else { hashItem.data = hash->u.raw; hashItem.len = hash->len; } @@ -1045,8 +1054,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, if (hash->hashAlg == ssl_hash_none) { hashItem.data = hash->u.s.sha; hashItem.len = sizeof(hash->u.s.sha); - } - else { + } else { hashItem.data = hash->u.raw; hashItem.len = hash->len; } @@ -1071,15 +1079,13 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, goto done; /* error code was set. */ rv = PK11_Sign(key, buf, &hashItem); - } - else { + } else { SECOidTag hashOID = ssl3_TLSHashAlgorithmToOID(hash->hashAlg); rv = SGN_Digest(key, hashOID, buf, &hashItem); } if (rv != SECSuccess) { ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); - } - else if (doDerEncode) { + } else if (doDerEncode) { SECItem derSig = { siBuffer, NULL, 0 }; /* This also works for an ECDSA signature */ @@ -1087,8 +1093,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, if (rv == SECSuccess) { PORT_Free(buf->data); /* discard unencoded signature. */ *buf = derSig; /* give caller encoded signature. */ - } - else if (derSig.data) { + } else if (derSig.data) { PORT_Free(derSig.data); } } @@ -1137,8 +1142,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, if (hash->hashAlg == ssl_hash_none) { hashItem.data = hash->u.s.sha; hashItem.len = sizeof(hash->u.s.sha); - } - else { + } else { hashItem.data = hash->u.raw; hashItem.len = hash->len; } @@ -1166,8 +1170,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, hashAlg = SEC_OID_SHA1; hashItem.data = hash->u.s.sha; hashItem.len = sizeof(hash->u.s.sha); - } - else { + } else { hashItem.data = hash->u.raw; hashItem.len = hash->len; } @@ -1190,8 +1193,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, * present. Thus DSA signatures are always verified with PK11_Verify. */ rv = PK11_Verify(key, buf, &hashItem, pwArg); - } - else { + } else { rv = VFY_VerifyDigestDirect(&hashItem, key, buf, encAlg, hashAlg, pwArg); } @@ -1226,29 +1228,23 @@ ssl3_ComputeCommonKeyHash(SSLHashType hashAlg, MD5_HashBuf(hashes->u.s.md5, hashBuf, bufLen); SHA1_HashBuf(hashes->u.s.sha, hashBuf, bufLen); hashes->len = MD5_LENGTH + SHA1_LENGTH; - } - else if (hashAlg == ssl_hash_sha1) { + } else if (hashAlg == ssl_hash_sha1) { SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen); hashes->len = SHA1_LENGTH; - } - else if (hashAlg == ssl_hash_sha256) { + } else if (hashAlg == ssl_hash_sha256) { SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen); hashes->len = SHA256_LENGTH; - } - else if (hashAlg == ssl_hash_sha384) { + } else if (hashAlg == ssl_hash_sha384) { SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen); hashes->len = SHA384_LENGTH; - } - else if (hashAlg == ssl_hash_sha512) { + } else if (hashAlg == ssl_hash_sha512) { SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen); hashes->len = SHA512_LENGTH; - } - else { + } else { PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); return SECFailure; } - } - else + } else #endif { if (hashAlg == ssl_hash_none) { @@ -1263,8 +1259,7 @@ ssl3_ComputeCommonKeyHash(SSLHashType hashAlg, return rv; } hashes->len = MD5_LENGTH + SHA1_LENGTH; - } - else { + } else { hashOID = ssl3_TLSHashAlgorithmToOID(hashAlg); hashes->len = HASH_ResultLenByOidTag(hashOID); if (hashes->len == 0 || hashes->len > sizeof(hashes->u.raw)) { @@ -1301,8 +1296,7 @@ ssl3_ComputeExportRSAKeyHash(SSLHashType hashAlg, bufLen = 2 * SSL3_RANDOM_LENGTH + 2 + modulus.len + 2 + publicExponent.len; if (bufLen <= sizeof buf) { hashBuf = buf; - } - else { + } else { hashBuf = PORT_Alloc(bufLen); if (!hashBuf) { return SECFailure; @@ -1334,8 +1328,7 @@ ssl3_ComputeExportRSAKeyHash(SSLHashType hashAlg, hashes->u.s.md5, MD5_LENGTH)); PRINT_BUF(95, (NULL, "RSAkey hash: SHA1 result", hashes->u.s.sha, SHA1_LENGTH)); - } - else { + } else { PRINT_BUF(95, (NULL, "RSAkey hash: result", hashes->u.raw, hashes->len)); } @@ -1362,8 +1355,7 @@ ssl3_ComputeDHKeyHash(SSLHashType hashAlg, bufLen = 2 * SSL3_RANDOM_LENGTH + 2 + dh_p.len + 2 + dh_g.len + 2 + dh_Ys.len; if (bufLen <= sizeof buf) { hashBuf = buf; - } - else { + } else { hashBuf = PORT_Alloc(bufLen); if (!hashBuf) { return SECFailure; @@ -1400,8 +1392,7 @@ ssl3_ComputeDHKeyHash(SSLHashType hashAlg, hashes->u.s.md5, MD5_LENGTH)); PRINT_BUF(95, (NULL, "DHkey hash: SHA1 result", hashes->u.s.sha, SHA1_LENGTH)); - } - else { + } else { PRINT_BUF(95, (NULL, "DHkey hash: result", hashes->u.raw, hashes->len)); } @@ -1954,8 +1945,7 @@ ssl3_BuildRecordPseudoHeader(unsigned char *out, dtls_version = dtls_TLSVersionToDTLSVersion(version); out[9] = MSB(dtls_version); out[10] = LSB(dtls_version); - } - else { + } else { out[9] = MSB(version); out[10] = LSB(version); } @@ -1993,8 +1983,7 @@ ssl3_AESGCM(ssl3KeyMaterial *keys, in += explicitNonceLen; inlen -= explicitNonceLen; *outlen = 0; - } - else { + } else { if (maxout < explicitNonceLen) { PORT_SetError(SEC_ERROR_INPUT_LEN); return SECFailure; @@ -2019,8 +2008,7 @@ ssl3_AESGCM(ssl3KeyMaterial *keys, if (doDecrypt) { rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, maxout, in, inlen); - } - else { + } else { rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, maxout, in, inlen); } @@ -2064,8 +2052,7 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys, in += explicitNonceLen; inlen -= explicitNonceLen; *outlen = 0; - } - else { + } else { if (maxout < explicitNonceLen) { PORT_SetError(SEC_ERROR_INPUT_LEN); return SECFailure; @@ -2094,8 +2081,7 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys, } if (doDecrypt) { rv = AES_Decrypt(cx, out, &uOutLen, maxout, in, inlen); - } - else { + } else { rv = AES_Encrypt(cx, out, &uOutLen, maxout, in, inlen); } AES_DestroyContext(cx, PR_FALSE); @@ -2145,8 +2131,7 @@ ssl3_ChaCha20Poly1305(ssl3KeyMaterial *keys, PRBool doDecrypt, if (doDecrypt) { rv = PK11_Decrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, ¶m, out, &uOutLen, maxout, in, inlen); - } - else { + } else { rv = PK11_Encrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, ¶m, out, &uOutLen, maxout, in, inlen); } @@ -2390,16 +2375,14 @@ ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms) if (rv == SECSuccess) { rv = ssl3_InitPendingContextsBypass(ss); } - } - else + } else #endif if (pwSpec->master_secret) { rv = ssl3_DeriveConnectionKeysPKCS11(ss); if (rv == SECSuccess) { rv = ssl3_InitPendingContextsPKCS11(ss); } - } - else { + } else { PORT_Assert(pwSpec->master_secret); PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); rv = SECFailure; @@ -2411,8 +2394,7 @@ ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms) /* Generic behaviors -- common to all crypto methods */ if (!IS_DTLS(ss)) { pwSpec->read_seq_num.high = pwSpec->write_seq_num.high = 0; - } - else { + } else { if (cwSpec->epoch == PR_UINT16_MAX) { /* The problem here is that we have rehandshaked too many * times (you are not allowed to wrap the epoch). The @@ -2557,15 +2539,13 @@ ssl3_ComputeRecordMAC( hashObj->update(write_mac_context, temp, tempLen); hashObj->end(write_mac_context, outbuf, outLength, spec->mac_size); rv = SECSuccess; - } - else { /* is TLS */ + } else { /* is TLS */ #define cx ((HMACContext *)write_mac_context) if (useServerMacKey) { rv = HMAC_Init(cx, hashObj, spec->server.write_mac_key_item.data, spec->server.write_mac_key_item.len, PR_FALSE); - } - else { + } else { rv = HMAC_Init(cx, hashObj, spec->client.write_mac_key_item.data, spec->client.write_mac_key_item.len, PR_FALSE); @@ -2579,8 +2559,7 @@ ssl3_ComputeRecordMAC( } #undef cx } - } - else + } else #endif { PK11Context *mac_context = @@ -2814,8 +2793,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec *cwSpec, PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE); return SECFailure; } - } - else { + } else { /* * Add the MAC */ @@ -2858,8 +2836,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec *cwSpec, if (p1Len < 256) { oddLen = p1Len; p1Len = 0; - } - else { + } else { p1Len -= oddLen; } if (oddLen) { @@ -2876,7 +2853,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec *cwSpec, &cipherBytesPart1, /* actual outlen */ p1Len, /* max outlen */ pIn, - p1Len); /* input, and inputlen */ + p1Len); /* input, and inputlen */ PORT_Assert(rv == SECSuccess && cipherBytesPart1 == (int)p1Len); if (rv != SECSuccess || cipherBytesPart1 != (int)p1Len) { PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE); @@ -2921,8 +2898,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec *cwSpec, wrBuf->buf[10] = (unsigned char)(cwSpec->write_seq_num.low >> 0); wrBuf->buf[11] = MSB(cipherBytes); wrBuf->buf[12] = LSB(cipherBytes); - } - else { + } else { SSL3ProtocolVersion version = cwSpec->version; if (capRecordVersion || version >= SSL_LIBRARY_VERSION_TLS_1_3) { @@ -3041,8 +3017,7 @@ ssl3_SendRecord(sslSocket *ss, * as explained in the documentation for SSL_CBC_RANDOM_IV in ssl.h */ numRecords = 2; - } - else { + } else { numRecords = 1; } @@ -3087,8 +3062,7 @@ ssl3_SendRecord(sslSocket *ss, secondRecord.buf, secondRecord.len)); wrBuf->len += secondRecord.len; } - } - else { + } else { if (!IS_DTLS(ss)) { if (ss->ssl3.cwSpec->version < SSL_LIBRARY_VERSION_TLS_1_3) { rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec, @@ -3097,13 +3071,11 @@ ssl3_SendRecord(sslSocket *ss, capRecordVersion, type, pIn, contentLen, wrBuf); - } - else { + } else { rv = tls13_ProtectRecord(ss, type, pIn, contentLen, wrBuf); } - } - else { + } else { /* TLS <= 1.2 and TLS 1.3 cases are both handled in * dtls_CompressMACEncryptRecord. */ rv = dtls_CompressMACEncryptRecord(ss, epoch, @@ -3154,8 +3126,7 @@ ssl3_SendRecord(sslSocket *ss, flags |= ssl_SEND_FLAG_FORCE_INTO_BUFFER; } } - } - else if (wrBuf->len > 0) { + } else if (wrBuf->len > 0) { PRInt32 sent; ss->handshakeBegun = 1; sent = ssl_DefSend(ss, wrBuf->buf, wrBuf->len, @@ -3301,8 +3272,7 @@ ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags) { if (IS_DTLS(ss)) { return dtls_FlushHandshakeMessages(ss, flags); - } - else { + } else { return ssl3_FlushHandshakeMessages(ss, flags); } } @@ -3332,8 +3302,7 @@ ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags) if ((flags & ~allowedFlags) != 0) { PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; - } - else { + } else { count = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf, ss->sec.ci.sendBuf.len, flags); } @@ -3344,14 +3313,12 @@ ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags) PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); } rv = SECFailure; - } - else if ((unsigned int)count < ss->sec.ci.sendBuf.len) { + } else if ((unsigned int)count < ss->sec.ci.sendBuf.len) { /* short write should never happen */ PORT_Assert((unsigned int)count >= ss->sec.ci.sendBuf.len); PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); rv = SECFailure; - } - else { + } else { rv = SECSuccess; } @@ -3741,8 +3708,7 @@ ssl3_SendChangeCipherSpecs(sslSocket *ss) if (sent < 0) { return (SECStatus)sent; /* error code set by ssl3_SendRecord */ } - } - else { + } else { rv = dtls_QueueMessage(ss, content_change_cipher_spec, &change, 1); if (rv != SECSuccess) { return rv; @@ -3766,8 +3732,7 @@ ssl3_SendChangeCipherSpecs(sslSocket *ss) if (ss->ssl3.prSpec == ss->ssl3.pwSpec) { if (!IS_DTLS(ss)) { ssl3_DestroyCipherSpec(ss->ssl3.pwSpec, PR_FALSE /*freeSrvName*/); - } - else { + } else { /* With DTLS, we need to set a holddown timer in case the final * message got lost */ ss->ssl3.hs.rtTimeoutMs = DTLS_FINISHED_TIMER_MS; @@ -3896,8 +3861,7 @@ ssl3_ComputeMasterSecretFinish(sslSocket *ss, if (msp) { *msp = ms; - } - else { + } else { PK11_FreeSymKey(ms); } @@ -3945,16 +3909,14 @@ ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms, master_derive = CKM_TLS12_MASTER_KEY_DERIVE; key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; keyFlags = CKF_SIGN | CKF_VERIFY; - } - else if (isTLS) { + } else if (isTLS) { if (isDH) master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH; else master_derive = CKM_TLS_MASTER_KEY_DERIVE; key_derive = CKM_TLS_KEY_AND_MAC_DERIVE; keyFlags = CKF_SIGN | CKF_VERIFY; - } - else { + } else { if (isDH) master_derive = CKM_SSL3_MASTER_KEY_DERIVE_DH; else @@ -3975,8 +3937,7 @@ ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms, if (isTLS12) { master_params.prfHashMechanism = CKM_SHA256; master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); - } - else { + } else { /* prfHashMechanism is not relevant with this PRF */ master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); } @@ -4026,8 +3987,7 @@ tls_ComputeExtendedMasterSecretInt(sslSocket *ss, PK11SymKey *pms, if (isDH) { master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH; - } - else { + } else { master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE; pms_version_ptr = &pms_version; } @@ -4036,8 +3996,7 @@ tls_ComputeExtendedMasterSecretInt(sslSocket *ss, PK11SymKey *pms, /* TLS 1.2 */ extended_master_params.prfHashMechanism = CKM_SHA256; key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; - } - else { + } else { /* TLS < 1.2 */ extended_master_params.prfHashMechanism = CKM_TLS_PRF; key_derive = CKM_TLS_KEY_AND_MAC_DERIVE; @@ -4069,8 +4028,7 @@ ssl3_ComputeMasterSecret(sslSocket *ss, PK11SymKey *pms, if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) { return tls_ComputeExtendedMasterSecretInt(ss, pms, msp); - } - else { + } else { return ssl3_ComputeMasterSecretInt(ss, pms, msp); } } @@ -4121,8 +4079,7 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) memcpy(pwSpec->raw_master_secret, keydata->data, keydata->len); pwSpec->msItem.data = pwSpec->raw_master_secret; pwSpec->msItem.len = keydata->len; - } - else { + } else { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } @@ -4223,12 +4180,10 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss) key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; key_material_params.prfHashMechanism = CKM_SHA256; key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS); - } - else if (isTLS) { + } else if (isTLS) { key_derive = CKM_TLS_KEY_AND_MAC_DERIVE; key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS); - } - else { + } else { key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE; key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS); } @@ -4309,14 +4264,12 @@ ssl3_InitHandshakeHashes(sslSocket *ss) ss->ssl3.hs.sha_clone = (void (*)(void *, void *))SHA256_Clone; ss->ssl3.hs.hashType = handshake_hash_single; ss->ssl3.hs.sha_obj->begin(ss->ssl3.hs.sha_cx); - } - else { + } else { ss->ssl3.hs.hashType = handshake_hash_combo; MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx); SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx); } - } - else + } else #endif { PORT_Assert(!ss->ssl3.hs.md5 && !ss->ssl3.hs.sha); @@ -4361,8 +4314,7 @@ ssl3_InitHandshakeHashes(sslSocket *ss) return SECFailure; } } - } - else { + } else { /* Both ss->ssl3.hs.md5 and ss->ssl3.hs.sha should be NULL or * created successfully. */ ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_MD5); @@ -4459,8 +4411,7 @@ ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b, if (ss->opt.bypassPKCS11) { if (ss->ssl3.hs.hashType == handshake_hash_single) { ss->ssl3.hs.sha_obj->update(ss->ssl3.hs.sha_cx, b, l); - } - else { + } else { MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l); SHA1_Update((SHA1Context *)ss->ssl3.hs.sha_cx, b, l); } @@ -4480,8 +4431,7 @@ ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b, return rv; } } - } - else { + } else { rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l); if (rv != SECSuccess) { ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); @@ -4996,8 +4946,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss, * then this will need to be updated. */ hashes->hashAlg = ssl_hash_sha256; rv = SECSuccess; - } - else if (ss->opt.bypassPKCS11) { + } else if (ss->opt.bypassPKCS11) { /* compute them without PKCS11 */ PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; @@ -5080,8 +5029,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss, rv = SECSuccess; #undef md5cx #undef shacx - } - else + } else #endif if (ss->ssl3.hs.hashType == handshake_hash_single) { /* compute hashes with PKCS11 */ @@ -5119,8 +5067,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss, PORT_ZFree(stateBuf, stateLen); } } - } - else { + } else { /* compute hashes with PKCS11 */ PK11Context *md5; PK11Context *sha = NULL; @@ -5425,8 +5372,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) } if (slot == NULL) { sidOK = PR_FALSE; - } - else { + } else { PK11SymKey *wrapKey = NULL; if (!PK11_IsPresent(slot) || ((wrapKey = PK11_GetWrapKey(slot, @@ -5470,12 +5416,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) if (sid->version >= ss->vrange.min && sid->version <= ss->clientHelloVersion) { ss->version = ss->clientHelloVersion; - } - else { + } else { sidOK = PR_FALSE; } - } - else { + } else { /* * Check sid->version is OK first. * Previously, we would cap the version based on sid->version, @@ -5485,8 +5429,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) if (sid->version < ss->vrange.min || sid->version > ss->vrange.max) { sidOK = PR_FALSE; - } - else { + } else { rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED, PR_TRUE); if (rv != SECSuccess) { @@ -5513,8 +5456,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) sid->u.ssl3.sessionIDLength)); ss->ssl3.policy = sid->u.ssl3.policy; - } - else { + } else { SSL_AtomicIncrementLong(&ssl3stats.sch_sid_cache_misses); /* @@ -5527,8 +5469,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) */ if (ss->firstHsDone) { ss->version = ss->clientHelloVersion; - } - else { + } else { rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED, PR_TRUE); if (rv != SECSuccess) @@ -5543,8 +5484,12 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) { rv = tls13_SetupClientHello(ss); - if (rv != SECSuccess) + if (rv != SECSuccess) { + if (sid) { + ssl_FreeSID(sid); + } return rv; + } } isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); @@ -5668,8 +5613,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length); total_exten_len += paddingExtensionLen; length += paddingExtensionLen; - } - else { + } else { paddingExtensionLen = 0; } @@ -5692,8 +5636,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) version = dtls_TLSVersionToDTLSVersion(ss->clientHelloVersion); rv = ssl3_AppendHandshakeNumber(ss, version, 2); - } - else { + } else { rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2); } if (rv != SECSuccess) { @@ -6465,8 +6408,7 @@ sendRSAClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey) } if (isTLS) { rv = ssl3_AppendHandshakeVariable(ss, enc_pms.data, enc_pms.len, 2); - } - else { + } else { rv = ssl3_AppendHandshake(ss, enc_pms.data, enc_pms.len); } if (rv != SECSuccess) { @@ -6610,8 +6552,7 @@ ssl3_SendClientKeyExchange(sslSocket *ss) ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE); return SECFailure; } - } - else { + } else { serverKey = ss->sec.peerKey; ss->sec.peerKey = NULL; /* we're done with it now */ } @@ -6704,19 +6645,16 @@ ssl3_SendCertificateVerify(sslSocket *ss, SECKEYPrivateKey *privKey) if (isTLS13) { /* rv is already set to SECFailure */ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - } - else { + } else { rv = ssl3_ComputeBackupHandshakeHashes(ss, &hashes); } - } - else { + } else { ssl3CipherSpec *spec; if (isTLS13) { /* In TLS 1.3, we are already encrypted. */ spec = ss->ssl3.cwSpec; - } - else { + } else { spec = ss->ssl3.pwSpec; } @@ -6984,8 +6922,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto alert_loser; } ss->ssl3.hs.compression = (SSLCompressionMethod)temp; - } - else { + } else { ss->ssl3.hs.compression = ssl_compression_null; } @@ -7004,8 +6941,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess || length != 0) { if (isTLS) goto alert_loser; - } - else { + } else { rv = ssl3_HandleHelloExtensions(ss, &extensions.data, &extensions.len, server_hello); if (rv != SECSuccess) @@ -7136,8 +7072,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) break; /* errorCode set just after call to UnwrapSymKey. */ } #ifndef NO_PKCS11_BYPASS - } - else if (ss->opt.bypassPKCS11) { + } else if (ss->opt.bypassPKCS11) { /* MS is not wrapped */ wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret; wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len; @@ -7145,8 +7080,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) pwSpec->msItem.data = pwSpec->raw_master_secret; pwSpec->msItem.len = wrappedMS.len; #endif - } - else { + } else { /* We CAN restart a bypass session in a non-bypass socket. */ /* need to import the raw master secret to session object */ PK11SlotInfo *slot = PK11_GetInternalSlot(); @@ -7230,13 +7164,11 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) goto alert_loser; TLS13_SET_HS_STATE(ss, wait_encrypted_extensions); - } - else if (ss->ssl3.hs.kea_def->signKeyType != ssl_sign_null) { + } else if (ss->ssl3.hs.kea_def->signKeyType != ssl_sign_null) { /* All current cipher suites other than those with ssl_sign_null (i.e., * (EC)DH_anon_* suites) require a certificate, so use that signal. */ ss->ssl3.hs.ws = wait_server_cert; - } - else { + } else { /* All the remaining cipher suites must be (EC)DH_anon_* and so * must be ephemeral. Note, if we ever add PSK this might * change. */ @@ -7563,8 +7495,7 @@ ssl3_ExtractClientKeyInfo(sslSocket *ss, */ if (pubk->keyType == rsaKey || pubk->keyType == dsaKey) { *preferSha1 = SECKEY_PublicKeyStrength(pubk) <= 128; - } - else { + } else { *preferSha1 = PR_FALSE; } @@ -7610,8 +7541,7 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, if (algorithms->data[i + 1] == sigAlg) { if (algorithms->data[i] == ssl_hash_sha1) { supportsSha1 = PR_TRUE; - } - else if (algorithms->data[i] == ssl_hash_sha256) { + } else if (algorithms->data[i] == ssl_hash_sha256) { supportsSha256 = PR_TRUE; } } @@ -7817,12 +7747,11 @@ ssl3_CompleteHandleCertificateRequest(sslSocket *ss, SECItem *algorithms, PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == ssl_preinfo_all); /* XXX Should pass cert_types and algorithms in this call!! */ - rv = (SECStatus) (*ss->getClientAuthData)(ss->getClientAuthDataArg, - ss->fd, ca_list, - &ss->ssl3.clientCertificate, - &ss->ssl3.clientPrivateKey); - } - else { + rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg, + ss->fd, ca_list, + &ss->ssl3.clientCertificate, + &ss->ssl3.clientPrivateKey); + } else { rv = SECFailure; /* force it to send a no_certificate alert */ } switch (rv) { @@ -7869,8 +7798,7 @@ ssl3_CompleteHandleCertificateRequest(sslSocket *ss, SECItem *algorithms, send_no_certificate: if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) { ss->ssl3.sendEmptyCert = PR_TRUE; - } - else { + } else { (void)SSL3_SendAlert(ss, alert_warning, no_certificate); } rv = SECSuccess; @@ -7890,8 +7818,7 @@ ssl3_CheckFalseStart(sslSocket *ss) if (!ss->canFalseStartCallback) { SSL_TRC(3, ("%d: SSL[%d]: no false start callback so no false start", SSL_GETPID(), ss->fd)); - } - else { + } else { PRBool maybeFalseStart; SECStatus rv; @@ -7906,8 +7833,7 @@ ssl3_CheckFalseStart(sslSocket *ss) if (!maybeFalseStart) { SSL_TRC(3, ("%d: SSL[%d]: no false start due to weak cipher", SSL_GETPID(), ss->fd)); - } - else { + } else { PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == ssl_preinfo_all); rv = (ss->canFalseStartCallback)(ss->fd, @@ -7916,11 +7842,9 @@ ssl3_CheckFalseStart(sslSocket *ss) if (rv == SECSuccess) { SSL_TRC(3, ("%d: SSL[%d]: false start callback returned %s", SSL_GETPID(), ss->fd, - ss->ssl3.hs.canFalseStart ? - "TRUE" + ss->ssl3.hs.canFalseStart ? "TRUE" : "FALSE")); - } - else { + } else { SSL_TRC(3, ("%d: SSL[%d]: false start callback failed (%s)", SSL_GETPID(), ss->fd, PR_ErrorToName(PR_GetError()))); @@ -8056,8 +7980,7 @@ ssl3_SendClientSecondRound(sslSocket *ss) if (rv != SECSuccess) { goto loser; /* error code is set. */ } - } - else if (sendClientCert) { + } else if (sendClientCert) { rv = ssl3_SendCertificate(ss); if (rv != SECSuccess) { goto loser; /* error code is set. */ @@ -8116,8 +8039,7 @@ ssl3_SendClientSecondRound(sslSocket *ss) if (rv != SECSuccess) { goto loser; } - } - else { + } else { /* The certificate authentication and the server's Finished * message are racing each other. If the certificate * authentication wins, then we will try to false start in @@ -8301,22 +8223,19 @@ ssl3_SendServerHelloSequence(sslSocket *ss) keyLen * BPB <= kea_def->key_size_limit) { /* XXX AND cert is not signing only!! */ /* just fall through and use it. */ - } - else if (ss->stepDownKeyPair != NULL) { + } else if (ss->stepDownKeyPair != NULL) { ss->ssl3.hs.usedStepDownKey = PR_TRUE; rv = ssl3_SendServerKeyExchange(ss); if (rv != SECSuccess) { return rv; /* err code was set. */ } - } - else { + } else { #ifndef HACKED_EXPORT_SERVER PORT_SetError(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED); return rv; #endif } - } - else if (kea_def->ephemeral) { + } else if (kea_def->ephemeral) { rv = ssl3_SendServerKeyExchange(ss); if (rv != SECSuccess) { return rv; /* err code was set. */ @@ -8450,8 +8369,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (IS_DTLS(ss)) { ss->clientHelloVersion = version = dtls_DTLSVersionToTLSVersion((SSL3ProtocolVersion)tmp); - } - else { + } else { ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp; } @@ -8641,14 +8559,12 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (ssl_sid_lookup) { sid = (*ssl_sid_lookup)(&ss->sec.ci.peer, sidBytes.data, sidBytes.len, ss->dbHandle); - } - else { + } else { errCode = SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED; goto loser; } } - } - else if (ss->statelessResume) { + } else if (ss->statelessResume) { /* Fill in the client's session ID if doing a stateless resume. * (When doing stateless resumes, server echos client's SessionID.) */ @@ -8660,8 +8576,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len); sid->u.ssl3.sessionIDLength = sidBytes.len; - } - else { + } else { sid->u.ssl3.sessionIDLength = 0; } ss->sec.ci.sid = NULL; @@ -8895,8 +8810,7 @@ compression_found: if (!sid->u.ssl3.keys.extendedMasterSecretUsed) { break; /* not an error */ } - } - else { + } else { if (sid->u.ssl3.keys.extendedMasterSecretUsed) { /* Note: we do not destroy the session */ desc = handshake_failure; @@ -8957,16 +8871,14 @@ compression_found: break; /* not an error */ } #ifndef NO_PKCS11_BYPASS - } - else if (ss->opt.bypassPKCS11) { + } else if (ss->opt.bypassPKCS11) { wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret; wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len; memcpy(pwSpec->raw_master_secret, wrappedMS.data, wrappedMS.len); pwSpec->msItem.data = pwSpec->raw_master_secret; pwSpec->msItem.len = wrappedMS.len; #endif - } - else { + } else { /* We CAN restart a bypass session in a non-bypass socket. */ /* need to import the raw master secret to session object */ PK11SlotInfo *slot; @@ -9102,10 +9014,10 @@ compression_found: /* If extension is negotiated, the len of names should > 0. */ if (ss->xtnData.sniNameArrSize) { /* Calling client callback to reconfigure the socket. */ - ret = (SECStatus) (*ss->sniSocketConfig)(ss->fd, - ss->xtnData.sniNameArr, - ss->xtnData.sniNameArrSize, - ss->sniSocketConfigArg); + ret = (SECStatus)(*ss->sniSocketConfig)(ss->fd, + ss->xtnData.sniNameArr, + ss->xtnData.sniNameArrSize, + ss->sniSocketConfigArg); } if (ret <= SSL_SNI_SEND_ALERT) { /* Application does not know the name or was not able to @@ -9113,8 +9025,7 @@ compression_found: errCode = SSL_ERROR_UNRECOGNIZED_NAME_ALERT; desc = unrecognized_name; break; - } - else if (ret == SSL_SNI_CURRENT_CONFIG_IS_USED) { + } else if (ret == SSL_SNI_CURRENT_CONFIG_IS_USED) { SECStatus rv = SECSuccess; SECItem *cwsName, *pwsName; @@ -9146,8 +9057,7 @@ compression_found: ret = SSL_SNI_SEND_ALERT; break; } - } - else if ((unsigned int)ret < ss->xtnData.sniNameArrSize) { + } else if ((unsigned int)ret < ss->xtnData.sniNameArrSize) { /* Application has configured new socket info. Lets check it * and save the name. */ SECStatus rv; @@ -9196,8 +9106,7 @@ compression_found: */ ssl3_RegisterServerHelloExtensionSender(ss, ssl_server_name_xtn, ssl3_SendServerNameXtn); - } - else { + } else { /* Callback returned index outside of the boundary. */ PORT_Assert((unsigned int)ret < ss->xtnData.sniNameArrSize); errCode = SSL_ERROR_INTERNAL_ERROR_ALERT; @@ -9263,8 +9172,7 @@ compression_found: ssl_GetXmitBufLock(ss); if (isTLS13) { rv = tls13_SendServerHelloSequence(ss); - } - else { + } else { rv = ssl3_SendServerHelloSequence(ss); } ssl_ReleaseXmitBufLock(ss); @@ -9543,8 +9451,7 @@ ssl3_SendServerHello(sslSocket *ss) PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); return SECFailure; } - } - else { + } else { PORT_Assert(MSB(ss->version) == MSB(SSL_LIBRARY_VERSION_DTLS_1_0)); if (MSB(ss->version) != MSB(SSL_LIBRARY_VERSION_DTLS_1_0)) { @@ -9579,8 +9486,7 @@ ssl3_SendServerHello(sslSocket *ss) if (IS_DTLS(ss)) { version = dtls_TLSVersionToDTLSVersion(ss->version); - } - else { + } else { version = ss->version; } @@ -9599,8 +9505,7 @@ ssl3_SendServerHello(sslSocket *ss) if (sid) { rv = ssl3_AppendHandshakeVariable( ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1); - } - else { + } else { rv = ssl3_AppendHandshakeNumber(ss, 0, 1); } if (rv != SECSuccess) { @@ -10259,8 +10164,7 @@ ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, temp = dtls_TLSVersionToDTLSVersion(ss->clientHelloVersion); version.major = MSB(temp); version.minor = LSB(temp); - } - else { + } else { version.major = MSB(ss->clientHelloVersion); version.minor = LSB(ss->clientHelloVersion); } @@ -10331,8 +10235,7 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, #ifndef NO_PKCS11_BYPASS isTLS = PR_TRUE; #endif - } - else { + } else { #ifndef NO_PKCS11_BYPASS isTLS = (PRBool)(ss->ssl3.hs.kea_def->tls_keygen != 0); #endif @@ -10360,8 +10263,7 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, if (rv != SECSuccess) { /* triple bypass failed. Let's try for a double bypass. */ goto double_bypass; - } - else if (ss->opt.detectRollBack) { + } else if (ss->opt.detectRollBack) { SSL3ProtocolVersion client_version = (rsaPmsBuf[0] << 8) | rsaPmsBuf[1]; @@ -10383,8 +10285,7 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, PK11_GenerateRandom(pwSpec->msItem.data, pwSpec->msItem.len); } rv = ssl3_InitPendingCipherSpec(ss, NULL); - } - else + } else #endif { PK11SymKey *tmpPms[2] = { NULL, NULL }; @@ -10587,8 +10488,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } serverKeyPair = ss->stepDownKeyPair; ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB; - } - else + } else skip: if (kea_def->kea == kea_dhe_dss || kea_def->kea == kea_dhe_rsa) { @@ -10599,8 +10499,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECKEY_PublicKeyStrengthInBits(serverKeyPair->pubKey); } } - } - else + } else #ifndef NSS_DISABLE_ECC /* XXX Using SSLKEAType to index server certifiates * does not work for (EC)DHE ciphers. Until we have @@ -10617,8 +10516,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECKEY_PublicKeyStrengthInBits(serverKeyPair->pubKey); } } - } - else + } else #endif { sslServerCerts *sc = ss->serverCerts + kea_def->exchKeyType; @@ -10887,8 +10785,7 @@ ssl3_SendCertificate(sslSocket *ss) if ((ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) || (ss->ssl3.hs.kea_def->kea == kea_dhe_rsa)) { certIndex = kt_rsa; - } - else { + } else { certIndex = ss->ssl3.hs.kea_def->exchKeyType; } sc = ss->serverCerts + certIndex; @@ -10896,8 +10793,7 @@ ssl3_SendCertificate(sslSocket *ss) ss->sec.authKeyBits = sc->serverKeyBits; ss->sec.authAlgorithm = ss->ssl3.hs.kea_def->signKeyType; ss->sec.localCert = CERT_DupCertificate(sc->serverCert); - } - else { + } else { certChain = ss->ssl3.clientCertChain; ss->sec.localCert = CERT_DupCertificate(ss->ssl3.clientCertificate); } @@ -10917,8 +10813,7 @@ ssl3_SendCertificate(sslSocket *ss) #ifdef NISCC_TEST if (fakeCert.len > 0 && i == ndex) { certChainLen += fakeCert.len + 3; - } - else { + } else { certChainLen += certChain->certs[i].len + 3; } #else @@ -10936,8 +10831,7 @@ ssl3_SendCertificate(sslSocket *ss) if (isTLS13) { if (ss->sec.isServer) { rv = ssl3_AppendHandshakeNumber(ss, 0, 1); - } - else { + } else { rv = ssl3_AppendHandshakeVariable(ss, ss->ssl3.hs.certReqContext, ss->ssl3.hs.certReqContextLen, 1); @@ -10958,8 +10852,7 @@ ssl3_SendCertificate(sslSocket *ss) rv = ssl3_AppendHandshakeVariable(ss, fakeCert.data, fakeCert.len, 3); SECITEM_FreeItem(&fakeCert, PR_FALSE); - } - else { + } else { rv = ssl3_AppendHandshakeVariable(ss, certChain->certs[i].data, certChain->certs[i].len, 3); } @@ -11002,8 +10895,7 @@ ssl3_SendCertificateStatus(sslSocket *ss) if ((ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) || (ss->ssl3.hs.kea_def->kea == kea_dhe_rsa)) { certIndex = kt_rsa; - } - else { + } else { certIndex = ss->ssl3.hs.kea_def->exchKeyType; } if (ss->certStatusArray[certIndex] && ss->certStatusArray[certIndex]->len) { @@ -11194,8 +11086,7 @@ ssl3_CompleteHandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) { ss->ssl3.hs.ws = wait_client_key; - } - else { + } else { TLS13_SET_HS_STATE(ss, wait_finished); } return SECSuccess; @@ -11266,8 +11157,7 @@ ssl3_CompleteHandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length) c->next = NULL; if (lastCert) { lastCert->next = c; - } - else { + } else { ss->ssl3.peerCertChain = c; } lastCert = c; @@ -11281,8 +11171,7 @@ ssl3_CompleteHandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (!isServer && ssl3_ExtensionNegotiated(ss, ssl_cert_status_xtn)) { ss->ssl3.hs.ws = wait_certificate_status; rv = SECSuccess; - } - else { + } else { rv = ssl3_AuthCertificate(ss); /* sets ss->ssl3.hs.ws */ } @@ -11328,8 +11217,8 @@ ssl3_AuthCertificate(sslSocket *ss) /* * Ask caller-supplied callback function to validate cert chain. */ - rv = (SECStatus) (*ss->authCertificate)(ss->authCertificateArg, ss->fd, - PR_TRUE, isServer); + rv = (SECStatus)(*ss->authCertificate)(ss->authCertificateArg, ss->fd, + PR_TRUE, isServer); if (rv != SECSuccess) { errCode = PORT_GetError(); if (rv != SECWouldBlock) { @@ -11431,8 +11320,7 @@ ssl3_AuthCertificate(sslSocket *ss) if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) { TLS13_SET_HS_STATE(ss, wait_cert_verify); - } - else { + } else { /* Ephemeral suites require ServerKeyExchange. Export cipher suites * with RSA key exchange also require ServerKeyExchange if the * authentication key exceeds the key size limit. */ @@ -11442,8 +11330,7 @@ ssl3_AuthCertificate(sslSocket *ss) ss->sec.authKeyBits > ss->ssl3.hs.kea_def->key_size_limit)) { /* require server_key_exchange */ ss->ssl3.hs.ws = wait_server_key; - } - else { + } else { /* disallow server_key_exchange */ ss->ssl3.hs.ws = wait_cert_request; /* This is static RSA key exchange so set the key bits to @@ -11451,13 +11338,11 @@ ssl3_AuthCertificate(sslSocket *ss) ss->sec.keaKeyBits = ss->sec.authKeyBits; } } - } - else { + } else { /* Server */ if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) { ss->ssl3.hs.ws = wait_client_key; - } - else { + } else { TLS13_SET_HS_STATE(ss, wait_cert_verify); } } @@ -11514,8 +11399,7 @@ ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error) ss->ssl3.hs.restartTarget = ssl3_AlwaysFail; ssl3_SendAlertForCertError(ss, error); rv = SECSuccess; - } - else if (ss->ssl3.hs.restartTarget != NULL) { + } else if (ss->ssl3.hs.restartTarget != NULL) { sslRestartTarget target = ss->ssl3.hs.restartTarget; ss->ssl3.hs.restartTarget = NULL; @@ -11533,8 +11417,7 @@ ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error) if (rv == SECWouldBlock) { rv = SECSuccess; } - } - else { + } else { SSL_TRC(3, ("%d: SSL3[%p]: certificate authentication won the race with" " peer's finished message", SSL_GETPID(), ss->fd)); @@ -11551,8 +11434,7 @@ ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error) * haven't received all of the server's second round yet. */ rv = ssl3_CheckFalseStart(ss); - } - else { + } else { rv = SECSuccess; } } @@ -11587,8 +11469,7 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) { tls_mac_params.prfMechanism = CKM_TLS_PRF; - } - else { + } else { tls_mac_params.prfMechanism = CKM_SHA256; } tls_mac_params.ulMacLength = 12; @@ -11643,8 +11524,7 @@ ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label, PORT_Assert(rv != SECSuccess || retLen == outLen); PK11_DestroyContext(prf_context, PR_TRUE); - } - else { + } else { /* bypass PKCS11 */ #ifdef NO_PKCS11_BYPASS PORT_Assert(spec->master_secret); @@ -11662,8 +11542,7 @@ ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label, if (spec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { rv = TLS_P_hash(HASH_AlgSHA256, &spec->msItem, label, &inData, &outData, isFIPS); - } - else { + } else { rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); } PORT_Assert(rv != SECSuccess || outData.len == outLen); @@ -11813,8 +11692,7 @@ ssl3_SendFinished(sslSocket *ss, PRInt32 flags) rv = ssl3_AppendHandshake(ss, &tlsFinished, sizeof tlsFinished); if (rv != SECSuccess) goto fail; /* err set by AppendHandshake. */ - } - else { + } else { if (isServer) ss->ssl3.hs.finishedMsgs.sFinished[1] = hashes.u.s; else @@ -11876,8 +11754,7 @@ ssl3_CacheWrappedMasterSecret(sslSocket *ss, sslSessionID *sid, pwArg); if (wrappingKey) { mechanism = PK11_GetMechanism(wrappingKey); /* can't fail. */ - } - else { + } else { int keyLength; /* if the wrappingKey doesn't exist, attempt to create it. * Note: we intentionally ignore errors here. If we cannot @@ -11895,8 +11772,7 @@ ssl3_CacheWrappedMasterSecret(sslSocket *ss, sslSessionID *sid, PK11_SetWrapKey(symKeySlot, wrapKeyIndex, wrappingKey); } } - } - else { + } else { /* server socket using session cache. */ mechanism = PK11_GetBestWrapMechanism(symKeySlot); if (mechanism != CKM_INVALID_MECHANISM) { @@ -11981,8 +11857,7 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); return SECFailure; } - } - else { + } else { if (length != sizeof(SSL3Finished)) { (void)ssl3_IllegalParameter(ss); PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED); @@ -12067,8 +11942,7 @@ xmit_loser: if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) { effectiveExchKeyType = kt_rsa; - } - else { + } else { effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; } @@ -12101,8 +11975,7 @@ xmit_loser: sid->u.ssl3.masterValid = PR_TRUE; sid->u.ssl3.keys.msIsWrapped = PR_FALSE; rv = SECSuccess; - } - else { + } else { rv = ssl3_CacheWrappedMasterSecret(ss, ss->sec.ci.sid, ss->ssl3.crSpec, effectiveExchKeyType); @@ -12204,13 +12077,11 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) (ss->ssl3.hs.ws == wait_cert_verify))) { computeHashes = PR_TRUE; } - } - else { + } else { if (type == certificate_verify) { computeHashes = TLS13_IN_HS_STATE(ss, wait_cert_verify); - } - else if (type == finished) { + } else if (type == finished) { computeHashes = TLS13_IN_HS_STATE(ss, wait_cert_request, wait_finished); } @@ -12219,10 +12090,8 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ssl_GetSpecReadLock(ss); /************************************/ if (computeHashes) { SSL3Sender sender = (SSL3Sender)0; - ssl3CipherSpec *rSpec = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 ? - ss->ssl3.crSpec - : - ss->ssl3.prSpec; + ssl3CipherSpec *rSpec = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 ? ss->ssl3.crSpec + : ss->ssl3.prSpec; if (type == finished) { sender = ss->sec.isServer ? sender_client : sender_server; @@ -12326,8 +12195,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) default: if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) { rv = ssl3_HandlePostHelloHandshakeMessage(ss, b, length, hashesPtr); - } - else { + } else { rv = tls13_HandlePostHelloHandshakeMessage(ss, b, length, hashesPtr); } @@ -12514,8 +12382,7 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) if (rv != SECSuccess) { /* return if SECWouldBlock. */ return rv; } - } - else { + } else { /* must be copied to msg_body and dealt with from there */ unsigned int bytes; @@ -12554,8 +12421,7 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) if (rv != SECSuccess) { /* return if SECWouldBlock. */ return rv; } - } - else { + } else { PORT_Assert(buf->len == 0); break; } @@ -12786,8 +12652,7 @@ ssl3_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext, /* With >= TLS 1.1, CBC records have an explicit IV. */ minLength += cipher_def->iv_size; } - } - else if (cipher_def->type == type_aead) { + } else if (cipher_def->type == type_aead) { minLength = cipher_def->explicit_nonce_size + cipher_def->tag_size; } @@ -12863,8 +12728,7 @@ ssl3_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext, if (rv != SECSuccess) { good = 0; } - } - else { + } else { if (cipher_def->type == type_block && ((cText->buf->len - ivLen) % cipher_def->block_size) != 0) { goto decrypt_loser; @@ -12890,8 +12754,7 @@ ssl3_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext, if (!isTLS) { good &= SECStatusToMask(ssl_RemoveSSLv3CBCPadding( plaintext, blockSize, macSize)); - } - else { + } else { good &= SECStatusToMask(ssl_RemoveTLSCBCPadding( plaintext, macSize)); } @@ -12918,8 +12781,7 @@ ssl3_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext, * plaintext->len if the result has enough space for the MAC and we * tested the unadjusted size against minLength, above. */ plaintext->len -= crSpec->mac_size; - } - else { + } else { /* This is safe because we checked the minLength above. */ plaintext->len -= crSpec->mac_size; @@ -13031,8 +12893,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf) temp_buf.buf = NULL; temp_buf.space = 0; plaintext = &temp_buf; - } - else { + } else { plaintext = databuf; } @@ -13056,8 +12917,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf) crSpec->cipher_def->calg == ssl_calg_null) { /* Unencrypted TLS 1.3 records use the pre-TLS 1.3 format. */ rv = ssl3_UnprotectRecord(ss, cText, plaintext, &alert); - } - else { + } else { rv = tls13_UnprotectRecord(ss, cText, plaintext, &alert); } @@ -13073,8 +12933,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf) * PORT_SetError(). */ PORT_SetError(errCode); return SECFailure; - } - else { + } else { /* Silently drop the packet */ databuf->len = 0; /* Needed to ensure data not left around */ return SECSuccess; @@ -13084,8 +12943,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf) /* SECSuccess */ if (!IS_DTLS(ss)) { ssl3_BumpSequenceNumber(&crSpec->read_seq_num); - } - else { + } else { dtls_RecordSetRecvd(&crSpec->recvdRecords, dtls_seq_num); } @@ -13126,8 +12984,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf) if (rv != SECSuccess) { int err = ssl_MapLowLevelError(SSL_ERROR_DECOMPRESSION_FAILURE); SSL3_SendAlert(ss, alert_fatal, - isTLS ? - decompression_failure + isTLS ? decompression_failure : bad_record_mac); /* There appears to be a bug with (at least) Apache + OpenSSL where @@ -13199,8 +13056,7 @@ process_it: case content_handshake: if (!IS_DTLS(ss)) { rv = ssl3_HandleHandshake(ss, databuf); - } - else { + } else { rv = dtls_HandleHandshake(ss, databuf); } break; @@ -13432,8 +13288,7 @@ ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *oPolicy) if (suite) { policy = suite->policy; rv = SECSuccess; - } - else { + } else { policy = SSL_NOT_ALLOWED; rv = SECFailure; /* err code was set by Lookup. */ } @@ -13467,8 +13322,7 @@ ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *enabled) if (suite) { pref = suite->enabled; rv = SECSuccess; - } - else { + } else { pref = SSL_NOT_ALLOWED; rv = SECFailure; /* err code was set by Lookup. */ } @@ -13500,8 +13354,7 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled) if (suite) { pref = suite->enabled; rv = SECSuccess; - } - else { + } else { pref = SSL_NOT_ALLOWED; rv = SECFailure; /* err code was set by Lookup. */ } @@ -13705,8 +13558,7 @@ ssl3_DestroySSL3Info(sslSocket *ss) if (ss->ssl3.hs.hashType == handshake_hash_combo) { SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE); MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE); - } - else if (ss->ssl3.hs.hashType == handshake_hash_single) { + } else if (ss->ssl3.hs.hashType == handshake_hash_single) { ss->ssl3.hs.sha_obj->destroy(ss->ssl3.hs.sha_cx, PR_FALSE); } } diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index e26a556db604..c8e9d06b5879 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -252,8 +252,7 @@ ssl3_ComputeECDHKeyHash(SSLHashType hashAlg, bufLen = 2 * SSL3_RANDOM_LENGTH + ec_params.len + 1 + server_ecpoint.len; if (bufLen <= sizeof buf) { hashBuf = buf; - } - else { + } else { hashBuf = PORT_Alloc(bufLen); if (!hashBuf) { return SECFailure; @@ -322,11 +321,9 @@ ssl3_SendECDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey) if (isTLS12) { target = CKM_TLS12_MASTER_KEY_DERIVE_DH; - } - else if (isTLS) { + } else if (isTLS) { target = CKM_TLS_MASTER_KEY_DERIVE_DH; - } - else { + } else { target = CKM_SSL3_MASTER_KEY_DERIVE_DH; } @@ -449,11 +446,9 @@ ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b, if (isTLS12) { target = CKM_TLS12_MASTER_KEY_DERIVE_DH; - } - else if (isTLS) { + } else if (isTLS) { target = CKM_TLS_MASTER_KEY_DERIVE_DH; - } - else { + } else { target = CKM_SSL3_MASTER_KEY_DERIVE_DH; } @@ -603,8 +598,7 @@ ssl3_GetCurveNameForServerSocket(sslSocket *ss) return ec_noName; } signatureKeyStrength = curve2bits[ec_curve]; - } - else { + } else { /* RSA is our signing cert */ int serverKeyStrengthInBits; @@ -931,8 +925,7 @@ ssl3_SendECDHServerKeyExchange( if (ss->opt.reuseServerECDHEKey) { rv = ssl3_CreateECDHEphemeralKeys(ss, curve); - } - else { + } else { rv = ssl3_CreateECDHEphemeralKeyPair(curve, &ss->ephemeralECDHKeyPair); } if (rv != SECSuccess) { @@ -953,8 +946,7 @@ ssl3_SendECDHServerKeyExchange( ec_params.data[0] = ec_type_named; ec_params.data[1] = 0x00; ec_params.data[2] = curve; - } - else { + } else { PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); goto loser; } @@ -1153,8 +1145,7 @@ ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss) if (!svrCert) { ssl3_DisableECCSuites(ss, ecdh_suites); ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); - } - else { + } else { SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature); switch (sigTag) { @@ -1224,12 +1215,14 @@ static const PRUint8 suiteBECList[] = { /* Prefabricated TLS client hello extension, Elliptic Curves List, * offers curves 1-25. */ +/* clang-format off */ static const PRUint8 tlsECList[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25 }; +/* clang-format on */ static const PRUint8 ecPtFmt[6] = { BE(11), /* Extension type */ @@ -1295,8 +1288,7 @@ ssl3_SendSupportedCurvesXtn( APPEND_CURVE(suiteBECList[i]); } ecListSize = pos; - } - else { + } else { for (i = 0; i < sizeof(tlsECList); i++) { APPEND_CURVE(tlsECList[i]); } @@ -1343,8 +1335,7 @@ ssl3_GetSupportedECCurveMask(sslSocket *ss) if (ssl3_SuiteBOnly(ss)) { curves = SSL3_SUITE_B_SUPPORTED_CURVES_MASK; - } - else { + } else { curves = SSL3_ALL_SUPPORTED_CURVES_MASK; } diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index 32ce5d86edc3..2e99a40fc4a8 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -319,6 +319,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, + { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn }, { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, #ifndef NSS_DISABLE_ECC { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, @@ -331,7 +332,6 @@ static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, - { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn }, { ssl_signed_cert_timestamp_xtn, &ssl3_ClientSendSignedCertTimestampXtn }, { ssl_tls13_key_share_xtn, &tls13_ClientSendKeyShareXtn }, /* any extra entries will appear as { 0, NULL } */ @@ -570,12 +570,11 @@ ssl3_SendSessionTicketXtn( if (session_ticket->ticket.data) { if (ss->xtnData.ticketTimestampVerified) { extension_length += session_ticket->ticket.len; - } - else if (!append && - (session_ticket->ticket_lifetime_hint == 0 || - (session_ticket->ticket_lifetime_hint + - session_ticket->received_timestamp > - ssl_Time()))) { + } else if (!append && + (session_ticket->ticket_lifetime_hint == 0 || + (session_ticket->ticket_lifetime_hint + + session_ticket->received_timestamp > + ssl_Time()))) { extension_length += session_ticket->ticket.len; ss->xtnData.ticketTimestampVerified = PR_TRUE; } @@ -598,8 +597,7 @@ ssl3_SendSessionTicketXtn( session_ticket->ticket.len, 2); ss->xtnData.ticketTimestampVerified = PR_FALSE; ss->xtnData.sentSessionTicketInClientHello = PR_TRUE; - } - else { + } else { rv = ssl3_AppendHandshakeNumber(ss, 0, 2); } if (rv != SECSuccess) @@ -906,8 +904,7 @@ ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) if (i <= len) { memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i); memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i); - } - else { + } else { /* This seems to be invalid data so we'll send as-is. */ memcpy(alpn_protos, ss->opt.nextProtoNego.data, len); } @@ -1015,8 +1012,7 @@ ssl3_ServerSendStatusRequestXtn( if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) { effectiveExchKeyType = ssl_kea_rsa; - } - else { + } else { effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; } @@ -1170,8 +1166,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) if (ss->opt.bypassPKCS11) { rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, &mac_key, &mac_key_length); - } - else + } else #endif { rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, @@ -1185,8 +1180,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) ms_item.data = ss->ssl3.pwSpec->msItem.data; ms_item.len = ss->ssl3.pwSpec->msItem.len; ms_is_wrapped = PR_FALSE; - } - else { + } else { /* Extract the master secret wrapped. */ sslSessionID sid; PORT_Memset(&sid, 0, sizeof(sslSessionID)); @@ -1194,8 +1188,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) { effectiveExchKeyType = kt_rsa; - } - else { + } else { effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; } @@ -1209,8 +1202,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) ms_item.data = wrapped_ms; ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len; msWrapMech = sid.u.ssl3.masterWrapMech; - } - else { + } else { /* TODO: else send an empty ticket. */ goto loser; } @@ -1326,8 +1318,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) ss->sec.ci.sid->peerCert->derCert.len); if (rv != SECSuccess) goto loser; - } - else { + } else { rv = ssl3_AppendNumberToItem(&plaintext, 0, 1); if (rv != SECSuccess) goto loser; @@ -1352,8 +1343,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) rv = ssl3_AppendToItem(&plaintext, srvName->data, srvName->len); if (rv != SECSuccess) goto loser; - } - else { + } else { /* No Name */ rv = ssl3_AppendNumberToItem(&plaintext, (char)TLS_STE_NO_SERVER_NAME, 1); if (rv != SECSuccess) @@ -1389,8 +1379,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) plaintext_item.len); if (rv != SECSuccess) goto loser; - } - else + } else #endif { aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech, @@ -1427,8 +1416,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len); HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, sizeof(computed_mac)); - } - else + } else #endif { SECItem macParam; @@ -1544,8 +1532,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, */ if (data->len == 0) { ss->xtnData.emptySessionTicket = PR_TRUE; - } - else { + } else { PRUint32 i; SECItem extension_data; EncryptedSessionTicket enc_session_ticket; @@ -1601,8 +1588,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, if (ss->opt.bypassPKCS11) { rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, &mac_key, &mac_key_length); - } - else + } else #endif { rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, @@ -1640,8 +1626,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, sizeof(computed_mac)) != SECSuccess) goto no_ticket; - } - else + } else #endif { SECItem macParam; @@ -1653,8 +1638,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.", SSL_GETPID(), ss->fd, PORT_GetError())); goto no_ticket; - } - else { + } else { SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.", SSL_GETPID(), ss->fd)); } @@ -1708,8 +1692,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, enc_session_ticket.encrypted_state.len); if (rv != SECSuccess) goto no_ticket; - } - else + } else #endif { SECItem ivItem; @@ -2050,8 +2033,7 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length, case server_hello: if (ss->version > SSL_LIBRARY_VERSION_3_0) { handlers = serverHelloHandlersTLS; - } - else { + } else { handlers = serverHelloHandlersSSL3; } break; @@ -2131,13 +2113,11 @@ ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type, ssl3HelloExtensionSender *sender; if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) { sender = &ss->xtnData.serverHelloSenders[0]; - } - else { + } else { if (tls13_ExtensionAllowed(ex_type, server_hello)) { PORT_Assert(!tls13_ExtensionAllowed(ex_type, encrypted_extensions)); sender = &ss->xtnData.serverHelloSenders[0]; - } - else { + } else { PORT_Assert(tls13_ExtensionAllowed(ex_type, encrypted_extensions)); sender = &ss->xtnData.encryptedExtensionsSenders[0]; } @@ -2172,8 +2152,7 @@ ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes, if (!sender) { if (ss->version > SSL_LIBRARY_VERSION_3_0) { sender = &clientHelloSendersTLS[0]; - } - else { + } else { sender = &clientHelloSendersSSL3[0]; } } @@ -2884,8 +2863,7 @@ ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss, PRBool append, goto loser; ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_signed_cert_timestamp_xtn; - } - else if (maxBytes < extension_length) { + } else if (maxBytes < extension_length) { PORT_Assert(0); return 0; } @@ -2932,8 +2910,7 @@ ssl3_ServerSendSignedCertTimestampXtn(sslSocket *ss, if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) { effectiveExchKeyType = ssl_kea_rsa; - } - else { + } else { effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; } diff --git a/security/nss/lib/ssl/ssl3gthr.c b/security/nss/lib/ssl/ssl3gthr.c index 5ba5b7cf7aaf..ea277135d4a7 100644 --- a/security/nss/lib/ssl/ssl3gthr.c +++ b/security/nss/lib/ssl/ssl3gthr.c @@ -59,14 +59,12 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags) if (nb > 0) { PRINT_BUF(60, (ss, "raw gather data:", bp, nb)); - } - else if (nb == 0) { + } else if (nb == 0) { /* EOF */ SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd)); rv = 0; break; - } - else /* if (nb < 0) */ { + } else /* if (nb < 0) */ { SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd, PR_GetError())); rv = SECFailure; @@ -194,14 +192,12 @@ dtls_GatherData(sslSocket *ss, sslGather *gs, int flags) if (nb > 0) { PRINT_BUF(60, (ss, "raw gather data:", gs->dtlsPacket.buf, nb)); - } - else if (nb == 0) { + } else if (nb == 0) { /* EOF */ SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd)); rv = 0; return rv; - } - else /* if (nb < 0) */ { + } else /* if (nb < 0) */ { SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd, PR_GetError())); rv = SECFailure; @@ -314,8 +310,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) if (ss->ssl3.hs.msgState.buf) { if (ss->ssl3.hs.msgState.len == 0) { ss->ssl3.hs.msgState.buf = NULL; - } - else { + } else { handleRecordNow = PR_TRUE; } } @@ -329,8 +324,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) * handshake record. */ rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf); - } - else { + } else { /* bring in the next sslv3 record. */ if (ss->recvdCloseNotify) { /* RFC 5246 Section 7.2.1: @@ -340,8 +334,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) } if (!IS_DTLS(ss)) { rv = ssl3_GatherData(ss, &ss->gs, flags); - } - else { + } else { rv = dtls_GatherData(ss, &ss->gs, flags); /* If we got a would block error, that means that no data was @@ -412,8 +405,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) PORT_Assert(ss->firstHsDone); PORT_Assert(!ss->ssl3.hs.canFalseStart); keepGoing = PR_FALSE; - } - else if (ss->ssl3.hs.canFalseStart) { + } else if (ss->ssl3.hs.canFalseStart) { /* Prioritize sending application data over trying to complete * the handshake if we're false starting. * @@ -426,8 +418,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) if (ssl3_WaitingForServerSecondRound(ss)) { keepGoing = PR_FALSE; - } - else { + } else { ss->ssl3.hs.canFalseStart = PR_FALSE; } } diff --git a/security/nss/lib/ssl/sslauth.c b/security/nss/lib/ssl/sslauth.c index 356979e5d428..7fb4dc5ffc25 100644 --- a/security/nss/lib/ssl/sslauth.c +++ b/security/nss/lib/ssl/sslauth.c @@ -123,8 +123,7 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1, if (ss->opt.useSecurity && ss->enoughFirstHsDone) { if (ss->version < SSL_LIBRARY_VERSION_3_0) { cipherName = ssl_cipherName[ss->sec.cipherType]; - } - else { + } else { cipherName = ssl3_cipherName[ss->sec.cipherType]; } PORT_Assert(cipherName); @@ -150,11 +149,9 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1, if (op) { if (ss->sec.keyBits == 0) { *op = SSL_SECURITY_STATUS_OFF; - } - else if (ss->sec.secretKeyBits < 90) { + } else if (ss->sec.secretKeyBits < 90) { *op = SSL_SECURITY_STATUS_ON_LOW; - } - else { + } else { *op = SSL_SECURITY_STATUS_ON_HIGH; } } @@ -170,8 +167,7 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1, if (sp) { *sp = CERT_NameToAscii(&cert->subject); } - } - else { + } else { if (ip) { *ip = PORT_Strdup("no certificate"); } diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c index 5055e6136bbd..95d27275f444 100644 --- a/security/nss/lib/ssl/sslcon.c +++ b/security/nss/lib/ssl/sslcon.c @@ -142,9 +142,8 @@ ssl2_ConstructCipherSpecs(sslSocket *ss) count = 0; PORT_Assert(ss != 0); - allowed = !ss->opt.enableSSL2 ? 0 : - (ss->allowedByPolicy & - ss->chosenPreference & SSL_CB_IMPLEMENTED); + allowed = !ss->opt.enableSSL2 ? 0 : (ss->allowedByPolicy & + ss->chosenPreference & SSL_CB_IMPLEMENTED); while (allowed) { if (allowed & 1) ++count; @@ -179,9 +178,8 @@ ssl2_ConstructCipherSpecs(sslSocket *ss) ss->sizeCipherSpecs = count * 3; /* fill in cipher specs for SSL2 cipher suites */ - allowed = !ss->opt.enableSSL2 ? 0 : - (ss->allowedByPolicy & - ss->chosenPreference & SSL_CB_IMPLEMENTED); + allowed = !ss->opt.enableSSL2 ? 0 : (ss->allowedByPolicy & + ss->chosenPreference & SSL_CB_IMPLEMENTED); for (i = 0; i < ssl2_NUM_SUITES_IMPLEMENTED * 3; i += 3) { const PRUint8 *hs = implementedCipherSuites + i; int ok = allowed & (1U << hs[0]); @@ -267,12 +265,10 @@ ssl2_SetPolicy(PRInt32 which, PRInt32 policy) if (policy == SSL_ALLOWED) { allowedByPolicy |= bitMask; maybeAllowedByPolicy |= bitMask; - } - else if (policy == SSL_RESTRICTED) { + } else if (policy == SSL_RESTRICTED) { allowedByPolicy &= ~bitMask; maybeAllowedByPolicy |= bitMask; - } - else { + } else { allowedByPolicy &= ~bitMask; maybeAllowedByPolicy &= ~bitMask; } @@ -301,8 +297,7 @@ ssl2_GetPolicy(PRInt32 which, PRInt32 *oPolicy) if (maybeAllowedByPolicy & bitMask) { policy = (allowedByPolicy & bitMask) ? SSL_ALLOWED : SSL_RESTRICTED; - } - else { + } else { policy = SSL_NOT_ALLOWED; } @@ -617,8 +612,7 @@ ssl2_SendServerFinishedMessage(sslSocket *ss) if (ss->sec.uncache) (*ss->sec.uncache)(sid); rv = (SECStatus)sent; - } - else if (!ss->opt.noCache) { + } else if (!ss->opt.noCache) { if (sid->cached == never_cached) { (*ss->sec.cache)(sid); } @@ -873,8 +867,7 @@ ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) if (rv < 0) { if (PORT_GetError() == PR_WOULD_BLOCK_ERROR) { rv = 0; - } - else { + } else { /* Return short write if some data already went out... */ if (count == 0) count = rv; @@ -887,8 +880,7 @@ ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) if (ssl_SaveWriteData(ss, out + rv, amount + 2 - rv) == SECFailure) { count = SECFailure; - } - else { + } else { count += amount; ss->sec.sendSequence++; } @@ -973,8 +965,7 @@ ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) "saving data", SSL_GETPID(), ss->fd)); rv = 0; - } - else { + } else { SSL_TRC(10, ("%d: SSL[%d]: send stream error %d", SSL_GETPID(), ss->fd, PORT_GetError())); /* Return short write if some data already went out... */ @@ -988,8 +979,7 @@ ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) /* Short write. Save the data and return. */ if (ssl_SaveWriteData(ss, out + rv, buflen - rv) == SECFailure) { count = SECFailure; - } - else { + } else { count += amount; ss->sec.sendSequence++; } @@ -1048,8 +1038,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) hlen = 3; padding = ss->sec.blockSize - padding; nout += padding; - } - else { + } else { hlen = 2; } buflen = hlen + nout; @@ -1067,8 +1056,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) *op++ = MSB(nout); *op++ = LSB(nout); *op++ = padding; - } - else { + } else { *op++ = 0x80 | MSB(nout); *op++ = LSB(nout); } @@ -1105,8 +1093,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) if (rv < 0) { if (PORT_GetError() == PR_WOULD_BLOCK_ERROR) { rv = 0; - } - else { + } else { SSL_TRC(10, ("%d: SSL[%d]: send block error %d", SSL_GETPID(), ss->fd, PORT_GetError())); /* Return short write if some data already went out... */ @@ -1120,8 +1107,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) /* Short write. Save the data and return. */ if (ssl_SaveWriteData(ss, out + rv, op - out - rv) == SECFailure) { count = SECFailure; - } - else { + } else { count += amount; ss->sec.sendSequence++; } @@ -1226,8 +1212,7 @@ ssl_GatherRecord1stHandshake(sslSocket *ss) if ((ss->version >= SSL_LIBRARY_VERSION_3_0) || IS_DTLS(ss)) { /* Wait for handshake to complete, or application data to arrive. */ rv = ssl3_GatherCompleteHandshake(ss, 0); - } - else { + } else { /* See if we have a complete record */ rv = ssl2_GatherRecord(ss, 0); } @@ -1886,12 +1871,10 @@ ssl2_ChooseSessionCypher(sslSocket *ss, if ((ohs[0] == SSL_CK_RC4_128_WITH_MD5) || (ohs[0] == SSL_CK_RC2_128_CBC_WITH_MD5)) { PORT_SetError(SSL_ERROR_US_ONLY_SERVER); - } - else if ((ohs[0] == SSL_CK_RC4_128_EXPORT40_WITH_MD5) || - (ohs[0] == SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)) { + } else if ((ohs[0] == SSL_CK_RC4_128_EXPORT40_WITH_MD5) || + (ohs[0] == SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)) { PORT_SetError(SSL_ERROR_EXPORT_ONLY_SERVER); - } - else { + } else { PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); } SSL_DBG(("%d: SSL[%d]: no cipher overlap", SSL_GETPID(), ss->fd)); @@ -2223,8 +2206,7 @@ ssl2_TryToFinish(sslSocket *ss) if (ss->sec.isServer) { /* Send server finished message if we already didn't */ rv = ssl2_SendServerFinishedMessage(ss); - } - else { + } else { /* Send client finished message if we already didn't */ rv = ssl2_SendClientFinishedMessage(ss); } @@ -2469,8 +2451,8 @@ ssl2_HandleClientCertificate(sslSocket *ss, goto loser; /* Now ask the server application if it likes the certificate... */ - rv = (SECStatus) (*ss->authCertificate)(ss->authCertificateArg, - ss->fd, PR_TRUE, PR_TRUE); + rv = (SECStatus)(*ss->authCertificate)(ss->authCertificateArg, + ss->fd, PR_TRUE, PR_TRUE); /* Hey, it liked it. */ if (SECSuccess == rv) goto done; @@ -2612,8 +2594,7 @@ ssl2_HandleMessage(sslSocket *ss) ss->gs.recordLen) { /* prevent overflow crash. */ rv = SECFailure; - } - else + } else rv = ssl2_HandleClientCertificate(ss, data[1], data + SSL_HL_CLIENT_CERTIFICATE_HBYTES, certLen, @@ -2795,8 +2776,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss) SSL_TRC(3, ("%d: SSL[%d]: demoting self (%x) to server version (%x)", SSL_GETPID(), ss->fd, SSL_LIBRARY_VERSION_2, ss->version)); - } - else { + } else { SSL_TRC(1, ("%d: SSL[%d]: server version is %x (we are %x)", SSL_GETPID(), ss->fd, ss->version, SSL_LIBRARY_VERSION_2)); /* server claims to be newer but does not follow protocol */ @@ -2845,8 +2825,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss) if (rv != SECSuccess) { goto loser; } - } - else { + } else { if (certType != SSL_CT_X509_CERTIFICATE) { PORT_SetError(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE); goto loser; @@ -2916,8 +2895,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss) SSL_GETPID(), ss->fd)); PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2); rv = SECFailure; - } - else { + } else { /* cert is bad */ SSL_DBG(("%d: SSL[%d]: server certificate is no good: error=%d", SSL_GETPID(), ss->fd, PORT_GetError())); @@ -2925,8 +2903,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss) goto loser; } /* cert is good */ - } - else { + } else { SSL_DBG(("%d: SSL[%d]: server certificate is no good: error=%d", SSL_GETPID(), ss->fd, PORT_GetError())); goto loser; @@ -3032,8 +3009,7 @@ ssl2_BeginClientHandshake(sslSocket *ss) /* Try to find server in our session-id cache */ if (ss->opt.noCache) { sid = NULL; - } - else { + } else { sid = ssl_LookupSID(&ss->sec.ci.peer, ss->sec.ci.port, ss->peerID, ss->url); } @@ -3434,8 +3410,7 @@ ssl2_HandleClientHelloMessage(sslSocket *ss) ** knows whats up. */ ss->version = SSL_LIBRARY_VERSION_2; - } - else { + } else { SSL_TRC(1, ("%d: SSL[%d]: client version is %x (we are %x)", SSL_GETPID(), ss->fd, ss->version, SSL_LIBRARY_VERSION_2)); PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION); @@ -3473,8 +3448,7 @@ ssl2_HandleClientHelloMessage(sslSocket *ss) ss->sec.ci.peer.pr_s6_addr32[2], ss->sec.ci.peer.pr_s6_addr32[3])); sid = (*ssl_sid_lookup)(&ss->sec.ci.peer, sd, sdLen, ss->dbHandle); - } - else { + } else { sid = NULL; } if (sid) { @@ -3498,8 +3472,7 @@ ssl2_HandleClientHelloMessage(sslSocket *ss) if (rv != SECSuccess) { goto loser; } - } - else { + } else { SECItem *derCert = &serverCert->derCert; SSL_TRC(7, ("%d: SSL[%d]: server, lookup nonce missed", diff --git a/security/nss/lib/ssl/ssldef.c b/security/nss/lib/ssl/ssldef.c index 385ad5edf204..77a744cc7abd 100644 --- a/security/nss/lib/ssl/ssldef.c +++ b/security/nss/lib/ssl/ssldef.c @@ -70,8 +70,7 @@ ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags) if (rv < 0) { DEFINE_ERROR MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR) - } - else if (rv > len) { + } else if (rv > len) { PORT_Assert(rv <= len); PORT_SetError(PR_BUFFER_OVERFLOW_ERROR); rv = SECFailure; diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c index d362b74ee042..a2dd572618ae 100644 --- a/security/nss/lib/ssl/sslenum.c +++ b/security/nss/lib/ssl/sslenum.c @@ -48,10 +48,16 @@ */ const PRUint16 SSL_ImplementedCiphers[] = { #ifndef NSS_DISABLE_ECC - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, +#ifdef __arm__ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, +#endif /* __arm__ */ + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, +#ifndef __arm__ + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, +#endif /* __arm__ */ /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. */ @@ -67,8 +73,13 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_ECDHE_RSA_WITH_RC4_128_SHA, #endif /* NSS_DISABLE_ECC */ - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, +#ifdef __arm__ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, +#endif /* __arm__ */ + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, +#ifndef __arm__ + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, +#endif /* __arm__ */ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, diff --git a/security/nss/lib/ssl/sslgathr.c b/security/nss/lib/ssl/sslgathr.c index ff26f8bd64f2..48d615ec0de5 100644 --- a/security/nss/lib/ssl/sslgathr.c +++ b/security/nss/lib/ssl/sslgathr.c @@ -142,8 +142,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags) * be called again by ssl_Do1stHandshake. */ return SECWouldBlock; - } - else if (gs->hdr[0] == content_alert) { + } else if (gs->hdr[0] == content_alert) { if (ss->nextHandshake == ssl2_HandleServerHelloMessage) { /* XXX This is a hack. We're assuming that any failure * XXX on the client hello is a failure to match @@ -160,8 +159,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags) /* This record has a 2-byte header, and no padding */ gs->count = ((gs->hdr[0] & 0x7f) << 8) | gs->hdr[1]; gs->recordPadding = 0; - } - else { + } else { /* This record has a 3-byte header that is all read in now. */ gs->count = ((gs->hdr[0] & 0x3f) << 8) | gs->hdr[1]; /* is_escape = (gs->hdr[0] & 0x40) != 0; */ @@ -187,8 +185,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags) pBuf[0] = gs->hdr[2]; gs->offset = 1; gs->remainder = gs->count - 1; - } - else { + } else { gs->offset = 0; gs->remainder = gs->count; } @@ -197,8 +194,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags) gs->state = GS_MAC; gs->recordLen = gs->count - gs->recordPadding - ss->sec.hash->length; - } - else { + } else { gs->state = GS_DATA; gs->recordLen = gs->count; } @@ -286,8 +282,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags) rv = SECFailure; goto cleanup; } - } - else { + } else { ssl_ReleaseSpecReadLock(ss); /******************************/ } @@ -296,8 +291,7 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags) gs->readOffset = macLen; gs->writeOffset = gs->offset - gs->recordPadding; rv = 1; - } - else { + } else { PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING); cleanup: /* nothing in the buffer any more. */ diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c index 547d3abde74b..527b1a434735 100644 --- a/security/nss/lib/ssl/sslinfo.c +++ b/security/nss/lib/ssl/sslinfo.c @@ -30,7 +30,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) /* Check if we can properly return the length of data written and that * we're not asked to return more information than we know how to provide. */ - if (!info || len < sizeof inf.length || len > sizeof inf) { + if (!info || len < sizeof inf.length || len > sizeof inf) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } @@ -54,8 +54,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) inf.cipherSuite = ss->sec.cipherType | 0xff00; inf.compressionMethod = ssl_compression_null; inf.compressionMethodName = "N/A"; - } - else if (ss->ssl3.initialized) { /* SSL3 and TLS */ + } else if (ss->ssl3.initialized) { /* SSL3 and TLS */ ssl_GetSpecReadLock(ss); /* XXX The cipher suite should be in the specs and this * function should get it from cwSpec rather than from the "hs". @@ -81,8 +80,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) inf.sessionIDLength = SSL2_SESSIONID_BYTES; memcpy(inf.sessionID, sid->u.ssl2.sessionID, SSL2_SESSIONID_BYTES); - } - else { + } else { unsigned int sidLen = sid->u.ssl3.sessionIDLength; sidLen = PR_MIN(sidLen, sizeof inf.sessionID); inf.sessionIDLength = sidLen; @@ -442,8 +440,7 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd, if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) { PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); rv = SECFailure; - } - else { + } else { rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val, valLen, out, outLen); } diff --git a/security/nss/lib/ssl/sslmutex.h b/security/nss/lib/ssl/sslmutex.h index 6e2005df9f52..7611148adcef 100644 --- a/security/nss/lib/ssl/sslmutex.h +++ b/security/nss/lib/ssl/sslmutex.h @@ -34,8 +34,7 @@ #include -typedef struct - { +typedef struct { PRBool isMultiProcess; #ifdef WINNT /* on WINNT we need both the PRLock and the Win32 mutex for fibers */ @@ -73,8 +72,7 @@ typedef pid_t sslPID; #include /* for pid_t */ #include /* for sem_t, and sem_* functions */ -typedef struct - { +typedef struct { PRBool isMultiProcess; union { PRLock *sslLock; diff --git a/security/nss/lib/ssl/sslnonce.c b/security/nss/lib/ssl/sslnonce.c index 8f84a4a91518..85031c4ad5cc 100644 --- a/security/nss/lib/ssl/sslnonce.c +++ b/security/nss/lib/ssl/sslnonce.c @@ -174,8 +174,7 @@ ssl_DestroySID(sslSessionID *sid) if (sid->version < SSL_LIBRARY_VERSION_3_0) { SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE); SECITEM_ZfreeItem(&sid->u.ssl2.cipherArg, PR_FALSE); - } - else { + } else { if (sid->u.ssl3.locked.sessionTicket.ticket.data) { SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket, PR_FALSE); @@ -277,28 +276,26 @@ ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, const char *peerID, SSL_TRC(7, ("SSL: lookup1, throwing sid out, age=%d refs=%d", now - sid->creationTime, sid->references)); - *sidp = sid->next; /* delink it from the list. */ - sid->cached = invalid_cache; /* mark not on list. */ - ssl_FreeLockedSID(sid); /* drop ref count, free. */ - } - else if (!memcmp(&sid->addr, addr, sizeof(PRIPv6Addr)) && /* server IP addr matches */ - (sid->port == port) && /* server port matches */ - /* proxy (peerID) matches */ - (((peerID == NULL) && (sid->peerID == NULL)) || - ((peerID != NULL) && (sid->peerID != NULL) && - PORT_Strcmp(sid->peerID, peerID) == 0)) && - /* is cacheable */ - (sid->version < SSL_LIBRARY_VERSION_3_0 || - sid->u.ssl3.keys.resumable) && - /* server hostname matches. */ - (sid->urlSvrName != NULL) && - (0 == PORT_Strcmp(urlSvrName, sid->urlSvrName))) { + *sidp = sid->next; /* delink it from the list. */ + sid->cached = invalid_cache; /* mark not on list. */ + ssl_FreeLockedSID(sid); /* drop ref count, free. */ + } else if (!memcmp(&sid->addr, addr, sizeof(PRIPv6Addr)) && /* server IP addr matches */ + (sid->port == port) && /* server port matches */ + /* proxy (peerID) matches */ + (((peerID == NULL) && (sid->peerID == NULL)) || + ((peerID != NULL) && (sid->peerID != NULL) && + PORT_Strcmp(sid->peerID, peerID) == 0)) && + /* is cacheable */ + (sid->version < SSL_LIBRARY_VERSION_3_0 || + sid->u.ssl3.keys.resumable) && + /* server hostname matches. */ + (sid->urlSvrName != NULL) && + (0 == PORT_Strcmp(urlSvrName, sid->urlSvrName))) { /* Hit */ sid->lastAccessTime = now; sid->references++; break; - } - else { + } else { sidp = &sid->next; } } @@ -338,8 +335,7 @@ CacheSID(sslSessionID *sid) sid->u.ssl2.masterKey.data, sid->u.ssl2.masterKey.len)); PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data, sid->u.ssl2.cipherArg.len)); - } - else { + } else { if (sid->u.ssl3.sessionIDLength == 0 && sid->u.ssl3.locked.sessionTicket.ticket.data == NULL) return; @@ -447,8 +443,7 @@ ssl_ChooseSessionIDProcs(sslSecurityInfo *sec) if (sec->isServer) { sec->cache = ssl_sid_cache; sec->uncache = ssl_sid_uncache; - } - else { + } else { sec->cache = CacheSID; sec->uncache = LockAndUncacheSID; } diff --git a/security/nss/lib/ssl/sslsecur.c b/security/nss/lib/ssl/sslsecur.c index f38ce9b8731b..577374858794 100644 --- a/security/nss/lib/ssl/sslsecur.c +++ b/security/nss/lib/ssl/sslsecur.c @@ -221,8 +221,7 @@ SSL_ResetHandshake(PRFileDesc *s, PRBool asServer) if (asServer) { ss->handshake = ssl2_BeginServerHandshake; ss->handshaking = sslHandshakingAsServer; - } - else { + } else { ss->handshake = ssl2_BeginClientHandshake; ss->handshaking = sslHandshakingAsClient; } @@ -283,8 +282,7 @@ SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache) if (ss->version < SSL_LIBRARY_VERSION_3_0) { PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2); rv = SECFailure; - } - else { + } else { ssl_GetSSL3HandshakeLock(ss); rv = ssl3_RedoHandshake(ss, flushCache); /* force full handshake. */ ssl_ReleaseSSL3HandshakeLock(ss); @@ -462,18 +460,14 @@ SSL_ForceHandshake(PRFileDesc *fd) ssl_ReleaseRecvBufLock(ss); if (gatherResult > 0) { rv = SECSuccess; - } - else if (gatherResult == 0) { + } else if (gatherResult == 0) { PORT_SetError(PR_END_OF_FILE_ERROR); - } - else if (gatherResult == SECWouldBlock) { + } else if (gatherResult == SECWouldBlock) { PORT_SetError(PR_WOULD_BLOCK_ERROR); } - } - else if (!ss->firstHsDone) { + } else if (!ss->firstHsDone) { rv = ssl_Do1stHandshake(ss); - } - else { + } else { /* tried to force handshake on an SSL 2 socket that has ** already completed the handshake. */ rv = SECSuccess; /* just pretend we did it. */ @@ -512,8 +506,7 @@ sslBuffer_Grow(sslBuffer *b, unsigned int newLen) unsigned char *newBuf; if (b->buf) { newBuf = (unsigned char *)PORT_Realloc(b->buf, newLen); - } - else { + } else { newBuf = (unsigned char *)PORT_Alloc(newLen); } if (!newBuf) { @@ -622,8 +615,7 @@ DoRecv(sslSocket *ss, unsigned char *out, int len, int flags) if (ss->version >= SSL_LIBRARY_VERSION_3_0) { /* Wait for application data to arrive. */ rv = ssl3_GatherAppDataRecord(ss, 0); - } - else { + } else { /* See if we have a complete record */ rv = ssl2_GatherRecord(ss, 0); } @@ -644,8 +636,7 @@ DoRecv(sslSocket *ss, unsigned char *out, int len, int flags) ** Gather record is blocked waiting for more record data to ** arrive. Try to process what we have already received */ - } - else { + } else { /* Gather record has finished getting a complete record */ } @@ -995,8 +986,7 @@ ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os) ss->sec.hashcx = os->sec.hash->clone(os->sec.hashcx); if (os->sec.hashcx && !ss->sec.hashcx) goto loser; - } - else { + } else { ss->sec.hash = NULL; ss->sec.hashcx = NULL; } @@ -1046,8 +1036,7 @@ ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset) (*sec->destroy)(sec->writecx, PR_TRUE); sec->readcx = NULL; sec->writecx = NULL; - } - else { + } else { PORT_Assert(sec->readcx == 0); PORT_Assert(sec->writecx == 0); } @@ -1104,8 +1093,7 @@ ssl_SecureConnect(sslSocket *ss, const PRNetAddr *sa) if (ss->opt.handshakeAsServer) { ss->securityHandshake = ssl2_BeginServerHandshake; ss->handshaking = sslHandshakingAsServer; - } - else { + } else { ss->securityHandshake = ssl2_BeginClientHandshake; ss->handshaking = sslHandshakingAsClient; } @@ -1114,8 +1102,7 @@ ssl_SecureConnect(sslSocket *ss, const PRNetAddr *sa) rv = osfd->methods->connect(osfd, sa, ss->cTimeout); if (rv == PR_SUCCESS) { ss->TCPconnected = 1; - } - else { + } else { int err = PR_GetError(); SSL_DBG(("%d: SSL[%d]: connect failed, errno=%d", SSL_GETPID(), ss->fd, err)); @@ -1357,8 +1344,7 @@ done: if (rv < 0) { SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count, error %d", SSL_GETPID(), ss->fd, rv, PORT_GetError())); - } - else { + } else { SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count", SSL_GETPID(), ss->fd, rv)); } @@ -1519,8 +1505,7 @@ SSL_GetSessionID(PRFileDesc *fd) item->len = SSL2_SESSIONID_BYTES; item->data = (unsigned char *)PORT_Alloc(item->len); PORT_Memcpy(item->data, sid->u.ssl2.sessionID, item->len); - } - else { + } else { item->len = sid->u.ssl3.sessionIDLength; item->data = (unsigned char *)PORT_Alloc(item->len); PORT_Memcpy(item->data, sid->u.ssl3.sessionID, item->len); @@ -1591,12 +1576,10 @@ SSL_AuthCertificateComplete(PRFileDesc *fd, PRErrorCode error) if (!ss->ssl3.initialized) { PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; - } - else if (ss->version < SSL_LIBRARY_VERSION_3_0) { + } else if (ss->version < SSL_LIBRARY_VERSION_3_0) { PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2); rv = SECFailure; - } - else { + } else { rv = ssl3_AuthCertificateComplete(ss, error); } diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c index 4f07b995b3f4..da1f93fb127e 100644 --- a/security/nss/lib/ssl/sslsnce.c +++ b/security/nss/lib/ssl/sslsnce.c @@ -491,8 +491,7 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from) to->creationTime, to->addr.pr_s6_addr32[0], to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2], to->addr.pr_s6_addr32[3], to->u.ssl2.cipherType)); - } - else { + } else { /* This is an SSL v3 session */ to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite; @@ -566,8 +565,7 @@ ConvertToSID(sidCacheEntry *from, to->addr.pr_s6_addr32[0], to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2], to->addr.pr_s6_addr32[3], to->u.ssl2.cipherType)); - } - else { + } else { /* This is an SSL v3 session */ to->u.ssl3.sessionIDLength = from->sessionIDLength; @@ -643,8 +641,7 @@ loser: PORT_Free(to->u.ssl2.masterKey.data); if (to->u.ssl2.cipherArg.data) PORT_Free(to->u.ssl2.cipherArg.data); - } - else { + } else { SECITEM_FreeItem(&to->u.ssl3.srvName, PR_FALSE); } PORT_Free(to); @@ -770,8 +767,7 @@ ServerSessionIDLookup(const PRIPv6Addr *addr, !PORT_Memcmp(pcce->sessionID, psce->sessionID, pcce->sessionIDLength)) { cce = *pcce; - } - else { + } else { /* The cert doesen't match the SID cache entry, ** so invalidate the SID cache entry. */ @@ -780,8 +776,7 @@ ServerSessionIDLookup(const PRIPv6Addr *addr, pcce = 0; } UnlockSidCacheLock(cache->certCacheLock); - } - else { + } else { /* what the ??. Didn't get the cert cache lock. ** Don't invalidate the SID cache entry, but don't find it. */ @@ -799,8 +794,7 @@ ServerSessionIDLookup(const PRIPv6Addr *addr, if (!PORT_Memcmp(psnce->nameHash, psce->u.ssl3.srvNameHash, SHA256_LENGTH)) { snce = *psnce; - } - else { + } else { /* The name doesen't match the SID cache entry, ** so invalidate the SID cache entry. */ @@ -809,8 +803,7 @@ ServerSessionIDLookup(const PRIPv6Addr *addr, psnce = 0; } UnlockSidCacheLock(cache->srvNameCacheLock); - } - else { + } else { /* what the ??. Didn't get the cert cache lock. ** Don't invalidate the SID cache entry, but don't find it. */ @@ -874,8 +867,7 @@ ServerSessionIDCache(sslSessionID *sid) sid->u.ssl2.masterKey.len)); PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data, sid->u.ssl2.cipherArg.len)); - } - else { + } else { /* override caller's expiration time, which uses client timeout * duration, not server timeout duration. */ @@ -957,8 +949,7 @@ ServerSessionIDUncache(sslSessionID *sid) sid->u.ssl2.masterKey.len)); PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data, sid->u.ssl2.cipherArg.len)); - } - else { + } else { sessionID = sid->u.ssl3.sessionID; sessionIDLength = sid->u.ssl3.sessionIDLength; SSL_TRC(8, ("%d: SSL3: UncacheMT: valid=%d addr=0x%08x%08x%08x%08x time=%x " @@ -1017,8 +1008,7 @@ CloseCache(cacheDesc *cache) } if (cache->shared) { PR_MemUnmap(cache->cacheMem, cache->cacheMemSize); - } - else { + } else { PORT_Free(cache->cacheMem); } cache->cacheMem = NULL; @@ -1162,8 +1152,7 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, ssl2_timeout = MIN_SSL2_TIMEOUT; } cache->ssl2Timeout = ssl2_timeout; - } - else { + } else { cache->ssl2Timeout = DEF_SSL2_TIMEOUT; } @@ -1175,8 +1164,7 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, ssl3_timeout = MIN_SSL3_TIMEOUT; } cache->ssl3Timeout = ssl3_timeout; - } - else { + } else { cache->ssl3Timeout = DEF_SSL3_TIMEOUT; } @@ -1211,8 +1199,7 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, } cacheMem = PR_MemMap(cacheMemMap, 0, cache->cacheMemSize); - } - else { + } else { cacheMem = PORT_Alloc(cache->cacheMemSize); } @@ -1475,8 +1462,7 @@ SSL_ConfigServerSessionIDCacheWithOpt( return ssl_ConfigServerSessionIDCacheInstanceWithOpt(&globalCache, ssl2_timeout, ssl3_timeout, directory, PR_FALSE, maxCacheEntries, maxCertCacheEntries, maxSrvNameCacheEntries); - } - else { + } else { return ssl_ConfigMPServerSIDCacheWithOpt(ssl2_timeout, ssl3_timeout, directory, maxCacheEntries, maxCertCacheEntries, maxSrvNameCacheEntries); @@ -1822,8 +1808,7 @@ ssl_GetWrappingKey(PRInt32 symWrapMechIndex, (unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS) { rv = getSvrWrappingKey(symWrapMechIndex, exchKeyType, wswk, &globalCache, 0); - } - else { + } else { rv = PR_FALSE; } @@ -1868,8 +1853,7 @@ GenerateTicketKeys(void *pwArg, unsigned char *keyName, PK11SymKey **aesKey, if (!cache->cacheMem) { /* cache is not initalized. Use stack buffer */ ticketKeyNameSuffix = ticketKeyNameSuffixLocal; - } - else { + } else { ticketKeyNameSuffix = cache->ticketKeyNameSuffix; } @@ -2042,8 +2026,7 @@ ssl_GetSessionTicketKeys(unsigned char *keyName, unsigned char *encKey, ticketKeyNameSuffix = ticketKeyNameSuffixLocal; ticketEncKeyPtr = ticketEncKey; ticketMacKeyPtr = ticketMacKey; - } - else { + } else { /* these values have constant memory locations in the cache. * Ok to reference them without holding the lock. */ ticketKeyNameSuffix = cache->ticketKeyNameSuffix; @@ -2134,8 +2117,7 @@ ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk) if (rv) { /* we found it on disk, copy it out to the caller. */ PORT_Memcpy(wswk, &myWswk, sizeof *wswk); - } - else { + } else { /* Wasn't on disk, and we're still holding the lock, so write it. */ cache->keyCacheData[ndx] = *wswk; } diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index 7bd6530dedc4..cc15406fa7f3 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -252,8 +252,7 @@ ssl_DupSocket(sslSocket *os) } PORT_Memcpy(ss->ssl3.dheGroups, os->ssl3.dheGroups, sizeof(SSLDHEGroupType) * os->ssl3.numDHEGroups); - } - else { + } else { ss->ssl3.dheGroups = NULL; } @@ -264,8 +263,7 @@ ssl_DupSocket(sslSocket *os) os->sizeCipherSpecs); ss->sizeCipherSpecs = os->sizeCipherSpecs; ss->preferredCipher = os->preferredCipher; - } - else { + } else { ss->cipherSpecs = NULL; /* produced lazily */ ss->sizeCipherSpecs = 0; ss->preferredCipher = NULL; @@ -284,26 +282,20 @@ ssl_DupSocket(sslSocket *os) sc->serverCertChain = CERT_DupCertList(oc->serverCertChain); if (!sc->serverCertChain) goto loser; - } - else { + } else { sc->serverCert = NULL; sc->serverCertChain = NULL; } - sc->serverKeyPair = oc->serverKeyPair ? - ssl3_GetKeyPairRef(oc->serverKeyPair) + sc->serverKeyPair = oc->serverKeyPair ? ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL; if (oc->serverKeyPair && !sc->serverKeyPair) goto loser; sc->serverKeyBits = oc->serverKeyBits; - ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL : - SECITEM_DupArray(NULL, os->certStatusArray[i]); + ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL : SECITEM_DupArray(NULL, os->certStatusArray[i]); } - ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : - ssl3_GetKeyPairRef(os->stepDownKeyPair); - ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : - ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair); - ss->dheKeyPair = !os->dheKeyPair ? NULL : - ssl3_GetKeyPairRef(os->dheKeyPair); + ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : ssl3_GetKeyPairRef(os->stepDownKeyPair); + ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair); + ss->dheKeyPair = !os->dheKeyPair ? NULL : ssl3_GetKeyPairRef(os->dheKeyPair); ss->dheParams = os->dheParams; /* @@ -487,8 +479,7 @@ ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled) if (osfd->methods->setsocketoption) { rv = (SECStatus)osfd->methods->setsocketoption(osfd, &opt); - } - else { + } else { PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0); } @@ -578,13 +569,11 @@ ssl_EnableTLS(SSLVersionRange *vrange, PRBool on) /* Expand the range of enabled version to include TLS 1.0 */ vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0); - } - else { + } else { /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */ if (vrange->min == SSL_LIBRARY_VERSION_3_0) { vrange->max = SSL_LIBRARY_VERSION_3_0; - } - else { + } else { /* Only TLS was enabled, so now no versions are. */ vrange->min = SSL_LIBRARY_VERSION_NONE; vrange->max = SSL_LIBRARY_VERSION_NONE; @@ -619,13 +608,11 @@ ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on) * we don't need to change vrange->max. */ vrange->min = SSL_LIBRARY_VERSION_3_0; - } - else { + } else { /* Disable SSL 3.0, leaving TLS unaffected. */ if (vrange->max > SSL_LIBRARY_VERSION_3_0) { vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); - } - else { + } else { /* Only SSL 3.0 was enabled, so now no versions are. */ vrange->min = SSL_LIBRARY_VERSION_NONE; vrange->max = SSL_LIBRARY_VERSION_NONE; @@ -791,8 +778,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) if (ss->handshakeBegun) { PORT_SetError(PR_INVALID_STATE_ERROR); rv = SECFailure; - } - else { + } else { if (PR_FALSE != on) { if (PR_SUCCESS == SSL_BypassSetup()) { #ifdef NO_PKCS11_BYPASS @@ -800,12 +786,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) #else ss->opt.bypassPKCS11 = on; #endif - } - else { + } else { rv = SECFailure; } - } - else { + } else { ss->opt.bypassPKCS11 = PR_FALSE; } } @@ -822,8 +806,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) if (on) { locksEverDisabled = PR_TRUE; strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED."); - } - else if (!holdingLocks) { + } else if (!holdingLocks) { rv = ssl_MakeLocks(ss); if (rv != SECSuccess) { ss->opt.noLocks = PR_TRUE; @@ -1257,12 +1240,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) #else ssl_defaults.bypassPKCS11 = on; #endif - } - else { + } else { return SECFailure; } - } - else { + } else { ssl_defaults.bypassPKCS11 = PR_FALSE; } break; @@ -1384,11 +1365,9 @@ ssl_CipherPolicySet(PRInt32 which, PRInt32 policy) if (ssl_IsRemovedCipherSuite(which)) { rv = SECSuccess; - } - else if (SSL_IS_SSL2_CIPHER(which)) { + } else if (SSL_IS_SSL2_CIPHER(which)) { rv = ssl2_SetPolicy(which, policy); - } - else { + } else { rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy); } return rv; @@ -1416,11 +1395,9 @@ SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy) if (ssl_IsRemovedCipherSuite(which)) { *oPolicy = SSL_NOT_ALLOWED; rv = SECSuccess; - } - else if (SSL_IS_SSL2_CIPHER(which)) { + } else if (SSL_IS_SSL2_CIPHER(which)) { rv = ssl2_GetPolicy(which, oPolicy); - } - else { + } else { rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy); } return rv; @@ -1459,8 +1436,7 @@ ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled) } if (SSL_IS_SSL2_CIPHER(which)) { rv = ssl2_CipherPrefSetDefault(which, enabled); - } - else { + } else { rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled); } return rv; @@ -1489,11 +1465,9 @@ SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled) if (ssl_IsRemovedCipherSuite(which)) { *enabled = PR_FALSE; rv = SECSuccess; - } - else if (SSL_IS_SSL2_CIPHER(which)) { + } else if (SSL_IS_SSL2_CIPHER(which)) { rv = ssl2_CipherPrefGetDefault(which, enabled); - } - else { + } else { rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled); } return rv; @@ -1517,8 +1491,7 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled) } if (SSL_IS_SSL2_CIPHER(which)) { rv = ssl2_CipherPrefSet(ss, which, enabled); - } - else { + } else { rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled); } return rv; @@ -1542,11 +1515,9 @@ SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled) if (ssl_IsRemovedCipherSuite(which)) { *enabled = PR_FALSE; rv = SECSuccess; - } - else if (SSL_IS_SSL2_CIPHER(which)) { + } else if (SSL_IS_SSL2_CIPHER(which)) { rv = ssl2_CipherPrefGet(ss, which, enabled); - } - else { + } else { rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); } return rv; @@ -1763,13 +1734,11 @@ ssl3_SelectDHParams(sslSocket *ss) if (ss->ssl3.dheWeakGroupEnabled) { ss->dheParams = gWeakDHParams; - } - else { + } else { if (ss->ssl3.dheGroups) { selectedGroup = selectDHEGroup(ss, ss->ssl3.dheGroups, ss->ssl3.numDHEGroups); - } - else { + } else { size_t number_of_default_groups = PR_ARRAY_SIZE(ssl_default_dhe_groups); selectedGroup = selectDHEGroup(ss, ssl_default_dhe_groups, number_of_default_groups); @@ -1802,8 +1771,7 @@ ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant) if (model == NULL) { /* Just create a default socket if we're given NULL for the model */ ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant); - } - else { + } else { sslSocket *ss = ssl_FindSocket(model); if (ss == NULL || ss->protocolVariant != variant) { SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD", @@ -1976,8 +1944,7 @@ SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf, } PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len); *bufLen = ss->ssl3.nextProto.len; - } - else { + } else { *bufLen = 0; } @@ -2017,8 +1984,7 @@ SSL_SetSRTPCiphers(PRFileDesc *fd, if (*srtpCipher) { ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] = ciphers[i]; - } - else { + } else { SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher " "suite specified: 0x%04hx", SSL_GETPID(), fd, @@ -2244,8 +2210,7 @@ ssl3_ConstrainVariantRangeByPolicy(SSLProtocolVariant protocolVariant) vrange.max = PR_MIN(vrange.max, pvrange.max); if (vrange.max >= vrange.min) { *VERSIONS_DEFAULTS(protocolVariant) = vrange; - } - else { + } else { /* there was no overlap, turn off range altogether */ pvrange.min = pvrange.max = SSL_LIBRARY_VERSION_NONE; *VERSIONS_DEFAULTS(protocolVariant) = pvrange; @@ -2551,8 +2516,7 @@ ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout) if (newfd == NULL) { SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d", SSL_GETPID(), ss->fd, PORT_GetError())); - } - else { + } else { /* Create ssl module */ ns = ssl_DupSocket(ss); } @@ -2577,8 +2541,7 @@ ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout) if (ns->opt.handshakeAsClient) { ns->handshake = ssl2_BeginClientHandshake; ss->handshaking = sslHandshakingAsClient; - } - else { + } else { ns->handshake = ssl2_BeginServerHandshake; ss->handshaking = sslHandshakingAsServer; } @@ -2611,7 +2574,7 @@ ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout) SSL_LOCK_WRITER(ss); ss->cTimeout = timeout; - rv = (PRStatus) (*ss->ops->connect)(ss, sockaddr); + rv = (PRStatus)(*ss->ops->connect)(ss, sockaddr); SSL_UNLOCK_WRITER(ss); SSL_UNLOCK_READER(ss); @@ -2632,7 +2595,7 @@ ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr) SSL_LOCK_READER(ss); SSL_LOCK_WRITER(ss); - rv = (PRStatus) (*ss->ops->bind)(ss, addr); + rv = (PRStatus)(*ss->ops->bind)(ss, addr); SSL_UNLOCK_WRITER(ss); SSL_UNLOCK_READER(ss); @@ -2652,7 +2615,7 @@ ssl_Listen(PRFileDesc *fd, PRIntn backlog) SSL_LOCK_READER(ss); SSL_LOCK_WRITER(ss); - rv = (PRStatus) (*ss->ops->listen)(ss, backlog); + rv = (PRStatus)(*ss->ops->listen)(ss, backlog); SSL_UNLOCK_WRITER(ss); SSL_UNLOCK_READER(ss); @@ -2676,7 +2639,7 @@ ssl_Shutdown(PRFileDesc *fd, PRIntn how) SSL_LOCK_WRITER(ss); } - rv = (PRStatus) (*ss->ops->shutdown)(ss, how); + rv = (PRStatus)(*ss->ops->shutdown)(ss, how); if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) { SSL_UNLOCK_WRITER(ss); @@ -2709,7 +2672,7 @@ ssl_Close(PRFileDesc *fd) ** where the LOCK calls and the corresponding UNLOCK calls are not in ** the same function scope. The unlock calls are in ssl_FreeSocket(). */ - rv = (PRStatus) (*ss->ops->close)(ss); + rv = (PRStatus)(*ss->ops->close)(ss); return rv; } @@ -2806,7 +2769,7 @@ ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr) SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd)); return PR_FAILURE; } - return (PRStatus) (*ss->ops->getpeername)(ss, addr); + return (PRStatus)(*ss->ops->getpeername)(ss, addr); } /* @@ -2829,12 +2792,10 @@ ssl_GetPeerInfo(sslSocket *ss) if (sin.inet.family == PR_AF_INET) { PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer); ss->sec.ci.port = sin.inet.port; - } - else if (sin.ipv6.family == PR_AF_INET6) { + } else if (sin.ipv6.family == PR_AF_INET6) { ss->sec.ci.peer = sin.ipv6.ip; ss->sec.ci.port = sin.ipv6.port; - } - else { + } else { PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR); return SECFailure; } @@ -2851,7 +2812,7 @@ ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name) SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd)); return PR_FAILURE; } - return (PRStatus) (*ss->ops->getsockname)(ss, name); + return (PRStatus)(*ss->ops->getsockname)(ss, name); } SECStatus @@ -2969,12 +2930,10 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags) new_flags &= ~PR_POLL_RW; if (ss->handshaking == sslHandshakingAsClient) { new_flags |= PR_POLL_WRITE; - } - else { /* handshaking as server */ + } else { /* handshaking as server */ new_flags |= PR_POLL_READ; } - } - else + } else /* First handshake is in progress */ if (ss->lastWriteBlocked) { if (new_flags & PR_POLL_READ) { @@ -2986,8 +2945,7 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags) new_flags ^= PR_POLL_READ; /* don't select on read. */ new_flags |= PR_POLL_WRITE; /* do select on write. */ } - } - else if (new_flags & PR_POLL_WRITE) { + } else if (new_flags & PR_POLL_WRITE) { /* The caller is trying to write, but the handshake is ** blocked waiting for data to read, and the first ** handshake has been sent. So do NOT to poll on write @@ -3000,14 +2958,12 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags) new_flags |= PR_POLL_READ; /* do select on read. */ } } - } - else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) { + } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) { *p_out_flags = PR_POLL_READ; /* it's ready already. */ return new_flags; - } - else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) && - (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */ - new_flags |= PR_POLL_WRITE; /* also select on write. */ + } else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) && + (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */ + new_flags |= PR_POLL_WRITE; /* also select on write. */ } if (ss->version >= SSL_LIBRARY_VERSION_3_0 && @@ -3024,8 +2980,7 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags) * of the application spinning. */ new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT); - } - else { + } else { /* Unfortunately, clearing new_flags will make it impossible for * the application to detect errors that it would otherwise be * able to detect with PR_POLL_EXCEPT, until the asynchronous @@ -3052,8 +3007,7 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags) out_flags |= PR_POLL_READ; *p_out_flags = out_flags; new_flags = how_flags; - } - else { + } else { *p_out_flags = lower_out_flags; new_flags = lower_new_flags; } @@ -3153,8 +3107,7 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, (PR_GetError() == PR_WOULD_BLOCK_ERROR) && \ (sent > 0)) { \ return sent; \ - } \ - else { \ + } else { \ return -1; \ } \ } \ @@ -3209,15 +3162,12 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, if (!vectors || myIov.iov_len > limit) { addLen = 0; - } - else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) { + } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) { /* Addlen is already computed. */; - } - else if (vectors > 1 && - iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) { + } else if (vectors > 1 && + iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) { addLen = limit - myIov.iov_len; - } - else + } else addLen = 0; if (!addLen) { @@ -3237,17 +3187,14 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, left = PR_MIN(limit, K16 - bufLen); if (!vectors /* no more left */ || myIov.iov_len > 0 /* we didn't use that one all up */ - || bufLen >= K16 /* it's full. */ ) { + || bufLen >= K16 /* it's full. */) { addLen = 0; - } - else if ((addLen = iov->iov_len % K16) <= left) { + } else if ((addLen = iov->iov_len % K16) <= left) { /* Addlen is already computed. */; - } - else if (vectors > 1 && - iov[1].iov_len % K16 + addLen <= left + limit) { + } else if (vectors > 1 && + iov[1].iov_len % K16 + addLen <= left + limit) { addLen = left; - } - else + } else addLen = 0; } while (addLen); @@ -3552,8 +3499,7 @@ ssl_SetDefaultsFromEnvironment(void) ssl_keylog_iob = fopen(ev, "a"); if (!ssl_keylog_iob) { SSL_TRACE(("SSL: failed to open key log file")); - } - else { + } else { if (ftell(ssl_keylog_iob) == 0) { fputs("# SSL/TLS secrets log file, generated by NSS\n", ssl_keylog_iob); diff --git a/security/nss/lib/ssl/ssltrace.c b/security/nss/lib/ssl/ssltrace.c index eb00e54ce1eb..6be9a6da350c 100644 --- a/security/nss/lib/ssl/ssltrace.c +++ b/security/nss/lib/ssl/ssltrace.c @@ -44,8 +44,7 @@ ssl_PrintBuf(sslSocket *ss, const char *msg, const void *vp, int len) if (ss) { SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", SSL_GETPID(), ss->fd, msg, len)); - } - else { + } else { SSL_TRACE(("%d: SSL: %s [Len: %d]", SSL_GETPID(), msg, len)); } memset(buf, ' ', sizeof buf); @@ -78,8 +77,7 @@ PrintType(sslSocket *ss, char *msg) { if (ss) { SSL_TRACE(("%d: SSL[%d]: dump-msg: %s", SSL_GETPID(), ss->fd, msg)); - } - else { + } else { SSL_TRACE(("%d: SSL: dump-msg: %s", SSL_GETPID(), msg)); } } @@ -89,8 +87,7 @@ PrintInt(sslSocket *ss, char *msg, unsigned v) { if (ss) { SSL_TRACE(("%d: SSL[%d]: %s=%u", SSL_GETPID(), ss->fd, msg, v)); - } - else { + } else { SSL_TRACE(("%d: SSL: %s=%u", SSL_GETPID(), msg, v)); } } @@ -108,8 +105,7 @@ PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len) if (ss) { SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", SSL_GETPID(), ss->fd, msg, len)); - } - else { + } else { SSL_TRACE(("%d: SSL: %s [Len: %d]", SSL_GETPID(), msg, len)); } @@ -124,8 +120,7 @@ PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len) if (ss) { SSL_TRACE(("%d: SSL[%d]: %s", SSL_GETPID(), ss->fd, buf)); - } - else { + } else { SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf)); } bp = buf; @@ -136,8 +131,7 @@ PrintBuf(sslSocket *ss, char *msg, unsigned char *cp, int len) if (ss) { SSL_TRACE(("%d: SSL[%d]: %s", SSL_GETPID(), ss->fd, buf)); - } - else { + } else { SSL_TRACE(("%d: SSL: %s", SSL_GETPID(), buf)); } } diff --git a/security/nss/lib/ssl/tls13con.c b/security/nss/lib/ssl/tls13con.c index 41b65a4638da..4bb136a5eefb 100644 --- a/security/nss/lib/ssl/tls13con.c +++ b/security/nss/lib/ssl/tls13con.c @@ -645,8 +645,7 @@ tls13_SendServerHelloSequence(sslSocket *ss) if ((ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) || (ss->ssl3.hs.kea_def->kea == kea_dhe_rsa)) { certIndex = kt_rsa; - } - else { + } else { certIndex = ss->ssl3.hs.kea_def->exchKeyType; } rv = ssl3_SendCertificateVerify(ss, ss->serverCerts[certIndex].SERVERKEY); @@ -748,8 +747,7 @@ tls13_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (ss->sec.isServer) { rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERTIFICATE, wait_client_cert); - } - else { + } else { rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERTIFICATE, wait_cert_request, wait_server_cert); } @@ -767,8 +765,7 @@ tls13_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length) illegal_parameter); return SECFailure; } - } - else { + } else { if (!context.len || context.len != ss->ssl3.hs.certReqContextLen || (NSS_SecureMemcmp(ss->ssl3.hs.certReqContext, context.data, context.len) != 0)) { @@ -1074,8 +1071,7 @@ tls13_InitCipherSpec(sslSocket *ss, TrafficKeyType type, InstallCipherSpecDirect /* Generic behaviors -- common to all crypto methods */ if (!IS_DTLS(ss)) { pwSpec->read_seq_num.high = pwSpec->write_seq_num.high = 0; - } - else { + } else { if (cwSpec->epoch == PR_UINT16_MAX) { /* The problem here is that we have rehandshaked too many * times (you are not allowed to wrap the epoch). The @@ -1231,7 +1227,7 @@ void tls13_DestroyKeyShareEntry(TLS13KeyShareEntry *offer) { SECITEM_ZfreeItem(&offer->key_exchange, PR_FALSE); - PORT_ZFree(offer, sizeof(offer)); + PORT_ZFree(offer, sizeof(*offer)); } void @@ -1310,8 +1306,7 @@ tls13_AESGCM(ssl3KeyMaterial *keys, if (doDecrypt) { rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, maxout, in, inlen); - } - else { + } else { rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, maxout, in, inlen); } @@ -1599,7 +1594,7 @@ tls13_SendFinished(sslSocket *ss) /* TODO(ekr@rtfm.com): Record key log */ return SECSuccess; - alert_loser: +alert_loser: (void)SSL3_SendAlert(ss, alert_fatal, internal_error); PORT_SetError(errCode); /* Restore error code */ return rv; @@ -1660,8 +1655,7 @@ tls13_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, } rv = tls13_FinishHandshake(ss); - } - else { + } else { if (ss->ssl3.hs.authCertificatePending) { /* TODO(ekr@rtfm.com): Handle pending auth */ FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error); @@ -1739,8 +1733,7 @@ tls13_SendClientSecondRound(sslSocket *ss) if (rv != SECSuccess) { goto loser; /* error code is set. */ } - } - else if (sendClientCert) { + } else if (sendClientCert) { rv = ssl3_SendCertificate(ss); if (rv != SECSuccess) { goto loser; /* error code is set. */ @@ -1933,8 +1926,7 @@ tls13_ProtectRecord(sslSocket *ss, if (cipher_def->calg == ssl_calg_null) { /* Shortcut for plaintext */ cipherBytes = contentLen; - } - else { + } else { unsigned char aad[8]; PORT_Assert(cipher_def->type == type_aead); @@ -1972,8 +1964,7 @@ tls13_ProtectRecord(sslSocket *ss, (void)tls13_EncodeUintX(cwSpec->write_seq_num.high, 4, &wrBuf->buf[3]); (void)tls13_EncodeUintX(cwSpec->write_seq_num.low, 4, &wrBuf->buf[7]); (void)tls13_EncodeUintX(cipherBytes, 2, &wrBuf->buf[11]); - } - else { + } else { (void)tls13_EncodeUintX(kRecordVersion, 2, &wrBuf->buf[1]); (void)tls13_EncodeUintX(cipherBytes, 2, &wrBuf->buf[3]); } @@ -2029,10 +2020,8 @@ tls13_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext /* Decrypt */ PORT_Assert(cipher_def->type == type_aead); tls13_FormatAdditionalData(aad, sizeof(aad), - IS_DTLS(ss) ? - cText->seq_num - : - crSpec->read_seq_num); + IS_DTLS(ss) ? cText->seq_num + : crSpec->read_seq_num); rv = crSpec->aead( ss->sec.isServer ? &crSpec->client : &crSpec->server, PR_TRUE, /* do decrypt */ diff --git a/security/nss/lib/ssl/tls13hkdf.c b/security/nss/lib/ssl/tls13hkdf.c index 637970b14226..3dc2d1bf8d05 100644 --- a/security/nss/lib/ssl/tls13hkdf.c +++ b/security/nss/lib/ssl/tls13hkdf.c @@ -60,8 +60,7 @@ tls13_HkdfExtract(PK11SymKey *ikm1, PK11SymKey *ikm2, SSLHashType baseHash, params.pSalt = salt->data; params.ulSaltLen = salt->len; PORT_Assert(salt->len > 0); - } - else { + } else { /* Per documentation for CKM_NSS_HKDF_*: * * If the optional salt is given, it is used; otherwise, the salt is @@ -104,8 +103,7 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash, if (handshakeHash) { PORT_Assert(handshakeHashLen == kTlsHkdfInfo[baseHash].hashSize); - } - else { + } else { PORT_Assert(!handshakeHashLen); } @@ -185,6 +183,10 @@ tls13_HkdfExpandLabelRaw(PK11SymKey *prk, SSLHashType baseHash, label, labelLen, kTlsHkdfInfo[baseHash].pkcs11Mech, outputLen, &derived); + if (rv != SECSuccess || !derived) { + goto abort; + } + rv = PK11_ExtractKeyValue(derived); if (rv != SECSuccess) { goto abort;