diff options
| author | heretic <heretic@yandex-team.ru> | 2022-02-10 16:45:43 +0300 |
|---|---|---|
| committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:45:43 +0300 |
| commit | 397cbe258b9e064f49c4ca575279f02f39fef76e (patch) | |
| tree | a0b0eb3cca6a14e4e8ea715393637672fa651284 /contrib/libs/openssl/ssl/statem/extensions.c | |
| parent | 43f5a35593ebc9f6bcea619bb170394ea7ae468e (diff) | |
| download | ydb-397cbe258b9e064f49c4ca575279f02f39fef76e.tar.gz | |
Restoring authorship annotation for <heretic@yandex-team.ru>. Commit 1 of 2.
Diffstat (limited to 'contrib/libs/openssl/ssl/statem/extensions.c')
| -rw-r--r-- | contrib/libs/openssl/ssl/statem/extensions.c | 98 |
1 files changed, 49 insertions, 49 deletions
diff --git a/contrib/libs/openssl/ssl/statem/extensions.c b/contrib/libs/openssl/ssl/statem/extensions.c index 0f39275baa0..98bbc801936 100644 --- a/contrib/libs/openssl/ssl/statem/extensions.c +++ b/contrib/libs/openssl/ssl/statem/extensions.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,7 @@ static int final_renegotiate(SSL *s, unsigned int context, int sent); static int init_server_name(SSL *s, unsigned int context); static int final_server_name(SSL *s, unsigned int context, int sent); #ifndef OPENSSL_NO_EC -static int init_ec_point_formats(SSL *s, unsigned int context); +static int init_ec_point_formats(SSL *s, unsigned int context); static int final_ec_pt_formats(SSL *s, unsigned int context, int sent); #endif static int init_session_ticket(SSL *s, unsigned int context); @@ -57,7 +57,7 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent); static int final_early_data(SSL *s, unsigned int context, int sent); static int final_maxfragmentlen(SSL *s, unsigned int context, int sent); static int init_post_handshake_auth(SSL *s, unsigned int context); -static int final_psk(SSL *s, unsigned int context, int sent); +static int final_psk(SSL *s, unsigned int context, int sent); /* Structure to define a built-in extension */ typedef struct extensions_definition_st { @@ -160,7 +160,7 @@ static const EXTENSION_DEFINITION ext_defs[] = { TLSEXT_TYPE_ec_point_formats, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY, - init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats, + init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats, tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats, final_ec_pt_formats }, @@ -338,8 +338,8 @@ static const EXTENSION_DEFINITION ext_defs[] = { tls_construct_stoc_key_share, tls_construct_ctos_key_share, final_key_share }, -#else - INVALID_EXTENSION, +#else + INVALID_EXTENSION, #endif { /* Must be after key_share */ @@ -391,7 +391,7 @@ static const EXTENSION_DEFINITION ext_defs[] = { SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk, - tls_construct_ctos_psk, final_psk + tls_construct_ctos_psk, final_psk } }; @@ -970,8 +970,8 @@ static int final_server_name(SSL *s, unsigned int context, int sent) * context, to avoid the confusing situation of having sess_accept_good * exceed sess_accept (zero) for the new context. */ - if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx - && s->hello_retry_request == SSL_HRR_NONE) { + if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx + && s->hello_retry_request == SSL_HRR_NONE) { tsan_counter(&s->ctx->stats.sess_accept); tsan_decr(&s->session_ctx->stats.sess_accept); } @@ -1028,15 +1028,15 @@ static int final_server_name(SSL *s, unsigned int context, int sent) } #ifndef OPENSSL_NO_EC -static int init_ec_point_formats(SSL *s, unsigned int context) -{ - OPENSSL_free(s->ext.peer_ecpointformats); - s->ext.peer_ecpointformats = NULL; - s->ext.peer_ecpointformats_len = 0; - - return 1; -} - +static int init_ec_point_formats(SSL *s, unsigned int context) +{ + OPENSSL_free(s->ext.peer_ecpointformats); + s->ext.peer_ecpointformats = NULL; + s->ext.peer_ecpointformats_len = 0; + + return 1; +} + static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) { unsigned long alg_k, alg_a; @@ -1150,7 +1150,7 @@ static int init_sig_algs(SSL *s, unsigned int context) /* Clear any signature algorithms extension received */ OPENSSL_free(s->s3->tmp.peer_sigalgs); s->s3->tmp.peer_sigalgs = NULL; - s->s3->tmp.peer_sigalgslen = 0; + s->s3->tmp.peer_sigalgslen = 0; return 1; } @@ -1160,7 +1160,7 @@ static int init_sig_algs_cert(SSL *s, unsigned int context) /* Clear any signature algorithms extension received */ OPENSSL_free(s->s3->tmp.peer_cert_sigalgs); s->s3->tmp.peer_cert_sigalgs = NULL; - s->s3->tmp.peer_cert_sigalgslen = 0; + s->s3->tmp.peer_cert_sigalgslen = 0; return 1; } @@ -1184,26 +1184,26 @@ static int init_etm(SSL *s, unsigned int context) static int init_ems(SSL *s, unsigned int context) { - if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) { + if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) { s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; - s->s3->flags |= TLS1_FLAGS_REQUIRED_EXTMS; - } + s->s3->flags |= TLS1_FLAGS_REQUIRED_EXTMS; + } return 1; } static int final_ems(SSL *s, unsigned int context, int sent) { - /* - * Check extended master secret extension is not dropped on - * renegotiation. - */ - if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) - && (s->s3->flags & TLS1_FLAGS_REQUIRED_EXTMS)) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS, - SSL_R_INCONSISTENT_EXTMS); - return 0; - } + /* + * Check extended master secret extension is not dropped on + * renegotiation. + */ + if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) + && (s->s3->flags & TLS1_FLAGS_REQUIRED_EXTMS)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS, + SSL_R_INCONSISTENT_EXTMS); + return 0; + } if (!s->server && s->hit) { /* * Check extended master secret extension is consistent with @@ -1729,19 +1729,19 @@ static int init_post_handshake_auth(SSL *s, unsigned int context) return 1; } - -/* - * If clients offer "pre_shared_key" without a "psk_key_exchange_modes" - * extension, servers MUST abort the handshake. - */ -static int final_psk(SSL *s, unsigned int context, int sent) -{ - if (s->server && sent && s->clienthello != NULL - && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { - SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_PSK, - SSL_R_MISSING_PSK_KEX_MODES_EXTENSION); - return 0; - } - - return 1; -} + +/* + * If clients offer "pre_shared_key" without a "psk_key_exchange_modes" + * extension, servers MUST abort the handshake. + */ +static int final_psk(SSL *s, unsigned int context, int sent) +{ + if (s->server && sent && s->clienthello != NULL + && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { + SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_PSK, + SSL_R_MISSING_PSK_KEX_MODES_EXTENSION); + return 0; + } + + return 1; +} |