diff options
| author | heretic <heretic@yandex-team.ru> | 2022-02-10 16:45:43 +0300 |
|---|---|---|
| committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:45:43 +0300 |
| commit | 397cbe258b9e064f49c4ca575279f02f39fef76e (patch) | |
| tree | a0b0eb3cca6a14e4e8ea715393637672fa651284 /contrib/libs/openssl/ssl/statem | |
| parent | 43f5a35593ebc9f6bcea619bb170394ea7ae468e (diff) | |
| download | ydb-397cbe258b9e064f49c4ca575279f02f39fef76e.tar.gz | |
Restoring authorship annotation for <heretic@yandex-team.ru>. Commit 1 of 2.
Diffstat (limited to 'contrib/libs/openssl/ssl/statem')
| -rw-r--r-- | contrib/libs/openssl/ssl/statem/README | 126 | ||||
| -rw-r--r-- | contrib/libs/openssl/ssl/statem/extensions.c | 98 | ||||
| -rw-r--r-- | contrib/libs/openssl/ssl/statem/extensions_clnt.c | 26 | ||||
| -rw-r--r-- | contrib/libs/openssl/ssl/statem/extensions_srvr.c | 18 | ||||
| -rw-r--r-- | contrib/libs/openssl/ssl/statem/statem_clnt.c | 38 | ||||
| -rw-r--r-- | contrib/libs/openssl/ssl/statem/statem_lib.c | 66 | ||||
| -rw-r--r-- | contrib/libs/openssl/ssl/statem/statem_local.h | 6 | ||||
| -rw-r--r-- | contrib/libs/openssl/ssl/statem/statem_srvr.c | 44 |
8 files changed, 211 insertions, 211 deletions
diff --git a/contrib/libs/openssl/ssl/statem/README b/contrib/libs/openssl/ssl/statem/README index 86cc066372..7687242772 100644 --- a/contrib/libs/openssl/ssl/statem/README +++ b/contrib/libs/openssl/ssl/statem/README @@ -1,63 +1,63 @@ -State Machine Design -==================== - -This file provides some guidance on the thinking behind the design of the -state machine code to aid future maintenance. - -The state machine code replaces an older state machine present in OpenSSL -versions 1.0.2 and below. The new state machine has the following objectives: - - Remove duplication of state code between client and server - - Remove duplication of state code between TLS and DTLS - - Simplify transitions and bring the logic together in a single location - so that it is easier to validate - - Remove duplication of code between each of the message handling functions - - Receive a message first and then work out whether that is a valid - transition - not the other way around (the other way causes lots of issues - where we are expecting one type of message next but actually get something - else) - - Separate message flow state from handshake state (in order to better - understand each) - - message flow state = when to flush buffers; handling restarts in the - event of NBIO events; handling the common flow of steps for reading a - message and the common flow of steps for writing a message etc - - handshake state = what handshake message are we working on now - - Control complexity: only the state machine can change state: keep all - the state changes local to the state machine component - -The message flow state machine is divided into a reading sub-state machine and a -writing sub-state machine. See the source comments in statem.c for a more -detailed description of the various states and transitions possible. - -Conceptually the state machine component is designed as follows: - - libssl - | ----------------------------|-----statem.h-------------------------------------- - | - _______V____________________ - | | - | statem.c | - | | - | Core state machine code | - |____________________________| - statem_local.h ^ ^ - _________| |_______ - | | - _____________|____________ _____________|____________ - | | | | - | statem_clnt.c | | statem_srvr.c | - | | | | - | TLS/DTLS client specific | | TLS/DTLS server specific | - | state machine code | | state machine code | - |__________________________| |__________________________| - | |_______________|__ | - | ________________| | | - | | | | - ____________V_______V________ ________V______V_______________ - | | | | - | statem_both.c | | statem_dtls.c | - | | | | - | Non core functions common | | Non core functions common to | - | to both servers and clients | | both DTLS servers and clients | - |_____________________________| |_______________________________| - +State Machine Design +==================== + +This file provides some guidance on the thinking behind the design of the +state machine code to aid future maintenance. + +The state machine code replaces an older state machine present in OpenSSL +versions 1.0.2 and below. The new state machine has the following objectives: + - Remove duplication of state code between client and server + - Remove duplication of state code between TLS and DTLS + - Simplify transitions and bring the logic together in a single location + so that it is easier to validate + - Remove duplication of code between each of the message handling functions + - Receive a message first and then work out whether that is a valid + transition - not the other way around (the other way causes lots of issues + where we are expecting one type of message next but actually get something + else) + - Separate message flow state from handshake state (in order to better + understand each) + - message flow state = when to flush buffers; handling restarts in the + event of NBIO events; handling the common flow of steps for reading a + message and the common flow of steps for writing a message etc + - handshake state = what handshake message are we working on now + - Control complexity: only the state machine can change state: keep all + the state changes local to the state machine component + +The message flow state machine is divided into a reading sub-state machine and a +writing sub-state machine. See the source comments in statem.c for a more +detailed description of the various states and transitions possible. + +Conceptually the state machine component is designed as follows: + + libssl + | +---------------------------|-----statem.h-------------------------------------- + | + _______V____________________ + | | + | statem.c | + | | + | Core state machine code | + |____________________________| + statem_local.h ^ ^ + _________| |_______ + | | + _____________|____________ _____________|____________ + | | | | + | statem_clnt.c | | statem_srvr.c | + | | | | + | TLS/DTLS client specific | | TLS/DTLS server specific | + | state machine code | | state machine code | + |__________________________| |__________________________| + | |_______________|__ | + | ________________| | | + | | | | + ____________V_______V________ ________V______V_______________ + | | | | + | statem_both.c | | statem_dtls.c | + | | | | + | Non core functions common | | Non core functions common to | + | to both servers and clients | | both DTLS servers and clients | + |_____________________________| |_______________________________| + diff --git a/contrib/libs/openssl/ssl/statem/extensions.c b/contrib/libs/openssl/ssl/statem/extensions.c index 0f39275baa..98bbc80193 100644 --- a/contrib/libs/openssl/ssl/statem/extensions.c +++ b/contrib/libs/openssl/ssl/statem/extensions.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,7 @@ static int final_renegotiate(SSL *s, unsigned int context, int sent); static int init_server_name(SSL *s, unsigned int context); static int final_server_name(SSL *s, unsigned int context, int sent); #ifndef OPENSSL_NO_EC -static int init_ec_point_formats(SSL *s, unsigned int context); +static int init_ec_point_formats(SSL *s, unsigned int context); static int final_ec_pt_formats(SSL *s, unsigned int context, int sent); #endif static int init_session_ticket(SSL *s, unsigned int context); @@ -57,7 +57,7 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent); static int final_early_data(SSL *s, unsigned int context, int sent); static int final_maxfragmentlen(SSL *s, unsigned int context, int sent); static int init_post_handshake_auth(SSL *s, unsigned int context); -static int final_psk(SSL *s, unsigned int context, int sent); +static int final_psk(SSL *s, unsigned int context, int sent); /* Structure to define a built-in extension */ typedef struct extensions_definition_st { @@ -160,7 +160,7 @@ static const EXTENSION_DEFINITION ext_defs[] = { TLSEXT_TYPE_ec_point_formats, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY, - init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats, + init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats, tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats, final_ec_pt_formats }, @@ -338,8 +338,8 @@ static const EXTENSION_DEFINITION ext_defs[] = { tls_construct_stoc_key_share, tls_construct_ctos_key_share, final_key_share }, -#else - INVALID_EXTENSION, +#else + INVALID_EXTENSION, #endif { /* Must be after key_share */ @@ -391,7 +391,7 @@ static const EXTENSION_DEFINITION ext_defs[] = { SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk, - tls_construct_ctos_psk, final_psk + tls_construct_ctos_psk, final_psk } }; @@ -970,8 +970,8 @@ static int final_server_name(SSL *s, unsigned int context, int sent) * context, to avoid the confusing situation of having sess_accept_good * exceed sess_accept (zero) for the new context. */ - if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx - && s->hello_retry_request == SSL_HRR_NONE) { + if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx + && s->hello_retry_request == SSL_HRR_NONE) { tsan_counter(&s->ctx->stats.sess_accept); tsan_decr(&s->session_ctx->stats.sess_accept); } @@ -1028,15 +1028,15 @@ static int final_server_name(SSL *s, unsigned int context, int sent) } #ifndef OPENSSL_NO_EC -static int init_ec_point_formats(SSL *s, unsigned int context) -{ - OPENSSL_free(s->ext.peer_ecpointformats); - s->ext.peer_ecpointformats = NULL; - s->ext.peer_ecpointformats_len = 0; - - return 1; -} - +static int init_ec_point_formats(SSL *s, unsigned int context) +{ + OPENSSL_free(s->ext.peer_ecpointformats); + s->ext.peer_ecpointformats = NULL; + s->ext.peer_ecpointformats_len = 0; + + return 1; +} + static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) { unsigned long alg_k, alg_a; @@ -1150,7 +1150,7 @@ static int init_sig_algs(SSL *s, unsigned int context) /* Clear any signature algorithms extension received */ OPENSSL_free(s->s3->tmp.peer_sigalgs); s->s3->tmp.peer_sigalgs = NULL; - s->s3->tmp.peer_sigalgslen = 0; + s->s3->tmp.peer_sigalgslen = 0; return 1; } @@ -1160,7 +1160,7 @@ static int init_sig_algs_cert(SSL *s, unsigned int context) /* Clear any signature algorithms extension received */ OPENSSL_free(s->s3->tmp.peer_cert_sigalgs); s->s3->tmp.peer_cert_sigalgs = NULL; - s->s3->tmp.peer_cert_sigalgslen = 0; + s->s3->tmp.peer_cert_sigalgslen = 0; return 1; } @@ -1184,26 +1184,26 @@ static int init_etm(SSL *s, unsigned int context) static int init_ems(SSL *s, unsigned int context) { - if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) { + if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) { s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; - s->s3->flags |= TLS1_FLAGS_REQUIRED_EXTMS; - } + s->s3->flags |= TLS1_FLAGS_REQUIRED_EXTMS; + } return 1; } static int final_ems(SSL *s, unsigned int context, int sent) { - /* - * Check extended master secret extension is not dropped on - * renegotiation. - */ - if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) - && (s->s3->flags & TLS1_FLAGS_REQUIRED_EXTMS)) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS, - SSL_R_INCONSISTENT_EXTMS); - return 0; - } + /* + * Check extended master secret extension is not dropped on + * renegotiation. + */ + if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) + && (s->s3->flags & TLS1_FLAGS_REQUIRED_EXTMS)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS, + SSL_R_INCONSISTENT_EXTMS); + return 0; + } if (!s->server && s->hit) { /* * Check extended master secret extension is consistent with @@ -1729,19 +1729,19 @@ static int init_post_handshake_auth(SSL *s, unsigned int context) return 1; } - -/* - * If clients offer "pre_shared_key" without a "psk_key_exchange_modes" - * extension, servers MUST abort the handshake. - */ -static int final_psk(SSL *s, unsigned int context, int sent) -{ - if (s->server && sent && s->clienthello != NULL - && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { - SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_PSK, - SSL_R_MISSING_PSK_KEX_MODES_EXTENSION); - return 0; - } - - return 1; -} + +/* + * If clients offer "pre_shared_key" without a "psk_key_exchange_modes" + * extension, servers MUST abort the handshake. + */ +static int final_psk(SSL *s, unsigned int context, int sent) +{ + if (s->server && sent && s->clienthello != NULL + && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { + SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_PSK, + SSL_R_MISSING_PSK_KEX_MODES_EXTENSION); + return 0; + } + + return 1; +} diff --git a/contrib/libs/openssl/ssl/statem/extensions_clnt.c b/contrib/libs/openssl/ssl/statem/extensions_clnt.c index ce8a75794c..dc23635c48 100644 --- a/contrib/libs/openssl/ssl/statem/extensions_clnt.c +++ b/contrib/libs/openssl/ssl/statem/extensions_clnt.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -816,7 +816,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, OPENSSL_free(s->psksession_id); s->psksession_id = OPENSSL_memdup(id, idlen); if (s->psksession_id == NULL) { - s->psksession_id_len = 0; + s->psksession_id_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -1376,7 +1376,7 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, OPENSSL_free(s->ext.peer_ecpointformats); s->ext.peer_ecpointformats = OPENSSL_malloc(ecpointformats_len); if (s->ext.peer_ecpointformats == NULL) { - s->ext.peer_ecpointformats_len = 0; + s->ext.peer_ecpointformats_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR); return 0; @@ -1494,14 +1494,14 @@ int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->ext.scts_len = (uint16_t)size; if (size > 0) { s->ext.scts = OPENSSL_malloc(size); - if (s->ext.scts == NULL) { - s->ext.scts_len = 0; - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT, - ERR_R_MALLOC_FAILURE); - return 0; - } - if (!PACKET_copy_bytes(pkt, s->ext.scts, size)) { + if (s->ext.scts == NULL) { + s->ext.scts_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT, + ERR_R_MALLOC_FAILURE); + return 0; + } + if (!PACKET_copy_bytes(pkt, s->ext.scts, size)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT, ERR_R_INTERNAL_ERROR); return 0; } @@ -1599,7 +1599,7 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, OPENSSL_free(s->ext.npn); s->ext.npn = OPENSSL_malloc(selected_len); if (s->ext.npn == NULL) { - s->ext.npn_len = 0; + s->ext.npn_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_NPN, ERR_R_INTERNAL_ERROR); return 0; @@ -1640,7 +1640,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = OPENSSL_malloc(len); if (s->s3->alpn_selected == NULL) { - s->s3->alpn_selected_len = 0; + s->s3->alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, ERR_R_INTERNAL_ERROR); return 0; @@ -1672,7 +1672,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->session->ext.alpn_selected = OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { - s->session->ext.alpn_selected_len = 0; + s->session->ext.alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, ERR_R_INTERNAL_ERROR); return 0; diff --git a/contrib/libs/openssl/ssl/statem/extensions_srvr.c b/contrib/libs/openssl/ssl/statem/extensions_srvr.c index 04f64f8106..2413d2adf1 100644 --- a/contrib/libs/openssl/ssl/statem/extensions_srvr.c +++ b/contrib/libs/openssl/ssl/statem/extensions_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1151,7 +1151,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, if (sesstmp == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR); - goto err; + goto err; } SSL_SESSION_free(sess); sess = sesstmp; @@ -1714,13 +1714,13 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, } return EXT_RETURN_NOT_SENT; } - if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) { - /* - * PSK ('hit') and explicitly not doing DHE (if the client sent the - * DHE option we always take it); don't send key share. - */ - return EXT_RETURN_NOT_SENT; - } + if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) { + /* + * PSK ('hit') and explicitly not doing DHE (if the client sent the + * DHE option we always take it); don't send key share. + */ + return EXT_RETURN_NOT_SENT; + } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) || !WPACKET_start_sub_packet_u16(pkt) diff --git a/contrib/libs/openssl/ssl/statem/statem_clnt.c b/contrib/libs/openssl/ssl/statem/statem_clnt.c index d1a3969812..6f89684ca8 100644 --- a/contrib/libs/openssl/ssl/statem/statem_clnt.c +++ b/contrib/libs/openssl/ssl/statem/statem_clnt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1001,8 +1001,8 @@ size_t ossl_statem_client_max_message_size(SSL *s) return CCS_MAX_LENGTH; case TLS_ST_CR_SESSION_TICKET: - return (SSL_IS_TLS13(s)) ? SESSION_TICKET_MAX_LENGTH_TLS13 - : SESSION_TICKET_MAX_LENGTH_TLS12; + return (SSL_IS_TLS13(s)) ? SESSION_TICKET_MAX_LENGTH_TLS13 + : SESSION_TICKET_MAX_LENGTH_TLS12; case TLS_ST_CR_FINISHED: return FINISHED_MAX_LENGTH; @@ -2150,15 +2150,15 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) ERR_R_EVP_LIB); goto err; } - dh = NULL; - - if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp), - 0, peer_tmp)) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE, - SSL_R_DH_KEY_TOO_SMALL); - goto err; - } + dh = NULL; + if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp), + 0, peer_tmp)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE, + SSL_R_DH_KEY_TOO_SMALL); + goto err; + } + s->s3->peer_tmp = peer_tmp; /* @@ -2463,7 +2463,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) s->s3->tmp.ctype_len = 0; OPENSSL_free(s->pha_context); s->pha_context = NULL; - s->pha_context_len = 0; + s->pha_context_len = 0; if (!PACKET_get_length_prefixed_1(pkt, &reqctx) || !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) { @@ -2773,12 +2773,12 @@ int tls_process_cert_status_body(SSL *s, PACKET *pkt) } s->ext.ocsp.resp = OPENSSL_malloc(resplen); if (s->ext.ocsp.resp == NULL) { - s->ext.ocsp.resp_len = 0; + s->ext.ocsp.resp_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, ERR_R_MALLOC_FAILURE); return 0; } - s->ext.ocsp.resp_len = resplen; + s->ext.ocsp.resp_len = resplen; if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, SSL_R_LENGTH_MISMATCH); @@ -2834,7 +2834,7 @@ int tls_process_initial_server_flight(SSL *s) if (ret < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT, - SSL_R_OCSP_CALLBACK_FAILURE); + SSL_R_OCSP_CALLBACK_FAILURE); return 0; } } @@ -2908,7 +2908,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt) if (psklen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); - psklen = PSK_MAX_PSK_LEN; /* Avoid overrunning the array on cleanse */ + psklen = PSK_MAX_PSK_LEN; /* Avoid overrunning the array on cleanse */ goto err; } else if (psklen == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, @@ -3354,11 +3354,11 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt) err: OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); s->s3->tmp.pms = NULL; - s->s3->tmp.pmslen = 0; + s->s3->tmp.pmslen = 0; #ifndef OPENSSL_NO_PSK OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); s->s3->tmp.psk = NULL; - s->s3->tmp.psklen = 0; + s->s3->tmp.psklen = 0; #endif return 0; } @@ -3433,7 +3433,7 @@ int tls_client_key_exchange_post_work(SSL *s) err: OPENSSL_clear_free(pms, pmslen); s->s3->tmp.pms = NULL; - s->s3->tmp.pmslen = 0; + s->s3->tmp.pmslen = 0; return 0; } diff --git a/contrib/libs/openssl/ssl/statem/statem_lib.c b/contrib/libs/openssl/ssl/statem/statem_lib.c index c3b6f8f456..104fff71f2 100644 --- a/contrib/libs/openssl/ssl/statem/statem_lib.c +++ b/contrib/libs/openssl/ssl/statem/statem_lib.c @@ -1341,7 +1341,7 @@ int tls_get_message_body(SSL *s, size_t *len) static const X509ERR2ALERT x509table[] = { {X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE}, {X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_EC_KEY_EXPLICIT_PARAMS, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_EC_KEY_EXPLICIT_PARAMS, SSL_AD_BAD_CERTIFICATE}, {X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE}, {X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA}, {X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED}, @@ -1504,8 +1504,8 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method) /* * Only called by servers. Returns 1 if the server has a TLSv1.3 capable - * certificate type, or has PSK or a certificate callback configured, or has - * a servername callback configured. Otherwise returns 0. + * certificate type, or has PSK or a certificate callback configured, or has + * a servername callback configured. Otherwise returns 0. */ static int is_tls13_capable(const SSL *s) { @@ -1515,17 +1515,17 @@ static int is_tls13_capable(const SSL *s) EC_KEY *eckey; #endif - if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) - return 0; - - /* - * A servername callback can change the available certs, so if a servername - * cb is set then we just assume TLSv1.3 will be ok - */ - if (s->ctx->ext.servername_cb != NULL - || s->session_ctx->ext.servername_cb != NULL) - return 1; - + if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) + return 0; + + /* + * A servername callback can change the available certs, so if a servername + * cb is set then we just assume TLSv1.3 will be ok + */ + if (s->ctx->ext.servername_cb != NULL + || s->session_ctx->ext.servername_cb != NULL) + return 1; + #ifndef OPENSSL_NO_PSK if (s->psk_server_callback != NULL) return 1; @@ -1668,22 +1668,22 @@ int ssl_check_version_downgrade(SSL *s) */ int ssl_set_version_bound(int method_version, int version, int *bound) { - int valid_tls; - int valid_dtls; - + int valid_tls; + int valid_dtls; + if (version == 0) { *bound = version; return 1; } - valid_tls = version >= SSL3_VERSION && version <= TLS_MAX_VERSION; - valid_dtls = - DTLS_VERSION_LE(version, DTLS_MAX_VERSION) && - DTLS_VERSION_GE(version, DTLS1_BAD_VER); - - if (!valid_tls && !valid_dtls) - return 0; - + valid_tls = version >= SSL3_VERSION && version <= TLS_MAX_VERSION; + valid_dtls = + DTLS_VERSION_LE(version, DTLS_MAX_VERSION) && + DTLS_VERSION_GE(version, DTLS1_BAD_VER); + + if (!valid_tls && !valid_dtls) + return 0; + /*- * Restrict TLS methods to TLS protocol versions. * Restrict DTLS methods to DTLS protocol versions. @@ -1694,22 +1694,22 @@ int ssl_set_version_bound(int method_version, int version, int *bound) * configurations. If the MIN (supported) version ever rises, the user's * "floor" remains valid even if no longer available. We don't expect the * MAX ceiling to ever get lower, so making that variable makes sense. - * - * We ignore attempts to set bounds on version-inflexible methods, - * returning success. + * + * We ignore attempts to set bounds on version-inflexible methods, + * returning success. */ switch (method_version) { default: - break; + break; case TLS_ANY_VERSION: - if (valid_tls) - *bound = version; + if (valid_tls) + *bound = version; break; case DTLS_ANY_VERSION: - if (valid_dtls) - *bound = version; + if (valid_dtls) + *bound = version; break; } return 1; diff --git a/contrib/libs/openssl/ssl/statem/statem_local.h b/contrib/libs/openssl/ssl/statem/statem_local.h index eae88053dc..7caf0035f8 100644 --- a/contrib/libs/openssl/ssl/statem/statem_local.h +++ b/contrib/libs/openssl/ssl/statem/statem_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,8 +22,8 @@ #define SERVER_HELLO_MAX_LENGTH 20000 #define HELLO_RETRY_REQUEST_MAX_LENGTH 20000 #define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000 -#define SESSION_TICKET_MAX_LENGTH_TLS13 131338 -#define SESSION_TICKET_MAX_LENGTH_TLS12 65541 +#define SESSION_TICKET_MAX_LENGTH_TLS13 131338 +#define SESSION_TICKET_MAX_LENGTH_TLS12 65541 #define SERVER_KEY_EXCH_MAX_LENGTH 102400 #define SERVER_HELLO_DONE_MAX_LENGTH 0 #define KEY_UPDATE_MAX_LENGTH 1 diff --git a/contrib/libs/openssl/ssl/statem/statem_srvr.c b/contrib/libs/openssl/ssl/statem/statem_srvr.c index d701c46b43..55ef68cb74 100644 --- a/contrib/libs/openssl/ssl/statem/statem_srvr.c +++ b/contrib/libs/openssl/ssl/statem/statem_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -2178,7 +2178,7 @@ int tls_handle_alpn(SSL *s) OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len); if (s->s3->alpn_selected == NULL) { - s->s3->alpn_selected_len = 0; + s->s3->alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN, ERR_R_INTERNAL_ERROR); return 0; @@ -2578,7 +2578,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) s->s3->tmp.pkey = ssl_generate_pkey(pkdhp); if (s->s3->tmp.pkey == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, ERR_R_INTERNAL_ERROR); goto err; } @@ -2854,21 +2854,21 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) { OPENSSL_free(s->pha_context); s->pha_context_len = 32; - if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL) { - s->pha_context_len = 0; - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, - ERR_R_INTERNAL_ERROR); - return 0; - } - if (RAND_bytes(s->pha_context, s->pha_context_len) <= 0 - || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, - s->pha_context_len)) { + if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL) { + s->pha_context_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR); return 0; } + if (RAND_bytes(s->pha_context, s->pha_context_len) <= 0 + || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, + s->pha_context_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, + ERR_R_INTERNAL_ERROR); + return 0; + } /* reset the handshake hash back to just after the ClientFinished */ if (!tls13_restore_handshake_digest_for_pha(s)) { /* SSLfatal() already called */ @@ -2977,7 +2977,7 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt) OPENSSL_cleanse(psk, psklen); if (s->s3->tmp.psk == NULL) { - s->s3->tmp.psklen = 0; + s->s3->tmp.psklen = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE); return 0; @@ -3517,7 +3517,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) #ifndef OPENSSL_NO_PSK OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); s->s3->tmp.psk = NULL; - s->s3->tmp.psklen = 0; + s->s3->tmp.psklen = 0; #endif return MSG_PROCESS_ERROR; } @@ -3753,7 +3753,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) sk_X509_pop_free(s->session->peer_chain, X509_free); s->session->peer_chain = sk; - sk = NULL; + sk = NULL; /* * Freeze the handshake buffer. For <TLS1.3 we do this after the CKE @@ -4127,7 +4127,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) s->session->ext.alpn_selected = OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { - s->session->ext.alpn_selected_len = 0; + s->session->ext.alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); @@ -4139,12 +4139,12 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) } if (tctx->generate_ticket_cb != NULL && - tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, - ERR_R_INTERNAL_ERROR); + tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, + ERR_R_INTERNAL_ERROR); goto err; - } + } /* * If we are using anti-replay protection then we behave as if * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there |