in c/src/tls/openssl.c [259:375]
bool pni_tls_validate(pn_tls_t *tls) {
// encrypt input buffers: empty + 2 ordered sublists
tls->validate_error = "encrypt empty list";
size_t e_empty_count = 0;
for (buff_ptr i = tls->encrypt_first_empty; i; i = tls->encrypt_buffers[i-1].next) {
if (tls->encrypt_buffers[i-1].type != buff_empty) return false;
e_empty_count++;
}
if (e_empty_count != tls->encrypt_buffer_empty_count) return false;
tls->validate_error = "encrypt pending list";
size_t e_pending_count = 0;
for (buff_ptr i = tls->encrypt_first_pending; i; i = tls->encrypt_buffers[i-1].next) {
if (tls->encrypt_buffers[i-1].type != buff_encrypt_pending) return false;
e_pending_count++;
}
tls->validate_error = "encrypt done list";
size_t e_done_count = 0;
for (buff_ptr i = tls->encrypt_first_done; i; i = tls->encrypt_buffers[i-1].next) {
if (tls->encrypt_buffers[i-1].type != buff_encrypt_done) return false;
e_done_count++;
}
tls->validate_error = "encrypt pointers and counts";
if (e_empty_count+e_pending_count+e_done_count != tls->encrypt_buffer_count) return false;
if (!tls->encrypt_first_pending && tls->encrypt_last_pending) return false;
if (tls->encrypt_last_pending &&
(tls->encrypt_buffers[tls->encrypt_last_pending-1].type != buff_encrypt_pending || tls->encrypt_buffers[tls->encrypt_last_pending-1].next != 0)) return false;
if (!tls->encrypt_first_done && tls->encrypt_last_done) return false;
if (tls->encrypt_last_done &&
(tls->encrypt_buffers[tls->encrypt_last_done-1].type != buff_encrypt_done || tls->encrypt_buffers[tls->encrypt_last_done-1].next != 0)) return false;
// decrypt input buffers: empty + 2 ordered sublists
tls->validate_error = "decrypt empty list";
size_t d_empty_count = 0;
for (buff_ptr i = tls->decrypt_first_empty; i; i = tls->decrypt_buffers[i-1].next) {
if (tls->decrypt_buffers[i-1].type != buff_empty) return false;
d_empty_count++;
}
if (d_empty_count != tls->decrypt_buffer_empty_count) return false;
tls->validate_error = "decrypt pending list";
size_t d_pending_count = 0;
for (buff_ptr i = tls->decrypt_first_pending; i; i = tls->decrypt_buffers[i-1].next) {
if (tls->decrypt_buffers[i-1].type != buff_decrypt_pending) return false;
d_pending_count++;
}
tls->validate_error = "decrypt done list";
size_t d_done_count = 0;
for (buff_ptr i = tls->decrypt_first_done; i; i = tls->decrypt_buffers[i-1].next) {
if (tls->decrypt_buffers[i-1].type != buff_decrypt_done) return false;
d_done_count++;
}
tls->validate_error = "decrypt pointers and counts";
if (d_empty_count+d_pending_count+d_done_count != tls->decrypt_buffer_count) return false;
if (!tls->decrypt_first_pending && tls->decrypt_last_pending) return false;
if (tls->decrypt_last_pending &&
(tls->decrypt_buffers[tls->decrypt_last_pending-1].type != buff_decrypt_pending || tls->decrypt_buffers[tls->decrypt_last_pending-1].next != 0)) return false;
if (!tls->decrypt_first_done && tls->decrypt_last_done) return false;
if (tls->decrypt_last_done &&
(tls->decrypt_buffers[tls->decrypt_last_done-1].type != buff_decrypt_done || tls->decrypt_buffers[tls->decrypt_last_done-1].next != 0)) return false;
// encrypt result buffers: empty + unordered blank + ordered "encrypted"
tls->validate_error = "eresult empty list";
size_t e_r_empty_count = 0;
for (buff_ptr i = tls->eresult_first_empty; i; i = tls->eresult_buffers[i-1].next) {
if (tls->eresult_buffers[i-1].type != buff_empty) return false;
e_r_empty_count++;
}
if (e_r_empty_count != tls->eresult_empty_count) return false;
tls->validate_error = "eresult blank list";
size_t e_blank_count = 0;
for (buff_ptr i = tls->eresult_first_blank; i; i = tls->eresult_buffers[i-1].next) {
if (tls->eresult_buffers[i-1].type != buff_eresult_blank) return false;
e_blank_count++;
}
tls->validate_error = "eresult encrypted list";
size_t e_encrypted_count = 0;
for (buff_ptr i = tls->eresult_first_encrypted; i; i = tls->eresult_buffers[i-1].next) {
if (tls->eresult_buffers[i-1].type != buff_eresult_encrypted) return false;
e_encrypted_count++;
}
if (e_encrypted_count != tls->eresult_encrypted_count) return false;
tls->validate_error = "encrypt pointers and counts";
if (e_r_empty_count+e_blank_count+e_encrypted_count != tls->eresult_buffer_count) return false;
if (!tls->eresult_first_encrypted && tls->eresult_last_encrypted) return false;
if (tls->eresult_last_encrypted &&
(tls->eresult_buffers[tls->eresult_last_encrypted-1].type != buff_eresult_encrypted || tls->eresult_buffers[tls->eresult_last_encrypted-1].next != 0)) return false;
// decrypt result buffers: empty + unordered blank + ordered "decrypted"
tls->validate_error = "dresult empty list";
size_t d_r_empty_count = 0;
for (buff_ptr i = tls->dresult_first_empty; i; i = tls->dresult_buffers[i-1].next) {
if (tls->dresult_buffers[i-1].type != buff_empty) return false;
d_r_empty_count++;
}
if (d_r_empty_count != tls->dresult_empty_count) return false;
tls->validate_error = "dresult blank list";
size_t d_blank_count = 0;
for (buff_ptr i = tls->dresult_first_blank; i; i = tls->dresult_buffers[i-1].next) {
if (tls->dresult_buffers[i-1].type != buff_dresult_blank) return false;
d_blank_count++;
}
tls->validate_error = "dresult decrypted list";
size_t d_decrypted_count = 0;
for (buff_ptr i = tls->dresult_first_decrypted; i; i = tls->dresult_buffers[i-1].next) {
if (tls->dresult_buffers[i-1].type != buff_dresult_decrypted) return false;
d_decrypted_count++;
}
if (d_decrypted_count != tls->dresult_decrypted_count) return false;
tls->validate_error = "decrypt pointers and counts";
if (d_r_empty_count+d_blank_count+d_decrypted_count != tls->dresult_buffer_count) return false;
if (!tls->dresult_first_decrypted && tls->dresult_last_decrypted) return false;
if (tls->dresult_last_decrypted &&
(tls->dresult_buffers[tls->dresult_last_decrypted-1].type != buff_dresult_decrypted || tls->dresult_buffers[tls->dresult_last_decrypted-1].next != 0)) return false;
tls->validate_error = NULL;
return true;
}