Restoring authorship annotation for <tpashkin@yandex-team.ru>. Commit 1 of 2.

author: tpashkin <tpashkin@yandex-team.ru> 2022-02-10 16:46:41 +0300
committer: Daniil Cherednik <dcherednik@yandex-team.ru> 2022-02-10 16:46:41 +0300
commit: 5475379a04e37df30085bd1724f1c57e3f40996f (patch)
tree: 95d77e29785a3bd5be6260b1c9d226a551376ecf /contrib/libs/openssl/ssl/t1_lib.c
parent: c3d34b9b40eb534dfd2c549342274f3d61844688 (diff)
download: ydb-5475379a04e37df30085bd1724f1c57e3f40996f.tar.gz
1 files changed, 75 insertions, 75 deletions
diff --git a/contrib/libs/openssl/ssl/t1_lib.c b/contrib/libs/openssl/ssl/t1_lib.c
index b1d3add187..31a7f3e45c 100644
--- a/contrib/libs/openssl/ssl/t1_lib.c
+++ b/contrib/libs/openssl/ssl/t1_lib.c
@@ -18,11 +18,11 @@
 #include <openssl/dh.h>
 #include <openssl/bn.h>
 #include "internal/nelem.h"
-#include "ssl_local.h"
+#include "ssl_local.h" 
 #include <openssl/ct.h>
 
 static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey);
-static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
+static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu); 
 
 SSL3_ENC_METHOD const TLSv1_enc_data = {
     tls1_enc,
@@ -850,11 +850,11 @@ static int rsa_pss_check_min_key_size(const RSA *rsa, const SIGALG_LOOKUP *lu)
 }
 
 /*
- * Returns a signature algorithm when the peer did not send a list of supported
- * signature algorithms. The signature algorithm is fixed for the certificate
- * type. |idx| is a certificate type index (SSL_PKEY_*). When |idx| is -1 the
- * certificate type from |s| will be used.
- * Returns the signature algorithm to use, or NULL on error.
+ * Returns a signature algorithm when the peer did not send a list of supported 
+ * signature algorithms. The signature algorithm is fixed for the certificate 
+ * type. |idx| is a certificate type index (SSL_PKEY_*). When |idx| is -1 the 
+ * certificate type from |s| will be used. 
+ * Returns the signature algorithm to use, or NULL on error. 
  */
 static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
 {
@@ -897,12 +897,12 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
 
         if (!tls1_lookup_md(lu, NULL))
             return NULL;
-        if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu))
-            return NULL;
+        if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) 
+            return NULL; 
         return lu;
     }
-    if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, &legacy_rsa_sigalg))
-        return NULL;
+    if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, &legacy_rsa_sigalg)) 
+        return NULL; 
     return &legacy_rsa_sigalg;
 }
 /* Set peer sigalg based key type */
@@ -992,31 +992,31 @@ int tls_check_sigalg_curve(const SSL *s, int curve)
 #endif
 
 /*
- * Return the number of security bits for the signature algorithm, or 0 on
- * error.
- */
-static int sigalg_security_bits(const SIGALG_LOOKUP *lu)
-{
-    const EVP_MD *md = NULL;
-    int secbits = 0;
-
-    if (!tls1_lookup_md(lu, &md))
-        return 0;
-    if (md != NULL)
-    {
-        /* Security bits: half digest bits */
-        secbits = EVP_MD_size(md) * 4;
-    } else {
-        /* Values from https://tools.ietf.org/html/rfc8032#section-8.5 */
-        if (lu->sigalg == TLSEXT_SIGALG_ed25519)
-            secbits = 128;
-        else if (lu->sigalg == TLSEXT_SIGALG_ed448)
-            secbits = 224;
-    }
-    return secbits;
-}
-
-/*
+ * Return the number of security bits for the signature algorithm, or 0 on 
+ * error. 
+ */ 
+static int sigalg_security_bits(const SIGALG_LOOKUP *lu) 
+{ 
+    const EVP_MD *md = NULL; 
+    int secbits = 0; 
+ 
+    if (!tls1_lookup_md(lu, &md)) 
+        return 0; 
+    if (md != NULL) 
+    { 
+        /* Security bits: half digest bits */ 
+        secbits = EVP_MD_size(md) * 4; 
+    } else { 
+        /* Values from https://tools.ietf.org/html/rfc8032#section-8.5 */ 
+        if (lu->sigalg == TLSEXT_SIGALG_ed25519) 
+            secbits = 128; 
+        else if (lu->sigalg == TLSEXT_SIGALG_ed448) 
+            secbits = 224; 
+    } 
+    return secbits; 
+} 
+ 
+/* 
  * Check signature algorithm is consistent with sent supported signature
  * algorithms and if so set relevant digest and signature scheme in
  * s.
@@ -1029,7 +1029,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
     size_t sent_sigslen, i, cidx;
     int pkeyid = EVP_PKEY_id(pkey);
     const SIGALG_LOOKUP *lu;
-    int secbits = 0;
+    int secbits = 0; 
 
     /* Should never happen */
     if (pkeyid == -1)
@@ -1131,20 +1131,20 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
                  SSL_R_UNKNOWN_DIGEST);
         return 0;
     }
-    /*
-     * Make sure security callback allows algorithm. For historical
-     * reasons we have to pass the sigalg as a two byte char array.
-     */
-    sigalgstr[0] = (sig >> 8) & 0xff;
-    sigalgstr[1] = sig & 0xff;
-    secbits = sigalg_security_bits(lu);
-    if (secbits == 0 ||
-        !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
-                      md != NULL ? EVP_MD_type(md) : NID_undef,
-                      (void *)sigalgstr)) {
-        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
-                 SSL_R_WRONG_SIGNATURE_TYPE);
-        return 0;
+    /* 
+     * Make sure security callback allows algorithm. For historical 
+     * reasons we have to pass the sigalg as a two byte char array. 
+     */ 
+    sigalgstr[0] = (sig >> 8) & 0xff; 
+    sigalgstr[1] = sig & 0xff; 
+    secbits = sigalg_security_bits(lu); 
+    if (secbits == 0 || 
+        !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, 
+                      md != NULL ? EVP_MD_type(md) : NID_undef, 
+                      (void *)sigalgstr)) { 
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG, 
+                 SSL_R_WRONG_SIGNATURE_TYPE); 
+        return 0; 
     }
     /* Store the sigalg the peer uses */
     s->s3->tmp.peer_sigalg = lu;
@@ -1210,7 +1210,7 @@ int ssl_set_client_disabled(SSL *s)
  *
  * Returns 1 when it's disabled, 0 when enabled.
  */
-int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int ecdhe)
+int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int ecdhe) 
 {
     if (c->algorithm_mkey & s->s3->tmp.mask_k
         || c->algorithm_auth & s->s3->tmp.mask_a)
@@ -1590,7 +1590,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
 }
 
 /* Check to see if a signature algorithm is allowed */
-static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
+static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) 
 {
     unsigned char sigalgstr[2];
     int secbits;
@@ -1652,7 +1652,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
     }
 
     /* Finally see if security callback allows it */
-    secbits = sigalg_security_bits(lu);
+    secbits = sigalg_security_bits(lu); 
     sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
     sigalgstr[1] = lu->sigalg & 0xff;
     return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr);
@@ -2130,7 +2130,7 @@ static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid)
         sigalg = use_pc_sigalgs
                  ? tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i])
                  : s->shared_sigalgs[i];
-        if (sigalg != NULL && sig_nid == sigalg->sigandhash)
+        if (sigalg != NULL && sig_nid == sigalg->sigandhash) 
             return 1;
     }
     return 0;
@@ -2814,26 +2814,26 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
 #endif
                         break;
                 }
-#ifndef OPENSSL_NO_GOST
-                /*
-                 * Some Windows-based implementations do not send GOST algorithms indication
-                 * in supported_algorithms extension, so when we have GOST-based ciphersuite,
-                 * we have to assume GOST support.
-                 */
-                if (i == s->shared_sigalgslen && s->s3->tmp.new_cipher->algorithm_auth & (SSL_aGOST01 | SSL_aGOST12)) {
-                  if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
-                    if (!fatalerrs)
-                      return 1;
-                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
-                             SSL_F_TLS_CHOOSE_SIGALG,
-                             SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
-                    return 0;
-                  } else {
-                    i = 0;
-                    sig_idx = lu->sig_idx;
-                  }
-                }
-#endif
+#ifndef OPENSSL_NO_GOST 
+                /* 
+                 * Some Windows-based implementations do not send GOST algorithms indication 
+                 * in supported_algorithms extension, so when we have GOST-based ciphersuite, 
+                 * we have to assume GOST support. 
+                 */ 
+                if (i == s->shared_sigalgslen && s->s3->tmp.new_cipher->algorithm_auth & (SSL_aGOST01 | SSL_aGOST12)) { 
+                  if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { 
+                    if (!fatalerrs) 
+                      return 1; 
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, 
+                             SSL_F_TLS_CHOOSE_SIGALG, 
+                             SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); 
+                    return 0; 
+                  } else { 
+                    i = 0; 
+                    sig_idx = lu->sig_idx; 
+                  } 
+                } 
+#endif 
                 if (i == s->shared_sigalgslen) {
                     if (!fatalerrs)
                         return 1;
author	tpashkin <tpashkin@yandex-team.ru>	2022-02-10 16:46:41 +0300
committer	Daniil Cherednik <dcherednik@yandex-team.ru>	2022-02-10 16:46:41 +0300
commit	5475379a04e37df30085bd1724f1c57e3f40996f (patch)
tree	95d77e29785a3bd5be6260b1c9d226a551376ecf /contrib/libs/openssl/ssl/t1_lib.c
parent	c3d34b9b40eb534dfd2c549342274f3d61844688 (diff)
download	ydb-5475379a04e37df30085bd1724f1c57e3f40996f.tar.gz