aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssl/ssl/statem/extensions.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/ssl/statem/extensions.c')
-rw-r--r--crypto/openssl/ssl/statem/extensions.c656
1 files changed, 299 insertions, 357 deletions
diff --git a/crypto/openssl/ssl/statem/extensions.c b/crypto/openssl/ssl/statem/extensions.c
index 9811e5c94b93..2de540f828f0 100644
--- a/crypto/openssl/ssl/statem/extensions.c
+++ b/crypto/openssl/ssl/statem/extensions.c
@@ -8,8 +8,8 @@
*/
#if defined(__TANDEM) && defined(_SPT_MODEL_)
-# include <spthread.h>
-# include <spt_extensions.h> /* timeval */
+#include <spthread.h>
+#include <spt_extensions.h> /* timeval */
#endif
#include <string.h>
@@ -23,7 +23,7 @@ static int final_renegotiate(SSL_CONNECTION *s, unsigned int context, int sent);
static int init_server_name(SSL_CONNECTION *s, unsigned int context);
static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent);
static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context,
- int sent);
+ int sent);
static int init_session_ticket(SSL_CONNECTION *s, unsigned int context);
#ifndef OPENSSL_NO_OCSP
static int init_status_request(SSL_CONNECTION *s, unsigned int context);
@@ -38,15 +38,15 @@ static int init_sig_algs(SSL_CONNECTION *s, unsigned int context);
static int init_server_cert_type(SSL_CONNECTION *sc, unsigned int context);
static int init_client_cert_type(SSL_CONNECTION *sc, unsigned int context);
static int init_certificate_authorities(SSL_CONNECTION *s,
- unsigned int context);
+ unsigned int context);
static EXT_RETURN tls_construct_certificate_authorities(SSL_CONNECTION *s,
- WPACKET *pkt,
- unsigned int context,
- X509 *x,
- size_t chainidx);
+ WPACKET *pkt,
+ unsigned int context,
+ X509 *x,
+ size_t chainidx);
static int tls_parse_certificate_authorities(SSL_CONNECTION *s, PACKET *pkt,
- unsigned int context, X509 *x,
- size_t chainidx);
+ unsigned int context, X509 *x,
+ size_t chainidx);
#ifndef OPENSSL_NO_SRP
static int init_srp(SSL_CONNECTION *s, unsigned int context);
#endif
@@ -61,19 +61,19 @@ static int init_srtp(SSL_CONNECTION *s, unsigned int context);
#endif
static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent);
static int final_supported_versions(SSL_CONNECTION *s, unsigned int context,
- int sent);
+ int sent);
static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent);
static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context,
- int sent);
+ int sent);
static int init_post_handshake_auth(SSL_CONNECTION *s, unsigned int context);
static int final_psk(SSL_CONNECTION *s, unsigned int context, int sent);
static int tls_init_compress_certificate(SSL_CONNECTION *sc, unsigned int context);
static EXT_RETURN tls_construct_compress_certificate(SSL_CONNECTION *sc, WPACKET *pkt,
- unsigned int context,
- X509 *x, size_t chainidx);
+ unsigned int context,
+ X509 *x, size_t chainidx);
static int tls_parse_compress_certificate(SSL_CONNECTION *sc, PACKET *pkt,
- unsigned int context,
- X509 *x, size_t chainidx);
+ unsigned int context,
+ X509 *x, size_t chainidx);
/* Structure to define a built-in extension */
typedef struct extensions_definition_st {
@@ -91,18 +91,18 @@ typedef struct extensions_definition_st {
int (*init)(SSL_CONNECTION *s, unsigned int context);
/* Parse extension sent from client to server */
int (*parse_ctos)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
- X509 *x, size_t chainidx);
+ X509 *x, size_t chainidx);
/* Parse extension send from server to client */
int (*parse_stoc)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
- X509 *x, size_t chainidx);
+ X509 *x, size_t chainidx);
/* Construct extension sent from server to client */
EXT_RETURN (*construct_stoc)(SSL_CONNECTION *s, WPACKET *pkt,
- unsigned int context,
- X509 *x, size_t chainidx);
+ unsigned int context,
+ X509 *x, size_t chainidx);
/* Construct extension sent from client to server */
EXT_RETURN (*construct_ctos)(SSL_CONNECTION *s, WPACKET *pkt,
- unsigned int context,
- X509 *x, size_t chainidx);
+ unsigned int context,
+ X509 *x, size_t chainidx);
/*
* Finalise extension after parsing. Always called where an extensions was
* initialised even if the extension was not present. |sent| is set to 1 if
@@ -140,296 +140,246 @@ typedef struct extensions_definition_st {
*/
#define INVALID_EXTENSION { TLSEXT_TYPE_invalid, 0, NULL, NULL, NULL, NULL, NULL, NULL }
static const EXTENSION_DEFINITION ext_defs[] = {
- {
- TLSEXT_TYPE_renegotiate,
+ { TLSEXT_TYPE_renegotiate,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
- | SSL_EXT_SSL3_ALLOWED | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+ | SSL_EXT_SSL3_ALLOWED | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
NULL, tls_parse_ctos_renegotiate, tls_parse_stoc_renegotiate,
tls_construct_stoc_renegotiate, tls_construct_ctos_renegotiate,
- final_renegotiate
- },
- {
- TLSEXT_TYPE_server_name,
+ final_renegotiate },
+ { TLSEXT_TYPE_server_name,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
- | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+ | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
init_server_name,
tls_parse_ctos_server_name, tls_parse_stoc_server_name,
tls_construct_stoc_server_name, tls_construct_ctos_server_name,
- final_server_name
- },
- {
- TLSEXT_TYPE_max_fragment_length,
+ final_server_name },
+ { TLSEXT_TYPE_max_fragment_length,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
- | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+ | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
NULL, tls_parse_ctos_maxfragmentlen, tls_parse_stoc_maxfragmentlen,
tls_construct_stoc_maxfragmentlen, tls_construct_ctos_maxfragmentlen,
- final_maxfragmentlen
- },
+ final_maxfragmentlen },
#ifndef OPENSSL_NO_SRP
- {
- TLSEXT_TYPE_srp,
+ { TLSEXT_TYPE_srp,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
- init_srp, tls_parse_ctos_srp, NULL, NULL, tls_construct_ctos_srp, NULL
- },
+ init_srp, tls_parse_ctos_srp, NULL, NULL, tls_construct_ctos_srp, NULL },
#else
INVALID_EXTENSION,
#endif
- {
- TLSEXT_TYPE_ec_point_formats,
+ { TLSEXT_TYPE_ec_point_formats,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
- | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+ | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats,
tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
- final_ec_pt_formats
- },
- {
- /*
- * "supported_groups" is spread across several specifications.
- * It was originally specified as "elliptic_curves" in RFC 4492,
- * and broadened to include named FFDH groups by RFC 7919.
- * Both RFCs 4492 and 7919 do not include a provision for the server
- * to indicate to the client the complete list of groups supported
- * by the server, with the server instead just indicating the
- * selected group for this connection in the ServerKeyExchange
- * message. TLS 1.3 adds a scheme for the server to indicate
- * to the client its list of supported groups in the
- * EncryptedExtensions message, but none of the relevant
- * specifications permit sending supported_groups in the ServerHello.
- * Nonetheless (possibly due to the close proximity to the
- * "ec_point_formats" extension, which is allowed in the ServerHello),
- * there are several servers that send this extension in the
- * ServerHello anyway. Up to and including the 1.1.0 release,
- * we did not check for the presence of nonpermitted extensions,
- * so to avoid a regression, we must permit this extension in the
- * TLS 1.2 ServerHello as well.
- *
- * Note that there is no tls_parse_stoc_supported_groups function,
- * so we do not perform any additional parsing, validation, or
- * processing on the server's group list -- this is just a minimal
- * change to preserve compatibility with these misbehaving servers.
- */
+ final_ec_pt_formats },
+ { /*
+ * "supported_groups" is spread across several specifications.
+ * It was originally specified as "elliptic_curves" in RFC 4492,
+ * and broadened to include named FFDH groups by RFC 7919.
+ * Both RFCs 4492 and 7919 do not include a provision for the server
+ * to indicate to the client the complete list of groups supported
+ * by the server, with the server instead just indicating the
+ * selected group for this connection in the ServerKeyExchange
+ * message. TLS 1.3 adds a scheme for the server to indicate
+ * to the client its list of supported groups in the
+ * EncryptedExtensions message, but none of the relevant
+ * specifications permit sending supported_groups in the ServerHello.
+ * Nonetheless (possibly due to the close proximity to the
+ * "ec_point_formats" extension, which is allowed in the ServerHello),
+ * there are several servers that send this extension in the
+ * ServerHello anyway. Up to and including the 1.1.0 release,
+ * we did not check for the presence of nonpermitted extensions,
+ * so to avoid a regression, we must permit this extension in the
+ * TLS 1.2 ServerHello as well.
+ *
+ * Note that there is no tls_parse_stoc_supported_groups function,
+ * so we do not perform any additional parsing, validation, or
+ * processing on the server's group list -- this is just a minimal
+ * change to preserve compatibility with these misbehaving servers.
+ */
TLSEXT_TYPE_supported_groups,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
- | SSL_EXT_TLS1_2_SERVER_HELLO,
+ | SSL_EXT_TLS1_2_SERVER_HELLO,
NULL, tls_parse_ctos_supported_groups, NULL,
tls_construct_stoc_supported_groups,
- tls_construct_ctos_supported_groups, NULL
- },
- {
- TLSEXT_TYPE_session_ticket,
+ tls_construct_ctos_supported_groups, NULL },
+ { TLSEXT_TYPE_session_ticket,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
- | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+ | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
init_session_ticket, tls_parse_ctos_session_ticket,
tls_parse_stoc_session_ticket, tls_construct_stoc_session_ticket,
- tls_construct_ctos_session_ticket, NULL
- },
+ tls_construct_ctos_session_ticket, NULL },
#ifndef OPENSSL_NO_OCSP
- {
- TLSEXT_TYPE_status_request,
+ { TLSEXT_TYPE_status_request,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
- | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+ | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
init_status_request, tls_parse_ctos_status_request,
tls_parse_stoc_status_request, tls_construct_stoc_status_request,
- tls_construct_ctos_status_request, NULL
- },
+ tls_construct_ctos_status_request, NULL },
#else
INVALID_EXTENSION,
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
- {
- TLSEXT_TYPE_next_proto_neg,
+ { TLSEXT_TYPE_next_proto_neg,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
- | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+ | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
init_npn, tls_parse_ctos_npn, tls_parse_stoc_npn,
- tls_construct_stoc_next_proto_neg, tls_construct_ctos_npn, NULL
- },
+ tls_construct_stoc_next_proto_neg, tls_construct_ctos_npn, NULL },
#else
INVALID_EXTENSION,
#endif
- {
- /*
- * Must appear in this list after server_name so that finalisation
- * happens after server_name callbacks
- */
+ { /*
+ * Must appear in this list after server_name so that finalisation
+ * happens after server_name callbacks
+ */
TLSEXT_TYPE_application_layer_protocol_negotiation,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
- | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+ | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
init_alpn, tls_parse_ctos_alpn, tls_parse_stoc_alpn,
- tls_construct_stoc_alpn, tls_construct_ctos_alpn, final_alpn
- },
+ tls_construct_stoc_alpn, tls_construct_ctos_alpn, final_alpn },
#ifndef OPENSSL_NO_SRTP
- {
- TLSEXT_TYPE_use_srtp,
+ { TLSEXT_TYPE_use_srtp,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
- | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_DTLS_ONLY,
+ | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_DTLS_ONLY,
init_srtp, tls_parse_ctos_use_srtp, tls_parse_stoc_use_srtp,
- tls_construct_stoc_use_srtp, tls_construct_ctos_use_srtp, NULL
- },
+ tls_construct_stoc_use_srtp, tls_construct_ctos_use_srtp, NULL },
#else
INVALID_EXTENSION,
#endif
- {
- TLSEXT_TYPE_encrypt_then_mac,
+ { TLSEXT_TYPE_encrypt_then_mac,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
- | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+ | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
init_etm, tls_parse_ctos_etm, tls_parse_stoc_etm,
- tls_construct_stoc_etm, tls_construct_ctos_etm, NULL
- },
+ tls_construct_stoc_etm, tls_construct_ctos_etm, NULL },
#ifndef OPENSSL_NO_CT
- {
- TLSEXT_TYPE_signed_certificate_timestamp,
+ { TLSEXT_TYPE_signed_certificate_timestamp,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
- | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+ | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
NULL,
/*
* No server side support for this, but can be provided by a custom
* extension. This is an exception to the rule that custom extensions
* cannot override built in ones.
*/
- NULL, tls_parse_stoc_sct, NULL, tls_construct_ctos_sct, NULL
- },
+ NULL, tls_parse_stoc_sct, NULL, tls_construct_ctos_sct, NULL },
#else
INVALID_EXTENSION,
#endif
- {
- TLSEXT_TYPE_extended_master_secret,
+ { TLSEXT_TYPE_extended_master_secret,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
- | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+ | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
init_ems, tls_parse_ctos_ems, tls_parse_stoc_ems,
- tls_construct_stoc_ems, tls_construct_ctos_ems, final_ems
- },
- {
- TLSEXT_TYPE_signature_algorithms_cert,
+ tls_construct_stoc_ems, tls_construct_ctos_ems, final_ems },
+ { TLSEXT_TYPE_signature_algorithms_cert,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
init_sig_algs_cert, tls_parse_ctos_sig_algs_cert,
tls_parse_ctos_sig_algs_cert,
/* We do not generate signature_algorithms_cert at present. */
- NULL, NULL, NULL
- },
+ NULL, NULL, NULL },
{
TLSEXT_TYPE_post_handshake_auth,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ONLY,
init_post_handshake_auth,
- tls_parse_ctos_post_handshake_auth, NULL,
- NULL, tls_construct_ctos_post_handshake_auth,
+ tls_parse_ctos_post_handshake_auth,
+ NULL,
+ NULL,
+ tls_construct_ctos_post_handshake_auth,
NULL,
},
- {
- TLSEXT_TYPE_client_cert_type,
+ { TLSEXT_TYPE_client_cert_type,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
- | SSL_EXT_TLS1_2_SERVER_HELLO,
+ | SSL_EXT_TLS1_2_SERVER_HELLO,
init_client_cert_type,
tls_parse_ctos_client_cert_type, tls_parse_stoc_client_cert_type,
tls_construct_stoc_client_cert_type, tls_construct_ctos_client_cert_type,
- NULL
- },
- {
- TLSEXT_TYPE_server_cert_type,
+ NULL },
+ { TLSEXT_TYPE_server_cert_type,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
- | SSL_EXT_TLS1_2_SERVER_HELLO,
+ | SSL_EXT_TLS1_2_SERVER_HELLO,
init_server_cert_type,
tls_parse_ctos_server_cert_type, tls_parse_stoc_server_cert_type,
tls_construct_stoc_server_cert_type, tls_construct_ctos_server_cert_type,
- NULL
- },
- {
- TLSEXT_TYPE_signature_algorithms,
+ NULL },
+ { TLSEXT_TYPE_signature_algorithms,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
init_sig_algs, tls_parse_ctos_sig_algs,
tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs,
- tls_construct_ctos_sig_algs, final_sig_algs
- },
- {
- TLSEXT_TYPE_supported_versions,
+ tls_construct_ctos_sig_algs, final_sig_algs },
+ { TLSEXT_TYPE_supported_versions,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
- | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY,
+ | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY,
NULL,
/* Processed inline as part of version selection */
NULL, tls_parse_stoc_supported_versions,
tls_construct_stoc_supported_versions,
- tls_construct_ctos_supported_versions, final_supported_versions
- },
- {
- TLSEXT_TYPE_psk_kex_modes,
+ tls_construct_ctos_supported_versions, final_supported_versions },
+ { TLSEXT_TYPE_psk_kex_modes,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS_IMPLEMENTATION_ONLY
- | SSL_EXT_TLS1_3_ONLY,
+ | SSL_EXT_TLS1_3_ONLY,
init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL,
- tls_construct_ctos_psk_kex_modes, NULL
- },
- {
- /*
- * Must be in this list after supported_groups. We need that to have
- * been parsed before we do this one.
- */
+ tls_construct_ctos_psk_kex_modes, NULL },
+ { /*
+ * Must be in this list after supported_groups. We need that to have
+ * been parsed before we do this one.
+ */
TLSEXT_TYPE_key_share,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
- | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY
- | SSL_EXT_TLS1_3_ONLY,
+ | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY
+ | SSL_EXT_TLS1_3_ONLY,
NULL, tls_parse_ctos_key_share, tls_parse_stoc_key_share,
tls_construct_stoc_key_share, tls_construct_ctos_key_share,
- final_key_share
- },
- {
- /* Must be after key_share */
+ final_key_share },
+ { /* Must be after key_share */
TLSEXT_TYPE_cookie,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
- | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY,
+ | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY,
NULL, tls_parse_ctos_cookie, tls_parse_stoc_cookie,
- tls_construct_stoc_cookie, tls_construct_ctos_cookie, NULL
- },
- {
- /*
- * Special unsolicited ServerHello extension only used when
- * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but
- * ignore it.
- */
+ tls_construct_stoc_cookie, tls_construct_ctos_cookie, NULL },
+ { /*
+ * Special unsolicited ServerHello extension only used when
+ * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but
+ * ignore it.
+ */
TLSEXT_TYPE_cryptopro_bug,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
- | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
- NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL
- },
- {
- TLSEXT_TYPE_compress_certificate,
+ | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+ NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL },
+ { TLSEXT_TYPE_compress_certificate,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
- | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY,
+ | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY,
tls_init_compress_certificate,
tls_parse_compress_certificate, tls_parse_compress_certificate,
tls_construct_compress_certificate, tls_construct_compress_certificate,
- NULL
- },
- {
- TLSEXT_TYPE_early_data,
+ NULL },
+ { TLSEXT_TYPE_early_data,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
- | SSL_EXT_TLS1_3_NEW_SESSION_TICKET | SSL_EXT_TLS1_3_ONLY,
+ | SSL_EXT_TLS1_3_NEW_SESSION_TICKET | SSL_EXT_TLS1_3_ONLY,
NULL, tls_parse_ctos_early_data, tls_parse_stoc_early_data,
tls_construct_stoc_early_data, tls_construct_ctos_early_data,
- final_early_data
- },
+ final_early_data },
{
TLSEXT_TYPE_certificate_authorities,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
- | SSL_EXT_TLS1_3_ONLY,
+ | SSL_EXT_TLS1_3_ONLY,
init_certificate_authorities,
- tls_parse_certificate_authorities, tls_parse_certificate_authorities,
+ tls_parse_certificate_authorities,
+ tls_parse_certificate_authorities,
+ tls_construct_certificate_authorities,
tls_construct_certificate_authorities,
- tls_construct_certificate_authorities, NULL,
+ NULL,
},
- {
- /* Must be immediately before pre_shared_key */
+ { /* Must be immediately before pre_shared_key */
TLSEXT_TYPE_padding,
SSL_EXT_CLIENT_HELLO,
NULL,
/* We send this, but don't read it */
- NULL, NULL, NULL, tls_construct_ctos_padding, NULL
- },
- {
- /* Required by the TLSv1.3 spec to always be the last extension */
+ NULL, NULL, NULL, tls_construct_ctos_padding, NULL },
+ { /* Required by the TLSv1.3 spec to always be the last extension */
TLSEXT_TYPE_psk,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
- | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY,
+ | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY,
NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk,
- tls_construct_ctos_psk, final_psk
- }
+ tls_construct_ctos_psk, final_psk }
};
/* Returns a TLSEXT_TYPE for the given index */
@@ -445,7 +395,7 @@ unsigned int ossl_get_extension_type(size_t idx)
/* Check whether an extension's context matches the current context */
static int validate_context(SSL_CONNECTION *s, unsigned int extctx,
- unsigned int thisctx)
+ unsigned int thisctx)
{
/* Check we're allowed to use this extension in this context */
if ((thisctx & extctx) == 0)
@@ -462,7 +412,7 @@ static int validate_context(SSL_CONNECTION *s, unsigned int extctx,
}
int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx,
- RAW_EXTENSION *exts)
+ RAW_EXTENSION *exts)
{
size_t i, num_exts, builtin_num = OSSL_NELEM(ext_defs), offset;
RAW_EXTENSION *thisext;
@@ -487,7 +437,7 @@ int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx,
custom_ext_method *meth = NULL;
meth = custom_ext_find(&s->cert->custext, role, thisext->type,
- &offset);
+ &offset);
if (!ossl_assert(meth != NULL))
return 0;
context = meth->context;
@@ -507,8 +457,8 @@ int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx,
* the definition for the extension we found.
*/
static int verify_extension(SSL_CONNECTION *s, unsigned int context,
- unsigned int type, custom_ext_methods *meths,
- RAW_EXTENSION *rawexlist, RAW_EXTENSION **found)
+ unsigned int type, custom_ext_methods *meths,
+ RAW_EXTENSION *rawexlist, RAW_EXTENSION **found)
{
size_t i;
size_t builtin_num = OSSL_NELEM(ext_defs);
@@ -555,7 +505,7 @@ static int verify_extension(SSL_CONNECTION *s, unsigned int context,
* 1 if the extension is relevant for this context, and 0 otherwise
*/
int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx,
- unsigned int thisctx)
+ unsigned int thisctx)
{
int is_tls13;
@@ -569,22 +519,22 @@ int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx,
is_tls13 = SSL_CONNECTION_IS_TLS13(s);
if ((SSL_CONNECTION_IS_DTLS(s)
- && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0)
- || (s->version == SSL3_VERSION
- && (extctx & SSL_EXT_SSL3_ALLOWED) == 0)
- /*
- * Note that SSL_IS_TLS13() means "TLS 1.3 has been negotiated",
- * which is never true when generating the ClientHello.
- * However, version negotiation *has* occurred by the time the
- * ClientHello extensions are being parsed.
- * Be careful to allow TLS 1.3-only extensions when generating
- * the ClientHello.
- */
- || (is_tls13 && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0)
- || (!is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0
- && (thisctx & SSL_EXT_CLIENT_HELLO) == 0)
- || (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0)
- || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0))
+ && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0)
+ || (s->version == SSL3_VERSION
+ && (extctx & SSL_EXT_SSL3_ALLOWED) == 0)
+ /*
+ * Note that SSL_IS_TLS13() means "TLS 1.3 has been negotiated",
+ * which is never true when generating the ClientHello.
+ * However, version negotiation *has* occurred by the time the
+ * ClientHello extensions are being parsed.
+ * Be careful to allow TLS 1.3-only extensions when generating
+ * the ClientHello.
+ */
+ || (is_tls13 && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0)
+ || (!is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0
+ && (thisctx & SSL_EXT_CLIENT_HELLO) == 0)
+ || (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0)
+ || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0))
return 0;
return 1;
}
@@ -606,8 +556,8 @@ int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx,
* extensions that we know about. We ignore others.
*/
int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet,
- unsigned int context,
- RAW_EXTENSION **res, size_t *len, int init)
+ unsigned int context,
+ RAW_EXTENSION **res, size_t *len, int init)
{
PACKET extensions = *packet;
size_t i = 0;
@@ -638,8 +588,7 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet,
PACKET extension;
RAW_EXTENSION *thisex;
- if (!PACKET_get_net_2(&extensions, &type) ||
- !PACKET_get_length_prefixed_2(&extensions, &extension)) {
+ if (!PACKET_get_net_2(&extensions, &type) || !PACKET_get_length_prefixed_2(&extensions, &extension)) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
goto err;
}
@@ -649,10 +598,10 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet,
* PSK extension, which must be the last one in the ClientHello.
*/
if (!verify_extension(s, context, type, exts, raw_extensions, &thisex)
- || (thisex != NULL && thisex->present == 1)
- || (type == TLSEXT_TYPE_psk
- && (context & SSL_EXT_CLIENT_HELLO) != 0
- && PACKET_remaining(&extensions) != 0)) {
+ || (thisex != NULL && thisex->present == 1)
+ || (type == TLSEXT_TYPE_psk
+ && (context & SSL_EXT_CLIENT_HELLO) != 0
+ && PACKET_remaining(&extensions) != 0)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EXTENSION);
goto err;
}
@@ -672,20 +621,18 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet,
* itself handle unsolicited response checks.
*/
if (idx < OSSL_NELEM(ext_defs)
- && (context & (SSL_EXT_CLIENT_HELLO
- | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
- | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) == 0
- && type != TLSEXT_TYPE_cookie
- && type != TLSEXT_TYPE_renegotiate
- && type != TLSEXT_TYPE_signed_certificate_timestamp
- && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0
+ && (context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) == 0
+ && type != TLSEXT_TYPE_cookie
+ && type != TLSEXT_TYPE_renegotiate
+ && type != TLSEXT_TYPE_signed_certificate_timestamp
+ && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0
#ifndef OPENSSL_NO_GOST
- && !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0
- && type == TLSEXT_TYPE_cryptopro_bug)
+ && !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0
+ && type == TLSEXT_TYPE_cryptopro_bug)
#endif
- ) {
+ ) {
SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION,
- SSL_R_UNSOLICITED_EXTENSION);
+ SSL_R_UNSOLICITED_EXTENSION);
goto err;
}
if (thisex != NULL) {
@@ -695,9 +642,9 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet,
thisex->received_order = i++;
if (s->ext.debug_cb)
s->ext.debug_cb(SSL_CONNECTION_GET_USER_SSL(s), !s->server,
- thisex->type, PACKET_data(&thisex->data),
- PACKET_remaining(&thisex->data),
- s->ext.debug_arg);
+ thisex->type, PACKET_data(&thisex->data),
+ PACKET_remaining(&thisex->data),
+ s->ext.debug_arg);
}
}
@@ -707,7 +654,7 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet,
* whether we have found them or not
*/
for (thisexd = ext_defs, i = 0; i < OSSL_NELEM(ext_defs);
- i++, thisexd++) {
+ i++, thisexd++) {
if (thisexd->init != NULL && (thisexd->context & context) != 0
&& extension_is_relevant(s, thisexd->context, context)
&& !thisexd->init(s, context)) {
@@ -722,7 +669,7 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet,
*len = num_exts;
return 1;
- err:
+err:
OPENSSL_free(raw_extensions);
return 0;
}
@@ -738,11 +685,12 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet,
* present this counted as success.
*/
int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context,
- RAW_EXTENSION *exts, X509 *x, size_t chainidx)
+ RAW_EXTENSION *exts, X509 *x, size_t chainidx)
{
RAW_EXTENSION *currext = &exts[idx];
int (*parser)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x,
- size_t chainidx) = NULL;
+ size_t chainidx)
+ = NULL;
/* Skip if the extension is not present */
if (!currext->present)
@@ -775,9 +723,9 @@ int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context,
/* Parse custom extensions */
return custom_ext_parse(s, context, currext->type,
- PACKET_data(&currext->data),
- PACKET_remaining(&currext->data),
- x, chainidx);
+ PACKET_data(&currext->data),
+ PACKET_remaining(&currext->data),
+ x, chainidx);
}
/*
@@ -788,8 +736,8 @@ int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context,
* its position in the |chainidx|, with 0 being the first certificate.
*/
int tls_parse_all_extensions(SSL_CONNECTION *s, int context,
- RAW_EXTENSION *exts, X509 *x,
- size_t chainidx, int fin)
+ RAW_EXTENSION *exts, X509 *x,
+ size_t chainidx, int fin)
{
size_t i, numexts = OSSL_NELEM(ext_defs);
const EXTENSION_DEFINITION *thisexd;
@@ -811,7 +759,7 @@ int tls_parse_all_extensions(SSL_CONNECTION *s, int context,
* whether we have found them or not
*/
for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs);
- i++, thisexd++) {
+ i++, thisexd++) {
if (thisexd->final != NULL && (thisexd->context & context) != 0
&& !thisexd->final(s, context, exts[i].present)) {
/* SSLfatal() already called */
@@ -824,7 +772,7 @@ int tls_parse_all_extensions(SSL_CONNECTION *s, int context,
}
int should_add_extension(SSL_CONNECTION *s, unsigned int extctx,
- unsigned int thisctx, int max_version)
+ unsigned int thisctx, int max_version)
{
/* Skip if not relevant for our context */
if ((extctx & thisctx) == 0)
@@ -832,9 +780,9 @@ int should_add_extension(SSL_CONNECTION *s, unsigned int extctx,
/* Check if this extension is defined for our protocol. If not, skip */
if (!extension_is_relevant(s, extctx, thisctx)
- || ((extctx & SSL_EXT_TLS1_3_ONLY) != 0
- && (thisctx & SSL_EXT_CLIENT_HELLO) != 0
- && (SSL_CONNECTION_IS_DTLS(s) || max_version < TLS1_3_VERSION)))
+ || ((extctx & SSL_EXT_TLS1_3_ONLY) != 0
+ && (thisctx & SSL_EXT_CLIENT_HELLO) != 0
+ && (SSL_CONNECTION_IS_DTLS(s) || max_version < TLS1_3_VERSION)))
return 0;
return 1;
@@ -849,8 +797,8 @@ int should_add_extension(SSL_CONNECTION *s, unsigned int extctx,
* failure construction stops at the first extension to fail to construct.
*/
int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt,
- unsigned int context,
- X509 *x, size_t chainidx)
+ unsigned int context,
+ X509 *x, size_t chainidx)
{
size_t i;
int min_version, max_version = 0, reason;
@@ -858,15 +806,14 @@ int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt,
int for_comp = (context & SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION) != 0;
if (!WPACKET_start_sub_packet_u16(pkt)
- /*
- * If extensions are of zero length then we don't even add the
- * extensions length bytes to a ClientHello/ServerHello
- * (for non-TLSv1.3).
- */
- || ((context &
- (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0
- && !WPACKET_set_flags(pkt,
- WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))) {
+ /*
+ * If extensions are of zero length then we don't even add the
+ * extensions length bytes to a ClientHello/ServerHello
+ * (for non-TLSv1.3).
+ */
+ || ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0
+ && !WPACKET_set_flags(pkt,
+ WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))) {
if (!for_comp)
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
@@ -893,8 +840,8 @@ int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt,
for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) {
EXT_RETURN (*construct)(SSL_CONNECTION *s, WPACKET *pkt,
- unsigned int context,
- X509 *x, size_t chainidx);
+ unsigned int context,
+ X509 *x, size_t chainidx);
EXT_RETURN ret;
/* Skip if not relevant for our context */
@@ -913,9 +860,7 @@ int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt,
return 0;
}
if (ret == EXT_RETURN_SENT
- && (context & (SSL_EXT_CLIENT_HELLO
- | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
- | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) != 0)
+ && (context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) != 0)
s->ext.extflags[i] |= SSL_EXT_FLAG_SENT;
}
@@ -943,10 +888,10 @@ static int final_renegotiate(SSL_CONNECTION *s, unsigned int context, int sent)
* renegotiation
*/
if (!(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
- && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
- && !sent) {
+ && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
+ && !sent) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
- SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0;
}
@@ -955,19 +900,18 @@ static int final_renegotiate(SSL_CONNECTION *s, unsigned int context, int sent)
/* Need RI if renegotiating */
if (s->renegotiate
- && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
- && !sent) {
+ && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
+ && !sent) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
- SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0;
}
-
return 1;
}
static ossl_inline void ssl_tsan_decr(const SSL_CTX *ctx,
- TSAN_QUALIFIER int *stat)
+ TSAN_QUALIFIER int *stat)
{
if (ssl_tsan_lock(ctx)) {
tsan_decr(stat);
@@ -1003,10 +947,10 @@ static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent)
if (sctx->ext.servername_cb != NULL)
ret = sctx->ext.servername_cb(ussl, &altmp,
- sctx->ext.servername_arg);
+ sctx->ext.servername_arg);
else if (s->session_ctx->ext.servername_cb != NULL)
ret = s->session_ctx->ext.servername_cb(ussl, &altmp,
- s->session_ctx->ext.servername_arg);
+ s->session_ctx->ext.servername_arg);
/*
* For servers, propagate the SNI hostname from the temporary
@@ -1034,7 +978,7 @@ static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent)
* exceed sess_accept (zero) for the new context.
*/
if (SSL_IS_FIRST_HANDSHAKE(s) && sctx != s->session_ctx
- && s->hello_retry_request == SSL_HRR_NONE) {
+ && s->hello_retry_request == SSL_HRR_NONE) {
ssl_tsan_counter(sctx, &sctx->stats.sess_accept);
ssl_tsan_decr(s->session_ctx, &s->session_ctx->stats.sess_accept);
}
@@ -1045,10 +989,10 @@ static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent)
* Also, if this is not a resumption, create a new session ID
*/
if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected
- && was_ticket && (SSL_get_options(ssl) & SSL_OP_NO_TICKET) != 0) {
+ && was_ticket && (SSL_get_options(ssl) & SSL_OP_NO_TICKET) != 0) {
s->ext.ticket_expected = 0;
if (!s->hit) {
- SSL_SESSION* ss = SSL_get_session(ssl);
+ SSL_SESSION *ss = SSL_get_session(ssl);
if (ss != NULL) {
OPENSSL_free(ss->ext.tick);
@@ -1089,7 +1033,7 @@ static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent)
}
static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context,
- int sent)
+ int sent)
{
unsigned long alg_k, alg_a;
@@ -1105,10 +1049,10 @@ static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context,
* must contain uncompressed.
*/
if (s->ext.ecpointformats != NULL
- && s->ext.ecpointformats_len > 0
- && s->ext.peer_ecpointformats != NULL
- && s->ext.peer_ecpointformats_len > 0
- && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) {
+ && s->ext.ecpointformats_len > 0
+ && s->ext.peer_ecpointformats != NULL
+ && s->ext.peer_ecpointformats_len > 0
+ && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) {
/* we are using an ECC cipher */
size_t i;
unsigned char *list = s->ext.peer_ecpointformats;
@@ -1119,7 +1063,7 @@ static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context,
}
if (i == s->ext.peer_ecpointformats_len) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
- SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
+ SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
return 0;
}
}
@@ -1179,7 +1123,7 @@ static int init_alpn(SSL_CONNECTION *s, unsigned int context)
static int final_alpn(SSL_CONNECTION *s, unsigned int context, int sent)
{
if (!s->server && !sent && s->session->ext.alpn_selected != NULL)
- s->ext.early_data_ok = 0;
+ s->ext.early_data_ok = 0;
if (!s->server || !SSL_CONNECTION_IS_TLS13(s))
return 1;
@@ -1207,7 +1151,7 @@ static int init_sig_algs(SSL_CONNECTION *s, unsigned int context)
}
static int init_sig_algs_cert(SSL_CONNECTION *s,
- ossl_unused unsigned int context)
+ ossl_unused unsigned int context)
{
/* Clear any signature algorithms extension received */
OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
@@ -1269,8 +1213,7 @@ static int final_ems(SSL_CONNECTION *s, unsigned int context, int sent)
* Check extended master secret extension is consistent with
* original session.
*/
- if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) !=
- !(s->session->flags & SSL_SESS_FLAG_EXTMS)) {
+ if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) != !(s->session->flags & SSL_SESS_FLAG_EXTMS)) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS);
return 0;
}
@@ -1287,10 +1230,10 @@ static int init_certificate_authorities(SSL_CONNECTION *s, unsigned int context)
}
static EXT_RETURN tls_construct_certificate_authorities(SSL_CONNECTION *s,
- WPACKET *pkt,
- unsigned int context,
- X509 *x,
- size_t chainidx)
+ WPACKET *pkt,
+ unsigned int context,
+ X509 *x,
+ size_t chainidx)
{
const STACK_OF(X509_NAME) *ca_sk = get_ca_names(s);
@@ -1317,8 +1260,8 @@ static EXT_RETURN tls_construct_certificate_authorities(SSL_CONNECTION *s,
}
static int tls_parse_certificate_authorities(SSL_CONNECTION *s, PACKET *pkt,
- unsigned int context, X509 *x,
- size_t chainidx)
+ unsigned int context, X509 *x,
+ size_t chainidx)
{
if (!parse_ca_names(s, pkt))
return 0;
@@ -1343,7 +1286,7 @@ static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent)
{
if (!sent && SSL_CONNECTION_IS_TLS13(s) && !s->hit) {
SSLfatal(s, TLS13_AD_MISSING_EXTENSION,
- SSL_R_MISSING_SIGALGS_EXTENSION);
+ SSL_R_MISSING_SIGALGS_EXTENSION);
return 0;
}
@@ -1351,11 +1294,11 @@ static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent)
}
static int final_supported_versions(SSL_CONNECTION *s, unsigned int context,
- int sent)
+ int sent)
{
if (!sent && context == SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) {
SSLfatal(s, TLS13_AD_MISSING_EXTENSION,
- SSL_R_MISSING_SUPPORTED_VERSIONS_EXTENSION);
+ SSL_R_MISSING_SUPPORTED_VERSIONS_EXTENSION);
return 0;
}
@@ -1384,7 +1327,7 @@ static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent)
* fail;
*/
if (!s->server
- && !sent) {
+ && !sent) {
if ((s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_SUITABLE_KEY_SHARE);
return 0;
@@ -1432,7 +1375,7 @@ static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent)
if (s->s3.peer_tmp != NULL) {
/* We have a suitable key_share */
if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0
- && !s->ext.cookieok) {
+ && !s->ext.cookieok) {
if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) {
/*
* If we are stateless then we wouldn't know about any
@@ -1448,8 +1391,8 @@ static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent)
} else {
/* No suitable key_share */
if (s->hello_retry_request == SSL_HRR_NONE && sent
- && (!s->hit
- || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) != 0)) {
+ && (!s->hit
+ || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) != 0)) {
/* Did we detect group overlap in tls_parse_ctos_key_share ? */
if (s->s3.group_id_candidate != 0) {
@@ -1460,16 +1403,15 @@ static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent)
}
}
if (!s->hit
- || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) {
+ || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) {
/* Nothing left we can do - just fail */
- SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE
- : SSL_AD_MISSING_EXTENSION,
- SSL_R_NO_SUITABLE_KEY_SHARE);
+ SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE : SSL_AD_MISSING_EXTENSION,
+ SSL_R_NO_SUITABLE_KEY_SHARE);
return 0;
}
if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0
- && !s->ext.cookieok) {
+ && !s->ext.cookieok) {
if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) {
/*
* If we are stateless then we wouldn't know about any
@@ -1512,10 +1454,10 @@ static int init_psk_kex_modes(SSL_CONNECTION *s, unsigned int context)
}
int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md,
- const unsigned char *msgstart,
- size_t binderoffset, const unsigned char *binderin,
- unsigned char *binderout, SSL_SESSION *sess, int sign,
- int external)
+ const unsigned char *msgstart,
+ size_t binderoffset, const unsigned char *binderin,
+ unsigned char *binderout, SSL_SESSION *sess, int sign,
+ int external)
{
EVP_PKEY *mackey = NULL;
EVP_MD_CTX *mctx = NULL;
@@ -1541,9 +1483,9 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md,
hashsize = (size_t)hashsizei;
if (external
- && s->early_data_state == SSL_EARLY_DATA_CONNECTING
- && s->session->ext.max_early_data == 0
- && sess->ext.max_early_data > 0)
+ && s->early_data_state == SSL_EARLY_DATA_CONNECTING
+ && s->session->ext.max_early_data == 0
+ && sess->ext.max_early_data > 0)
usepskfored = 1;
if (external) {
@@ -1568,7 +1510,7 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md,
early_secret = (unsigned char *)sess->early_secret;
if (!tls13_generate_secret(s, md, NULL, sess->master_key,
- sess->master_key_length, early_secret)) {
+ sess->master_key_length, early_secret)) {
/* SSLfatal() already called */
goto err;
}
@@ -1579,15 +1521,15 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md,
*/
mctx = EVP_MD_CTX_new();
if (mctx == NULL
- || EVP_DigestInit_ex(mctx, md, NULL) <= 0
- || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
+ || EVP_DigestInit_ex(mctx, md, NULL) <= 0
+ || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
/* Generate the binder key */
if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash,
- hashsize, binderkey, hashsize, 1)) {
+ hashsize, binderkey, hashsize, 1)) {
/* SSLfatal() already called */
goto err;
}
@@ -1613,8 +1555,7 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md,
long hdatalen_l;
void *hdata;
- hdatalen = hdatalen_l =
- BIO_get_mem_data(s->s3.handshake_buffer, &hdata);
+ hdatalen = hdatalen_l = BIO_get_mem_data(s->s3.handshake_buffer, &hdata);
if (hdatalen_l <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_LENGTH);
goto err;
@@ -1629,10 +1570,10 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md,
/* Find how many bytes are left after the first two messages */
if (!PACKET_buf_init(&hashprefix, hdata, hdatalen)
- || !PACKET_forward(&hashprefix, 1)
- || !PACKET_get_length_prefixed_3(&hashprefix, &msg)
- || !PACKET_forward(&hashprefix, 1)
- || !PACKET_get_length_prefixed_3(&hashprefix, &msg)) {
+ || !PACKET_forward(&hashprefix, 1)
+ || !PACKET_get_length_prefixed_3(&hashprefix, &msg)
+ || !PACKET_forward(&hashprefix, 1)
+ || !PACKET_get_length_prefixed_3(&hashprefix, &msg)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1646,14 +1587,14 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md,
}
if (EVP_DigestUpdate(mctx, msgstart, binderoffset) <= 0
- || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
+ || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
mackey = EVP_PKEY_new_raw_private_key_ex(sctx->libctx, "HMAC",
- sctx->propq, finishedkey,
- hashsize);
+ sctx->propq, finishedkey,
+ hashsize);
if (mackey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
@@ -1664,10 +1605,11 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md,
bindersize = hashsize;
if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_get0_name(md), sctx->libctx,
- sctx->propq, mackey, NULL) <= 0
- || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0
- || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0
- || bindersize != hashsize) {
+ sctx->propq, mackey, NULL)
+ <= 0
+ || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0
+ || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0
+ || bindersize != hashsize) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1681,7 +1623,7 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md,
SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BINDER_DOES_NOT_VERIFY);
}
- err:
+err:
OPENSSL_cleanse(binderkey, sizeof(binderkey));
OPENSSL_cleanse(finishedkey, sizeof(finishedkey));
EVP_PKEY_free(mackey);
@@ -1697,8 +1639,8 @@ static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent)
if (!s->server) {
if (context == SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
- && sent
- && !s->ext.early_data_ok) {
+ && sent
+ && !s->ext.early_data_ok) {
/*
* If we get here then the server accepted our early_data but we
* later realised that it shouldn't have done (e.g. inconsistent
@@ -1712,19 +1654,19 @@ static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent)
}
if (s->max_early_data == 0
- || !s->hit
- || s->early_data_state != SSL_EARLY_DATA_ACCEPTING
- || !s->ext.early_data_ok
- || s->hello_retry_request != SSL_HRR_NONE
- || (s->allow_early_data_cb != NULL
- && !s->allow_early_data_cb(SSL_CONNECTION_GET_USER_SSL(s),
- s->allow_early_data_cb_data))) {
+ || !s->hit
+ || s->early_data_state != SSL_EARLY_DATA_ACCEPTING
+ || !s->ext.early_data_ok
+ || s->hello_retry_request != SSL_HRR_NONE
+ || (s->allow_early_data_cb != NULL
+ && !s->allow_early_data_cb(SSL_CONNECTION_GET_USER_SSL(s),
+ s->allow_early_data_cb_data))) {
s->ext.early_data = SSL_EARLY_DATA_REJECTED;
} else {
s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
if (!tls13_change_cipher_state(s,
- SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_SERVER_READ)) {
+ SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_SERVER_READ)) {
/* SSLfatal() already called */
return 0;
}
@@ -1734,7 +1676,7 @@ static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent)
}
static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context,
- int sent)
+ int sent)
{
if (s->session == NULL)
return 1;
@@ -1745,16 +1687,16 @@ static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context,
if (USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) {
s->rlayer.rrlmethod->set_max_frag_len(s->rlayer.rrl,
- GET_MAX_FRAGMENT_LENGTH(s->session));
+ GET_MAX_FRAGMENT_LENGTH(s->session));
s->rlayer.wrlmethod->set_max_frag_len(s->rlayer.wrl,
- ssl_get_max_send_fragment(s));
+ ssl_get_max_send_fragment(s));
}
return 1;
}
static int init_post_handshake_auth(SSL_CONNECTION *s,
- ossl_unused unsigned int context)
+ ossl_unused unsigned int context)
{
s->post_handshake_auth = SSL_PHA_NONE;
@@ -1768,9 +1710,9 @@ static int init_post_handshake_auth(SSL_CONNECTION *s,
static int final_psk(SSL_CONNECTION *s, unsigned int context, int sent)
{
if (s->server && sent && s->clienthello != NULL
- && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) {
+ && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) {
SSLfatal(s, TLS13_AD_MISSING_EXTENSION,
- SSL_R_MISSING_PSK_KEX_MODES_EXTENSION);
+ SSL_R_MISSING_PSK_KEX_MODES_EXTENSION);
return 0;
}
@@ -1780,14 +1722,14 @@ static int final_psk(SSL_CONNECTION *s, unsigned int context, int sent)
static int tls_init_compress_certificate(SSL_CONNECTION *sc, unsigned int context)
{
memset(sc->ext.compress_certificate_from_peer, 0,
- sizeof(sc->ext.compress_certificate_from_peer));
+ sizeof(sc->ext.compress_certificate_from_peer));
return 1;
}
/* The order these are put into the packet imply a preference order: [brotli, zlib, zstd] */
static EXT_RETURN tls_construct_compress_certificate(SSL_CONNECTION *sc, WPACKET *pkt,
- unsigned int context,
- X509 *x, size_t chainidx)
+ unsigned int context,
+ X509 *x, size_t chainidx)
{
#ifndef OPENSSL_NO_COMP_ALG
int i;
@@ -1815,8 +1757,8 @@ static EXT_RETURN tls_construct_compress_certificate(SSL_CONNECTION *sc, WPACKET
return EXT_RETURN_NOT_SENT;
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_compress_certificate)
- || !WPACKET_start_sub_packet_u16(pkt)
- || !WPACKET_start_sub_packet_u8(pkt))
+ || !WPACKET_start_sub_packet_u16(pkt)
+ || !WPACKET_start_sub_packet_u8(pkt))
goto err;
for (i = 0; sc->cert_comp_prefs[i] != TLSEXT_comp_cert_none; i++) {
@@ -1828,7 +1770,7 @@ static EXT_RETURN tls_construct_compress_certificate(SSL_CONNECTION *sc, WPACKET
sc->ext.compress_certificate_sent = 1;
return EXT_RETURN_SENT;
- err:
+err:
SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
#else
@@ -1859,7 +1801,7 @@ static int tls_comp_in_pref(SSL_CONNECTION *sc, int alg)
#endif
int tls_parse_compress_certificate(SSL_CONNECTION *sc, PACKET *pkt, unsigned int context,
- X509 *x, size_t chainidx)
+ X509 *x, size_t chainidx)
{
#ifndef OPENSSL_NO_COMP_ALG
PACKET supported_comp_algs;
@@ -1882,7 +1824,7 @@ int tls_parse_compress_certificate(SSL_CONNECTION *sc, PACKET *pkt, unsigned int
return 1;
if (!PACKET_as_length_prefixed_1(pkt, &supported_comp_algs)
- || PACKET_remaining(&supported_comp_algs) == 0) {
+ || PACKET_remaining(&supported_comp_algs) == 0) {
SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
return 0;
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-20 22:22:32 +0000