diff options
Diffstat (limited to 'crypto/openssl/ssl/statem')
| -rw-r--r-- | crypto/openssl/ssl/statem/extensions.c | 656 | ||||
| -rw-r--r-- | crypto/openssl/ssl/statem/extensions_clnt.c | 622 | ||||
| -rw-r--r-- | crypto/openssl/ssl/statem/extensions_cust.c | 207 | ||||
| -rw-r--r-- | crypto/openssl/ssl/statem/extensions_srvr.c | 740 | ||||
| -rw-r--r-- | crypto/openssl/ssl/statem/statem.c | 94 | ||||
| -rw-r--r-- | crypto/openssl/ssl/statem/statem_clnt.c | 632 | ||||
| -rw-r--r-- | crypto/openssl/ssl/statem/statem_dtls.c | 271 | ||||
| -rw-r--r-- | crypto/openssl/ssl/statem/statem_lib.c | 583 | ||||
| -rw-r--r-- | crypto/openssl/ssl/statem/statem_local.h | 486 | ||||
| -rw-r--r-- | crypto/openssl/ssl/statem/statem_srvr.c | 1009 |
10 files changed, 2635 insertions, 2665 deletions
diff --git a/crypto/openssl/ssl/statem/extensions.c b/crypto/openssl/ssl/statem/extensions.c index 9811e5c94b93..2de540f828f0 100644 --- a/crypto/openssl/ssl/statem/extensions.c +++ b/crypto/openssl/ssl/statem/extensions.c @@ -8,8 +8,8 @@ */ #if defined(__TANDEM) && defined(_SPT_MODEL_) -# include <spthread.h> -# include <spt_extensions.h> /* timeval */ +#include <spthread.h> +#include <spt_extensions.h> /* timeval */ #endif #include <string.h> @@ -23,7 +23,7 @@ static int final_renegotiate(SSL_CONNECTION *s, unsigned int context, int sent); static int init_server_name(SSL_CONNECTION *s, unsigned int context); static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent); static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context, - int sent); + int sent); static int init_session_ticket(SSL_CONNECTION *s, unsigned int context); #ifndef OPENSSL_NO_OCSP static int init_status_request(SSL_CONNECTION *s, unsigned int context); @@ -38,15 +38,15 @@ static int init_sig_algs(SSL_CONNECTION *s, unsigned int context); static int init_server_cert_type(SSL_CONNECTION *sc, unsigned int context); static int init_client_cert_type(SSL_CONNECTION *sc, unsigned int context); static int init_certificate_authorities(SSL_CONNECTION *s, - unsigned int context); + unsigned int context); static EXT_RETURN tls_construct_certificate_authorities(SSL_CONNECTION *s, - WPACKET *pkt, - unsigned int context, - X509 *x, - size_t chainidx); + WPACKET *pkt, + unsigned int context, + X509 *x, + size_t chainidx); static int tls_parse_certificate_authorities(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #ifndef OPENSSL_NO_SRP static int init_srp(SSL_CONNECTION *s, unsigned int context); #endif @@ -61,19 +61,19 @@ static int init_srtp(SSL_CONNECTION *s, unsigned int context); #endif static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent); static int final_supported_versions(SSL_CONNECTION *s, unsigned int context, - int sent); + int sent); static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent); static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context, - int sent); + int sent); static int init_post_handshake_auth(SSL_CONNECTION *s, unsigned int context); static int final_psk(SSL_CONNECTION *s, unsigned int context, int sent); static int tls_init_compress_certificate(SSL_CONNECTION *sc, unsigned int context); static EXT_RETURN tls_construct_compress_certificate(SSL_CONNECTION *sc, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); static int tls_parse_compress_certificate(SSL_CONNECTION *sc, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); /* Structure to define a built-in extension */ typedef struct extensions_definition_st { @@ -91,18 +91,18 @@ typedef struct extensions_definition_st { int (*init)(SSL_CONNECTION *s, unsigned int context); /* Parse extension sent from client to server */ int (*parse_ctos)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); /* Parse extension send from server to client */ int (*parse_stoc)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); /* Construct extension sent from server to client */ EXT_RETURN (*construct_stoc)(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); /* Construct extension sent from client to server */ EXT_RETURN (*construct_ctos)(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); /* * Finalise extension after parsing. Always called where an extensions was * initialised even if the extension was not present. |sent| is set to 1 if @@ -140,296 +140,246 @@ typedef struct extensions_definition_st { */ #define INVALID_EXTENSION { TLSEXT_TYPE_invalid, 0, NULL, NULL, NULL, NULL, NULL, NULL } static const EXTENSION_DEFINITION ext_defs[] = { - { - TLSEXT_TYPE_renegotiate, + { TLSEXT_TYPE_renegotiate, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_SSL3_ALLOWED | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_SSL3_ALLOWED | SSL_EXT_TLS1_2_AND_BELOW_ONLY, NULL, tls_parse_ctos_renegotiate, tls_parse_stoc_renegotiate, tls_construct_stoc_renegotiate, tls_construct_ctos_renegotiate, - final_renegotiate - }, - { - TLSEXT_TYPE_server_name, + final_renegotiate }, + { TLSEXT_TYPE_server_name, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, init_server_name, tls_parse_ctos_server_name, tls_parse_stoc_server_name, tls_construct_stoc_server_name, tls_construct_ctos_server_name, - final_server_name - }, - { - TLSEXT_TYPE_max_fragment_length, + final_server_name }, + { TLSEXT_TYPE_max_fragment_length, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, NULL, tls_parse_ctos_maxfragmentlen, tls_parse_stoc_maxfragmentlen, tls_construct_stoc_maxfragmentlen, tls_construct_ctos_maxfragmentlen, - final_maxfragmentlen - }, + final_maxfragmentlen }, #ifndef OPENSSL_NO_SRP - { - TLSEXT_TYPE_srp, + { TLSEXT_TYPE_srp, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY, - init_srp, tls_parse_ctos_srp, NULL, NULL, tls_construct_ctos_srp, NULL - }, + init_srp, tls_parse_ctos_srp, NULL, NULL, tls_construct_ctos_srp, NULL }, #else INVALID_EXTENSION, #endif - { - TLSEXT_TYPE_ec_point_formats, + { TLSEXT_TYPE_ec_point_formats, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats, tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats, - final_ec_pt_formats - }, - { - /* - * "supported_groups" is spread across several specifications. - * It was originally specified as "elliptic_curves" in RFC 4492, - * and broadened to include named FFDH groups by RFC 7919. - * Both RFCs 4492 and 7919 do not include a provision for the server - * to indicate to the client the complete list of groups supported - * by the server, with the server instead just indicating the - * selected group for this connection in the ServerKeyExchange - * message. TLS 1.3 adds a scheme for the server to indicate - * to the client its list of supported groups in the - * EncryptedExtensions message, but none of the relevant - * specifications permit sending supported_groups in the ServerHello. - * Nonetheless (possibly due to the close proximity to the - * "ec_point_formats" extension, which is allowed in the ServerHello), - * there are several servers that send this extension in the - * ServerHello anyway. Up to and including the 1.1.0 release, - * we did not check for the presence of nonpermitted extensions, - * so to avoid a regression, we must permit this extension in the - * TLS 1.2 ServerHello as well. - * - * Note that there is no tls_parse_stoc_supported_groups function, - * so we do not perform any additional parsing, validation, or - * processing on the server's group list -- this is just a minimal - * change to preserve compatibility with these misbehaving servers. - */ + final_ec_pt_formats }, + { /* + * "supported_groups" is spread across several specifications. + * It was originally specified as "elliptic_curves" in RFC 4492, + * and broadened to include named FFDH groups by RFC 7919. + * Both RFCs 4492 and 7919 do not include a provision for the server + * to indicate to the client the complete list of groups supported + * by the server, with the server instead just indicating the + * selected group for this connection in the ServerKeyExchange + * message. TLS 1.3 adds a scheme for the server to indicate + * to the client its list of supported groups in the + * EncryptedExtensions message, but none of the relevant + * specifications permit sending supported_groups in the ServerHello. + * Nonetheless (possibly due to the close proximity to the + * "ec_point_formats" extension, which is allowed in the ServerHello), + * there are several servers that send this extension in the + * ServerHello anyway. Up to and including the 1.1.0 release, + * we did not check for the presence of nonpermitted extensions, + * so to avoid a regression, we must permit this extension in the + * TLS 1.2 ServerHello as well. + * + * Note that there is no tls_parse_stoc_supported_groups function, + * so we do not perform any additional parsing, validation, or + * processing on the server's group list -- this is just a minimal + * change to preserve compatibility with these misbehaving servers. + */ TLSEXT_TYPE_supported_groups, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - | SSL_EXT_TLS1_2_SERVER_HELLO, + | SSL_EXT_TLS1_2_SERVER_HELLO, NULL, tls_parse_ctos_supported_groups, NULL, tls_construct_stoc_supported_groups, - tls_construct_ctos_supported_groups, NULL - }, - { - TLSEXT_TYPE_session_ticket, + tls_construct_ctos_supported_groups, NULL }, + { TLSEXT_TYPE_session_ticket, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, init_session_ticket, tls_parse_ctos_session_ticket, tls_parse_stoc_session_ticket, tls_construct_stoc_session_ticket, - tls_construct_ctos_session_ticket, NULL - }, + tls_construct_ctos_session_ticket, NULL }, #ifndef OPENSSL_NO_OCSP - { - TLSEXT_TYPE_status_request, + { TLSEXT_TYPE_status_request, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, + | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, init_status_request, tls_parse_ctos_status_request, tls_parse_stoc_status_request, tls_construct_stoc_status_request, - tls_construct_ctos_status_request, NULL - }, + tls_construct_ctos_status_request, NULL }, #else INVALID_EXTENSION, #endif #ifndef OPENSSL_NO_NEXTPROTONEG - { - TLSEXT_TYPE_next_proto_neg, + { TLSEXT_TYPE_next_proto_neg, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, init_npn, tls_parse_ctos_npn, tls_parse_stoc_npn, - tls_construct_stoc_next_proto_neg, tls_construct_ctos_npn, NULL - }, + tls_construct_stoc_next_proto_neg, tls_construct_ctos_npn, NULL }, #else INVALID_EXTENSION, #endif - { - /* - * Must appear in this list after server_name so that finalisation - * happens after server_name callbacks - */ + { /* + * Must appear in this list after server_name so that finalisation + * happens after server_name callbacks + */ TLSEXT_TYPE_application_layer_protocol_negotiation, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, init_alpn, tls_parse_ctos_alpn, tls_parse_stoc_alpn, - tls_construct_stoc_alpn, tls_construct_ctos_alpn, final_alpn - }, + tls_construct_stoc_alpn, tls_construct_ctos_alpn, final_alpn }, #ifndef OPENSSL_NO_SRTP - { - TLSEXT_TYPE_use_srtp, + { TLSEXT_TYPE_use_srtp, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_DTLS_ONLY, + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_DTLS_ONLY, init_srtp, tls_parse_ctos_use_srtp, tls_parse_stoc_use_srtp, - tls_construct_stoc_use_srtp, tls_construct_ctos_use_srtp, NULL - }, + tls_construct_stoc_use_srtp, tls_construct_ctos_use_srtp, NULL }, #else INVALID_EXTENSION, #endif - { - TLSEXT_TYPE_encrypt_then_mac, + { TLSEXT_TYPE_encrypt_then_mac, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, init_etm, tls_parse_ctos_etm, tls_parse_stoc_etm, - tls_construct_stoc_etm, tls_construct_ctos_etm, NULL - }, + tls_construct_stoc_etm, tls_construct_ctos_etm, NULL }, #ifndef OPENSSL_NO_CT - { - TLSEXT_TYPE_signed_certificate_timestamp, + { TLSEXT_TYPE_signed_certificate_timestamp, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, + | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL, /* * No server side support for this, but can be provided by a custom * extension. This is an exception to the rule that custom extensions * cannot override built in ones. */ - NULL, tls_parse_stoc_sct, NULL, tls_construct_ctos_sct, NULL - }, + NULL, tls_parse_stoc_sct, NULL, tls_construct_ctos_sct, NULL }, #else INVALID_EXTENSION, #endif - { - TLSEXT_TYPE_extended_master_secret, + { TLSEXT_TYPE_extended_master_secret, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, init_ems, tls_parse_ctos_ems, tls_parse_stoc_ems, - tls_construct_stoc_ems, tls_construct_ctos_ems, final_ems - }, - { - TLSEXT_TYPE_signature_algorithms_cert, + tls_construct_stoc_ems, tls_construct_ctos_ems, final_ems }, + { TLSEXT_TYPE_signature_algorithms_cert, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, init_sig_algs_cert, tls_parse_ctos_sig_algs_cert, tls_parse_ctos_sig_algs_cert, /* We do not generate signature_algorithms_cert at present. */ - NULL, NULL, NULL - }, + NULL, NULL, NULL }, { TLSEXT_TYPE_post_handshake_auth, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ONLY, init_post_handshake_auth, - tls_parse_ctos_post_handshake_auth, NULL, - NULL, tls_construct_ctos_post_handshake_auth, + tls_parse_ctos_post_handshake_auth, + NULL, + NULL, + tls_construct_ctos_post_handshake_auth, NULL, }, - { - TLSEXT_TYPE_client_cert_type, + { TLSEXT_TYPE_client_cert_type, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - | SSL_EXT_TLS1_2_SERVER_HELLO, + | SSL_EXT_TLS1_2_SERVER_HELLO, init_client_cert_type, tls_parse_ctos_client_cert_type, tls_parse_stoc_client_cert_type, tls_construct_stoc_client_cert_type, tls_construct_ctos_client_cert_type, - NULL - }, - { - TLSEXT_TYPE_server_cert_type, + NULL }, + { TLSEXT_TYPE_server_cert_type, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - | SSL_EXT_TLS1_2_SERVER_HELLO, + | SSL_EXT_TLS1_2_SERVER_HELLO, init_server_cert_type, tls_parse_ctos_server_cert_type, tls_parse_stoc_server_cert_type, tls_construct_stoc_server_cert_type, tls_construct_ctos_server_cert_type, - NULL - }, - { - TLSEXT_TYPE_signature_algorithms, + NULL }, + { TLSEXT_TYPE_signature_algorithms, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, init_sig_algs, tls_parse_ctos_sig_algs, tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs, - tls_construct_ctos_sig_algs, final_sig_algs - }, - { - TLSEXT_TYPE_supported_versions, + tls_construct_ctos_sig_algs, final_sig_algs }, + { TLSEXT_TYPE_supported_versions, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY, + | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY, NULL, /* Processed inline as part of version selection */ NULL, tls_parse_stoc_supported_versions, tls_construct_stoc_supported_versions, - tls_construct_ctos_supported_versions, final_supported_versions - }, - { - TLSEXT_TYPE_psk_kex_modes, + tls_construct_ctos_supported_versions, final_supported_versions }, + { TLSEXT_TYPE_psk_kex_modes, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS_IMPLEMENTATION_ONLY - | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS1_3_ONLY, init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL, - tls_construct_ctos_psk_kex_modes, NULL - }, - { - /* - * Must be in this list after supported_groups. We need that to have - * been parsed before we do this one. - */ + tls_construct_ctos_psk_kex_modes, NULL }, + { /* + * Must be in this list after supported_groups. We need that to have + * been parsed before we do this one. + */ TLSEXT_TYPE_key_share, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY - | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY + | SSL_EXT_TLS1_3_ONLY, NULL, tls_parse_ctos_key_share, tls_parse_stoc_key_share, tls_construct_stoc_key_share, tls_construct_ctos_key_share, - final_key_share - }, - { - /* Must be after key_share */ + final_key_share }, + { /* Must be after key_share */ TLSEXT_TYPE_cookie, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST - | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, NULL, tls_parse_ctos_cookie, tls_parse_stoc_cookie, - tls_construct_stoc_cookie, tls_construct_ctos_cookie, NULL - }, - { - /* - * Special unsolicited ServerHello extension only used when - * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but - * ignore it. - */ + tls_construct_stoc_cookie, tls_construct_ctos_cookie, NULL }, + { /* + * Special unsolicited ServerHello extension only used when + * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but + * ignore it. + */ TLSEXT_TYPE_cryptopro_bug, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_2_AND_BELOW_ONLY, - NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL - }, - { - TLSEXT_TYPE_compress_certificate, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL }, + { TLSEXT_TYPE_compress_certificate, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST - | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, tls_init_compress_certificate, tls_parse_compress_certificate, tls_parse_compress_certificate, tls_construct_compress_certificate, tls_construct_compress_certificate, - NULL - }, - { - TLSEXT_TYPE_early_data, + NULL }, + { TLSEXT_TYPE_early_data, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - | SSL_EXT_TLS1_3_NEW_SESSION_TICKET | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS1_3_NEW_SESSION_TICKET | SSL_EXT_TLS1_3_ONLY, NULL, tls_parse_ctos_early_data, tls_parse_stoc_early_data, tls_construct_stoc_early_data, tls_construct_ctos_early_data, - final_early_data - }, + final_early_data }, { TLSEXT_TYPE_certificate_authorities, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST - | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS1_3_ONLY, init_certificate_authorities, - tls_parse_certificate_authorities, tls_parse_certificate_authorities, + tls_parse_certificate_authorities, + tls_parse_certificate_authorities, + tls_construct_certificate_authorities, tls_construct_certificate_authorities, - tls_construct_certificate_authorities, NULL, + NULL, }, - { - /* Must be immediately before pre_shared_key */ + { /* Must be immediately before pre_shared_key */ TLSEXT_TYPE_padding, SSL_EXT_CLIENT_HELLO, NULL, /* We send this, but don't read it */ - NULL, NULL, NULL, tls_construct_ctos_padding, NULL - }, - { - /* Required by the TLSv1.3 spec to always be the last extension */ + NULL, NULL, NULL, tls_construct_ctos_padding, NULL }, + { /* Required by the TLSv1.3 spec to always be the last extension */ TLSEXT_TYPE_psk, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, + | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk, - tls_construct_ctos_psk, final_psk - } + tls_construct_ctos_psk, final_psk } }; /* Returns a TLSEXT_TYPE for the given index */ @@ -445,7 +395,7 @@ unsigned int ossl_get_extension_type(size_t idx) /* Check whether an extension's context matches the current context */ static int validate_context(SSL_CONNECTION *s, unsigned int extctx, - unsigned int thisctx) + unsigned int thisctx) { /* Check we're allowed to use this extension in this context */ if ((thisctx & extctx) == 0) @@ -462,7 +412,7 @@ static int validate_context(SSL_CONNECTION *s, unsigned int extctx, } int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx, - RAW_EXTENSION *exts) + RAW_EXTENSION *exts) { size_t i, num_exts, builtin_num = OSSL_NELEM(ext_defs), offset; RAW_EXTENSION *thisext; @@ -487,7 +437,7 @@ int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx, custom_ext_method *meth = NULL; meth = custom_ext_find(&s->cert->custext, role, thisext->type, - &offset); + &offset); if (!ossl_assert(meth != NULL)) return 0; context = meth->context; @@ -507,8 +457,8 @@ int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx, * the definition for the extension we found. */ static int verify_extension(SSL_CONNECTION *s, unsigned int context, - unsigned int type, custom_ext_methods *meths, - RAW_EXTENSION *rawexlist, RAW_EXTENSION **found) + unsigned int type, custom_ext_methods *meths, + RAW_EXTENSION *rawexlist, RAW_EXTENSION **found) { size_t i; size_t builtin_num = OSSL_NELEM(ext_defs); @@ -555,7 +505,7 @@ static int verify_extension(SSL_CONNECTION *s, unsigned int context, * 1 if the extension is relevant for this context, and 0 otherwise */ int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx, - unsigned int thisctx) + unsigned int thisctx) { int is_tls13; @@ -569,22 +519,22 @@ int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx, is_tls13 = SSL_CONNECTION_IS_TLS13(s); if ((SSL_CONNECTION_IS_DTLS(s) - && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0) - || (s->version == SSL3_VERSION - && (extctx & SSL_EXT_SSL3_ALLOWED) == 0) - /* - * Note that SSL_IS_TLS13() means "TLS 1.3 has been negotiated", - * which is never true when generating the ClientHello. - * However, version negotiation *has* occurred by the time the - * ClientHello extensions are being parsed. - * Be careful to allow TLS 1.3-only extensions when generating - * the ClientHello. - */ - || (is_tls13 && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0) - || (!is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0 - && (thisctx & SSL_EXT_CLIENT_HELLO) == 0) - || (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0) - || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0)) + && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0) + || (s->version == SSL3_VERSION + && (extctx & SSL_EXT_SSL3_ALLOWED) == 0) + /* + * Note that SSL_IS_TLS13() means "TLS 1.3 has been negotiated", + * which is never true when generating the ClientHello. + * However, version negotiation *has* occurred by the time the + * ClientHello extensions are being parsed. + * Be careful to allow TLS 1.3-only extensions when generating + * the ClientHello. + */ + || (is_tls13 && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0) + || (!is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0 + && (thisctx & SSL_EXT_CLIENT_HELLO) == 0) + || (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0) + || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0)) return 0; return 1; } @@ -606,8 +556,8 @@ int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx, * extensions that we know about. We ignore others. */ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, - unsigned int context, - RAW_EXTENSION **res, size_t *len, int init) + unsigned int context, + RAW_EXTENSION **res, size_t *len, int init) { PACKET extensions = *packet; size_t i = 0; @@ -638,8 +588,7 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, PACKET extension; RAW_EXTENSION *thisex; - if (!PACKET_get_net_2(&extensions, &type) || - !PACKET_get_length_prefixed_2(&extensions, &extension)) { + if (!PACKET_get_net_2(&extensions, &type) || !PACKET_get_length_prefixed_2(&extensions, &extension)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); goto err; } @@ -649,10 +598,10 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, * PSK extension, which must be the last one in the ClientHello. */ if (!verify_extension(s, context, type, exts, raw_extensions, &thisex) - || (thisex != NULL && thisex->present == 1) - || (type == TLSEXT_TYPE_psk - && (context & SSL_EXT_CLIENT_HELLO) != 0 - && PACKET_remaining(&extensions) != 0)) { + || (thisex != NULL && thisex->present == 1) + || (type == TLSEXT_TYPE_psk + && (context & SSL_EXT_CLIENT_HELLO) != 0 + && PACKET_remaining(&extensions) != 0)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EXTENSION); goto err; } @@ -672,20 +621,18 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, * itself handle unsolicited response checks. */ if (idx < OSSL_NELEM(ext_defs) - && (context & (SSL_EXT_CLIENT_HELLO - | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST - | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) == 0 - && type != TLSEXT_TYPE_cookie - && type != TLSEXT_TYPE_renegotiate - && type != TLSEXT_TYPE_signed_certificate_timestamp - && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0 + && (context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) == 0 + && type != TLSEXT_TYPE_cookie + && type != TLSEXT_TYPE_renegotiate + && type != TLSEXT_TYPE_signed_certificate_timestamp + && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0 #ifndef OPENSSL_NO_GOST - && !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0 - && type == TLSEXT_TYPE_cryptopro_bug) + && !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0 + && type == TLSEXT_TYPE_cryptopro_bug) #endif - ) { + ) { SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, - SSL_R_UNSOLICITED_EXTENSION); + SSL_R_UNSOLICITED_EXTENSION); goto err; } if (thisex != NULL) { @@ -695,9 +642,9 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, thisex->received_order = i++; if (s->ext.debug_cb) s->ext.debug_cb(SSL_CONNECTION_GET_USER_SSL(s), !s->server, - thisex->type, PACKET_data(&thisex->data), - PACKET_remaining(&thisex->data), - s->ext.debug_arg); + thisex->type, PACKET_data(&thisex->data), + PACKET_remaining(&thisex->data), + s->ext.debug_arg); } } @@ -707,7 +654,7 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, * whether we have found them or not */ for (thisexd = ext_defs, i = 0; i < OSSL_NELEM(ext_defs); - i++, thisexd++) { + i++, thisexd++) { if (thisexd->init != NULL && (thisexd->context & context) != 0 && extension_is_relevant(s, thisexd->context, context) && !thisexd->init(s, context)) { @@ -722,7 +669,7 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, *len = num_exts; return 1; - err: +err: OPENSSL_free(raw_extensions); return 0; } @@ -738,11 +685,12 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, * present this counted as success. */ int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context, - RAW_EXTENSION *exts, X509 *x, size_t chainidx) + RAW_EXTENSION *exts, X509 *x, size_t chainidx) { RAW_EXTENSION *currext = &exts[idx]; int (*parser)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) = NULL; + size_t chainidx) + = NULL; /* Skip if the extension is not present */ if (!currext->present) @@ -775,9 +723,9 @@ int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context, /* Parse custom extensions */ return custom_ext_parse(s, context, currext->type, - PACKET_data(&currext->data), - PACKET_remaining(&currext->data), - x, chainidx); + PACKET_data(&currext->data), + PACKET_remaining(&currext->data), + x, chainidx); } /* @@ -788,8 +736,8 @@ int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context, * its position in the |chainidx|, with 0 being the first certificate. */ int tls_parse_all_extensions(SSL_CONNECTION *s, int context, - RAW_EXTENSION *exts, X509 *x, - size_t chainidx, int fin) + RAW_EXTENSION *exts, X509 *x, + size_t chainidx, int fin) { size_t i, numexts = OSSL_NELEM(ext_defs); const EXTENSION_DEFINITION *thisexd; @@ -811,7 +759,7 @@ int tls_parse_all_extensions(SSL_CONNECTION *s, int context, * whether we have found them or not */ for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); - i++, thisexd++) { + i++, thisexd++) { if (thisexd->final != NULL && (thisexd->context & context) != 0 && !thisexd->final(s, context, exts[i].present)) { /* SSLfatal() already called */ @@ -824,7 +772,7 @@ int tls_parse_all_extensions(SSL_CONNECTION *s, int context, } int should_add_extension(SSL_CONNECTION *s, unsigned int extctx, - unsigned int thisctx, int max_version) + unsigned int thisctx, int max_version) { /* Skip if not relevant for our context */ if ((extctx & thisctx) == 0) @@ -832,9 +780,9 @@ int should_add_extension(SSL_CONNECTION *s, unsigned int extctx, /* Check if this extension is defined for our protocol. If not, skip */ if (!extension_is_relevant(s, extctx, thisctx) - || ((extctx & SSL_EXT_TLS1_3_ONLY) != 0 - && (thisctx & SSL_EXT_CLIENT_HELLO) != 0 - && (SSL_CONNECTION_IS_DTLS(s) || max_version < TLS1_3_VERSION))) + || ((extctx & SSL_EXT_TLS1_3_ONLY) != 0 + && (thisctx & SSL_EXT_CLIENT_HELLO) != 0 + && (SSL_CONNECTION_IS_DTLS(s) || max_version < TLS1_3_VERSION))) return 0; return 1; @@ -849,8 +797,8 @@ int should_add_extension(SSL_CONNECTION *s, unsigned int extctx, * failure construction stops at the first extension to fail to construct. */ int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { size_t i; int min_version, max_version = 0, reason; @@ -858,15 +806,14 @@ int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt, int for_comp = (context & SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION) != 0; if (!WPACKET_start_sub_packet_u16(pkt) - /* - * If extensions are of zero length then we don't even add the - * extensions length bytes to a ClientHello/ServerHello - * (for non-TLSv1.3). - */ - || ((context & - (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0 - && !WPACKET_set_flags(pkt, - WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))) { + /* + * If extensions are of zero length then we don't even add the + * extensions length bytes to a ClientHello/ServerHello + * (for non-TLSv1.3). + */ + || ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0 + && !WPACKET_set_flags(pkt, + WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))) { if (!for_comp) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -893,8 +840,8 @@ int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt, for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) { EXT_RETURN (*construct)(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); EXT_RETURN ret; /* Skip if not relevant for our context */ @@ -913,9 +860,7 @@ int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt, return 0; } if (ret == EXT_RETURN_SENT - && (context & (SSL_EXT_CLIENT_HELLO - | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST - | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) != 0) + && (context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) != 0) s->ext.extflags[i] |= SSL_EXT_FLAG_SENT; } @@ -943,10 +888,10 @@ static int final_renegotiate(SSL_CONNECTION *s, unsigned int context, int sent) * renegotiation */ if (!(s->options & SSL_OP_LEGACY_SERVER_CONNECT) - && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) - && !sent) { + && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) + && !sent) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); return 0; } @@ -955,19 +900,18 @@ static int final_renegotiate(SSL_CONNECTION *s, unsigned int context, int sent) /* Need RI if renegotiating */ if (s->renegotiate - && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) - && !sent) { + && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) + && !sent) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); return 0; } - return 1; } static ossl_inline void ssl_tsan_decr(const SSL_CTX *ctx, - TSAN_QUALIFIER int *stat) + TSAN_QUALIFIER int *stat) { if (ssl_tsan_lock(ctx)) { tsan_decr(stat); @@ -1003,10 +947,10 @@ static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent) if (sctx->ext.servername_cb != NULL) ret = sctx->ext.servername_cb(ussl, &altmp, - sctx->ext.servername_arg); + sctx->ext.servername_arg); else if (s->session_ctx->ext.servername_cb != NULL) ret = s->session_ctx->ext.servername_cb(ussl, &altmp, - s->session_ctx->ext.servername_arg); + s->session_ctx->ext.servername_arg); /* * For servers, propagate the SNI hostname from the temporary @@ -1034,7 +978,7 @@ static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent) * exceed sess_accept (zero) for the new context. */ if (SSL_IS_FIRST_HANDSHAKE(s) && sctx != s->session_ctx - && s->hello_retry_request == SSL_HRR_NONE) { + && s->hello_retry_request == SSL_HRR_NONE) { ssl_tsan_counter(sctx, &sctx->stats.sess_accept); ssl_tsan_decr(s->session_ctx, &s->session_ctx->stats.sess_accept); } @@ -1045,10 +989,10 @@ static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent) * Also, if this is not a resumption, create a new session ID */ if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected - && was_ticket && (SSL_get_options(ssl) & SSL_OP_NO_TICKET) != 0) { + && was_ticket && (SSL_get_options(ssl) & SSL_OP_NO_TICKET) != 0) { s->ext.ticket_expected = 0; if (!s->hit) { - SSL_SESSION* ss = SSL_get_session(ssl); + SSL_SESSION *ss = SSL_get_session(ssl); if (ss != NULL) { OPENSSL_free(ss->ext.tick); @@ -1089,7 +1033,7 @@ static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent) } static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context, - int sent) + int sent) { unsigned long alg_k, alg_a; @@ -1105,10 +1049,10 @@ static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context, * must contain uncompressed. */ if (s->ext.ecpointformats != NULL - && s->ext.ecpointformats_len > 0 - && s->ext.peer_ecpointformats != NULL - && s->ext.peer_ecpointformats_len > 0 - && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { + && s->ext.ecpointformats_len > 0 + && s->ext.peer_ecpointformats != NULL + && s->ext.peer_ecpointformats_len > 0 + && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { /* we are using an ECC cipher */ size_t i; unsigned char *list = s->ext.peer_ecpointformats; @@ -1119,7 +1063,7 @@ static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context, } if (i == s->ext.peer_ecpointformats_len) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); + SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); return 0; } } @@ -1179,7 +1123,7 @@ static int init_alpn(SSL_CONNECTION *s, unsigned int context) static int final_alpn(SSL_CONNECTION *s, unsigned int context, int sent) { if (!s->server && !sent && s->session->ext.alpn_selected != NULL) - s->ext.early_data_ok = 0; + s->ext.early_data_ok = 0; if (!s->server || !SSL_CONNECTION_IS_TLS13(s)) return 1; @@ -1207,7 +1151,7 @@ static int init_sig_algs(SSL_CONNECTION *s, unsigned int context) } static int init_sig_algs_cert(SSL_CONNECTION *s, - ossl_unused unsigned int context) + ossl_unused unsigned int context) { /* Clear any signature algorithms extension received */ OPENSSL_free(s->s3.tmp.peer_cert_sigalgs); @@ -1269,8 +1213,7 @@ static int final_ems(SSL_CONNECTION *s, unsigned int context, int sent) * Check extended master secret extension is consistent with * original session. */ - if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) != - !(s->session->flags & SSL_SESS_FLAG_EXTMS)) { + if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) != !(s->session->flags & SSL_SESS_FLAG_EXTMS)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS); return 0; } @@ -1287,10 +1230,10 @@ static int init_certificate_authorities(SSL_CONNECTION *s, unsigned int context) } static EXT_RETURN tls_construct_certificate_authorities(SSL_CONNECTION *s, - WPACKET *pkt, - unsigned int context, - X509 *x, - size_t chainidx) + WPACKET *pkt, + unsigned int context, + X509 *x, + size_t chainidx) { const STACK_OF(X509_NAME) *ca_sk = get_ca_names(s); @@ -1317,8 +1260,8 @@ static EXT_RETURN tls_construct_certificate_authorities(SSL_CONNECTION *s, } static int tls_parse_certificate_authorities(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (!parse_ca_names(s, pkt)) return 0; @@ -1343,7 +1286,7 @@ static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent) { if (!sent && SSL_CONNECTION_IS_TLS13(s) && !s->hit) { SSLfatal(s, TLS13_AD_MISSING_EXTENSION, - SSL_R_MISSING_SIGALGS_EXTENSION); + SSL_R_MISSING_SIGALGS_EXTENSION); return 0; } @@ -1351,11 +1294,11 @@ static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent) } static int final_supported_versions(SSL_CONNECTION *s, unsigned int context, - int sent) + int sent) { if (!sent && context == SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) { SSLfatal(s, TLS13_AD_MISSING_EXTENSION, - SSL_R_MISSING_SUPPORTED_VERSIONS_EXTENSION); + SSL_R_MISSING_SUPPORTED_VERSIONS_EXTENSION); return 0; } @@ -1384,7 +1327,7 @@ static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent) * fail; */ if (!s->server - && !sent) { + && !sent) { if ((s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_SUITABLE_KEY_SHARE); return 0; @@ -1432,7 +1375,7 @@ static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent) if (s->s3.peer_tmp != NULL) { /* We have a suitable key_share */ if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0 - && !s->ext.cookieok) { + && !s->ext.cookieok) { if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { /* * If we are stateless then we wouldn't know about any @@ -1448,8 +1391,8 @@ static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent) } else { /* No suitable key_share */ if (s->hello_retry_request == SSL_HRR_NONE && sent - && (!s->hit - || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) != 0)) { + && (!s->hit + || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) != 0)) { /* Did we detect group overlap in tls_parse_ctos_key_share ? */ if (s->s3.group_id_candidate != 0) { @@ -1460,16 +1403,15 @@ static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent) } } if (!s->hit - || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) { + || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) { /* Nothing left we can do - just fail */ - SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE - : SSL_AD_MISSING_EXTENSION, - SSL_R_NO_SUITABLE_KEY_SHARE); + SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE : SSL_AD_MISSING_EXTENSION, + SSL_R_NO_SUITABLE_KEY_SHARE); return 0; } if ((s->s3.flags & TLS1_FLAGS_STATELESS) != 0 - && !s->ext.cookieok) { + && !s->ext.cookieok) { if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { /* * If we are stateless then we wouldn't know about any @@ -1512,10 +1454,10 @@ static int init_psk_kex_modes(SSL_CONNECTION *s, unsigned int context) } int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, - const unsigned char *msgstart, - size_t binderoffset, const unsigned char *binderin, - unsigned char *binderout, SSL_SESSION *sess, int sign, - int external) + const unsigned char *msgstart, + size_t binderoffset, const unsigned char *binderin, + unsigned char *binderout, SSL_SESSION *sess, int sign, + int external) { EVP_PKEY *mackey = NULL; EVP_MD_CTX *mctx = NULL; @@ -1541,9 +1483,9 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, hashsize = (size_t)hashsizei; if (external - && s->early_data_state == SSL_EARLY_DATA_CONNECTING - && s->session->ext.max_early_data == 0 - && sess->ext.max_early_data > 0) + && s->early_data_state == SSL_EARLY_DATA_CONNECTING + && s->session->ext.max_early_data == 0 + && sess->ext.max_early_data > 0) usepskfored = 1; if (external) { @@ -1568,7 +1510,7 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, early_secret = (unsigned char *)sess->early_secret; if (!tls13_generate_secret(s, md, NULL, sess->master_key, - sess->master_key_length, early_secret)) { + sess->master_key_length, early_secret)) { /* SSLfatal() already called */ goto err; } @@ -1579,15 +1521,15 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, */ mctx = EVP_MD_CTX_new(); if (mctx == NULL - || EVP_DigestInit_ex(mctx, md, NULL) <= 0 - || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { + || EVP_DigestInit_ex(mctx, md, NULL) <= 0 + || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } /* Generate the binder key */ if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash, - hashsize, binderkey, hashsize, 1)) { + hashsize, binderkey, hashsize, 1)) { /* SSLfatal() already called */ goto err; } @@ -1613,8 +1555,7 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, long hdatalen_l; void *hdata; - hdatalen = hdatalen_l = - BIO_get_mem_data(s->s3.handshake_buffer, &hdata); + hdatalen = hdatalen_l = BIO_get_mem_data(s->s3.handshake_buffer, &hdata); if (hdatalen_l <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_LENGTH); goto err; @@ -1629,10 +1570,10 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, /* Find how many bytes are left after the first two messages */ if (!PACKET_buf_init(&hashprefix, hdata, hdatalen) - || !PACKET_forward(&hashprefix, 1) - || !PACKET_get_length_prefixed_3(&hashprefix, &msg) - || !PACKET_forward(&hashprefix, 1) - || !PACKET_get_length_prefixed_3(&hashprefix, &msg)) { + || !PACKET_forward(&hashprefix, 1) + || !PACKET_get_length_prefixed_3(&hashprefix, &msg) + || !PACKET_forward(&hashprefix, 1) + || !PACKET_get_length_prefixed_3(&hashprefix, &msg)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1646,14 +1587,14 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, } if (EVP_DigestUpdate(mctx, msgstart, binderoffset) <= 0 - || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { + || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } mackey = EVP_PKEY_new_raw_private_key_ex(sctx->libctx, "HMAC", - sctx->propq, finishedkey, - hashsize); + sctx->propq, finishedkey, + hashsize); if (mackey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -1664,10 +1605,11 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, bindersize = hashsize; if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_get0_name(md), sctx->libctx, - sctx->propq, mackey, NULL) <= 0 - || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0 - || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0 - || bindersize != hashsize) { + sctx->propq, mackey, NULL) + <= 0 + || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0 + || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0 + || bindersize != hashsize) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1681,7 +1623,7 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BINDER_DOES_NOT_VERIFY); } - err: +err: OPENSSL_cleanse(binderkey, sizeof(binderkey)); OPENSSL_cleanse(finishedkey, sizeof(finishedkey)); EVP_PKEY_free(mackey); @@ -1697,8 +1639,8 @@ static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent) if (!s->server) { if (context == SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - && sent - && !s->ext.early_data_ok) { + && sent + && !s->ext.early_data_ok) { /* * If we get here then the server accepted our early_data but we * later realised that it shouldn't have done (e.g. inconsistent @@ -1712,19 +1654,19 @@ static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent) } if (s->max_early_data == 0 - || !s->hit - || s->early_data_state != SSL_EARLY_DATA_ACCEPTING - || !s->ext.early_data_ok - || s->hello_retry_request != SSL_HRR_NONE - || (s->allow_early_data_cb != NULL - && !s->allow_early_data_cb(SSL_CONNECTION_GET_USER_SSL(s), - s->allow_early_data_cb_data))) { + || !s->hit + || s->early_data_state != SSL_EARLY_DATA_ACCEPTING + || !s->ext.early_data_ok + || s->hello_retry_request != SSL_HRR_NONE + || (s->allow_early_data_cb != NULL + && !s->allow_early_data_cb(SSL_CONNECTION_GET_USER_SSL(s), + s->allow_early_data_cb_data))) { s->ext.early_data = SSL_EARLY_DATA_REJECTED; } else { s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; if (!tls13_change_cipher_state(s, - SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_SERVER_READ)) { + SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_SERVER_READ)) { /* SSLfatal() already called */ return 0; } @@ -1734,7 +1676,7 @@ static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent) } static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context, - int sent) + int sent) { if (s->session == NULL) return 1; @@ -1745,16 +1687,16 @@ static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context, if (USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) { s->rlayer.rrlmethod->set_max_frag_len(s->rlayer.rrl, - GET_MAX_FRAGMENT_LENGTH(s->session)); + GET_MAX_FRAGMENT_LENGTH(s->session)); s->rlayer.wrlmethod->set_max_frag_len(s->rlayer.wrl, - ssl_get_max_send_fragment(s)); + ssl_get_max_send_fragment(s)); } return 1; } static int init_post_handshake_auth(SSL_CONNECTION *s, - ossl_unused unsigned int context) + ossl_unused unsigned int context) { s->post_handshake_auth = SSL_PHA_NONE; @@ -1768,9 +1710,9 @@ static int init_post_handshake_auth(SSL_CONNECTION *s, static int final_psk(SSL_CONNECTION *s, unsigned int context, int sent) { if (s->server && sent && s->clienthello != NULL - && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { + && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { SSLfatal(s, TLS13_AD_MISSING_EXTENSION, - SSL_R_MISSING_PSK_KEX_MODES_EXTENSION); + SSL_R_MISSING_PSK_KEX_MODES_EXTENSION); return 0; } @@ -1780,14 +1722,14 @@ static int final_psk(SSL_CONNECTION *s, unsigned int context, int sent) static int tls_init_compress_certificate(SSL_CONNECTION *sc, unsigned int context) { memset(sc->ext.compress_certificate_from_peer, 0, - sizeof(sc->ext.compress_certificate_from_peer)); + sizeof(sc->ext.compress_certificate_from_peer)); return 1; } /* The order these are put into the packet imply a preference order: [brotli, zlib, zstd] */ static EXT_RETURN tls_construct_compress_certificate(SSL_CONNECTION *sc, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_COMP_ALG int i; @@ -1815,8 +1757,8 @@ static EXT_RETURN tls_construct_compress_certificate(SSL_CONNECTION *sc, WPACKET return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_compress_certificate) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u8(pkt)) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt)) goto err; for (i = 0; sc->cert_comp_prefs[i] != TLSEXT_comp_cert_none; i++) { @@ -1828,7 +1770,7 @@ static EXT_RETURN tls_construct_compress_certificate(SSL_CONNECTION *sc, WPACKET sc->ext.compress_certificate_sent = 1; return EXT_RETURN_SENT; - err: +err: SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; #else @@ -1859,7 +1801,7 @@ static int tls_comp_in_pref(SSL_CONNECTION *sc, int alg) #endif int tls_parse_compress_certificate(SSL_CONNECTION *sc, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_COMP_ALG PACKET supported_comp_algs; @@ -1882,7 +1824,7 @@ int tls_parse_compress_certificate(SSL_CONNECTION *sc, PACKET *pkt, unsigned int return 1; if (!PACKET_as_length_prefixed_1(pkt, &supported_comp_algs) - || PACKET_remaining(&supported_comp_algs) == 0) { + || PACKET_remaining(&supported_comp_algs) == 0) { SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } diff --git a/crypto/openssl/ssl/statem/extensions_clnt.c b/crypto/openssl/ssl/statem/extensions_clnt.c index d958373875a3..305ca4ab46c9 100644 --- a/crypto/openssl/ssl/statem/extensions_clnt.c +++ b/crypto/openssl/ssl/statem/extensions_clnt.c @@ -14,14 +14,14 @@ #include "statem_local.h" EXT_RETURN tls_construct_ctos_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (!s->renegotiate) { /* If not renegotiating, send an empty RI extension to indicate support */ #if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION -# error Internal DTLS version error +#error Internal DTLS version error #endif if (!SSL_CONNECTION_IS_DTLS(s) @@ -35,7 +35,6 @@ EXT_RETURN tls_construct_ctos_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; } - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_put_bytes_u8(pkt, 0) @@ -49,10 +48,10 @@ EXT_RETURN tls_construct_ctos_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, /* Add a complete RI extension if renegotiating */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, s->s3.previous_client_finished, - s->s3.previous_client_finished_len) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, s->s3.previous_client_finished, + s->s3.previous_client_finished_len) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -61,23 +60,23 @@ EXT_RETURN tls_construct_ctos_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_ctos_server_name(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (s->ext.hostname == NULL) return EXT_RETURN_NOT_SENT; /* Add TLS extension servername to the Client Hello message */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name) - /* Sub-packet for server_name extension */ - || !WPACKET_start_sub_packet_u16(pkt) - /* Sub-packet for servername list (always 1 hostname)*/ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u8(pkt, TLSEXT_NAMETYPE_host_name) - || !WPACKET_sub_memcpy_u16(pkt, s->ext.hostname, - strlen(s->ext.hostname)) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + /* Sub-packet for server_name extension */ + || !WPACKET_start_sub_packet_u16(pkt) + /* Sub-packet for servername list (always 1 hostname)*/ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, TLSEXT_NAMETYPE_host_name) + || !WPACKET_sub_memcpy_u16(pkt, s->ext.hostname, + strlen(s->ext.hostname)) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -87,8 +86,8 @@ EXT_RETURN tls_construct_ctos_server_name(SSL_CONNECTION *s, WPACKET *pkt, /* Push a Max Fragment Len extension into ClientHello */ EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (s->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_DISABLED) return EXT_RETURN_NOT_SENT; @@ -99,10 +98,10 @@ EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, * 1 byte for the Max Fragment Length code value. */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_max_fragment_length) - /* Sub-packet for Max Fragment Length extension (1 byte) */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u8(pkt, s->ext.max_fragment_len_mode) - || !WPACKET_close(pkt)) { + /* Sub-packet for Max Fragment Length extension (1 byte) */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, s->ext.max_fragment_len_mode) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -112,23 +111,23 @@ EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, #ifndef OPENSSL_NO_SRP EXT_RETURN tls_construct_ctos_srp(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { /* Add SRP username if there is one */ if (s->srp_ctx.login == NULL) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_srp) - /* Sub-packet for SRP extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u8(pkt) - /* login must not be zero...internal error if so */ - || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH) - || !WPACKET_memcpy(pkt, s->srp_ctx.login, - strlen(s->srp_ctx.login)) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + /* Sub-packet for SRP extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt) + /* login must not be zero...internal error if so */ + || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH) + || !WPACKET_memcpy(pkt, s->srp_ctx.login, + strlen(s->srp_ctx.login)) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -158,8 +157,8 @@ static int use_ecc(SSL_CONNECTION *s, int min_version, int max_version) alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) - || (alg_a & SSL_aECDSA) - || c->min_tls >= TLS1_3_VERSION) { + || (alg_a & SSL_aECDSA) + || c->min_tls >= TLS1_3_VERSION) { ret = 1; break; } @@ -174,7 +173,7 @@ static int use_ecc(SSL_CONNECTION *s, int min_version, int max_version) uint16_t ctmp = pgroups[j]; if (tls_valid_group(s, ctmp, min_version, max_version, 1, NULL) - && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) + && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) return 1; } @@ -182,8 +181,8 @@ static int use_ecc(SSL_CONNECTION *s, int min_version, int max_version) } EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { const unsigned char *pformats; size_t num_formats; @@ -201,10 +200,10 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, tls1_get_formatlist(s, &pformats, &num_formats); if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats) - /* Sub-packet for formats extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, pformats, num_formats) - || !WPACKET_close(pkt)) { + /* Sub-packet for formats extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, pformats, num_formats) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -213,8 +212,8 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { const uint16_t *pgroups = NULL; size_t num_groups = 0, i, tls13added = 0, added = 0; @@ -231,7 +230,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, * if we don't have EC support then we don't send this extension. */ if (!use_ecc(s, min_version, max_version) - && (SSL_CONNECTION_IS_DTLS(s) || max_version < TLS1_3_VERSION)) + && (SSL_CONNECTION_IS_DTLS(s) || max_version < TLS1_3_VERSION)) return EXT_RETURN_NOT_SENT; /* @@ -240,10 +239,10 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, tls1_get_supported_groups(s, &pgroups, &num_groups); if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups) - /* Sub-packet for supported_groups extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)) { + /* Sub-packet for supported_groups extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -253,7 +252,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, int okfortls13; if (tls_valid_group(s, ctmp, min_version, max_version, 0, &okfortls13) - && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { + && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { if (!WPACKET_put_bytes_u16(pkt, ctmp)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -266,7 +265,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { if (added == 0) SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_GROUPS, - "No groups enabled for max supported SSL/TLS version"); + "No groups enabled for max supported SSL/TLS version"); else SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -274,7 +273,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, if (tls13added == 0 && max_version == TLS1_3_VERSION) { SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_GROUPS, - "No groups enabled for max supported SSL/TLS version"); + "No groups enabled for max supported SSL/TLS version"); return EXT_RETURN_FAIL; } @@ -282,8 +281,8 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_ctos_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { size_t ticklen; @@ -291,11 +290,11 @@ EXT_RETURN tls_construct_ctos_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; if (!s->new_session && s->session != NULL - && s->session->ext.tick != NULL - && s->session->ssl_version != TLS1_3_VERSION) { + && s->session->ext.tick != NULL + && s->session->ssl_version != TLS1_3_VERSION) { ticklen = s->session->ext.ticklen; } else if (s->session && s->ext.session_ticket != NULL - && s->ext.session_ticket->data != NULL) { + && s->ext.session_ticket->data != NULL) { ticklen = s->ext.session_ticket->length; s->session->ext.tick = OPENSSL_malloc(ticklen); if (s->session->ext.tick == NULL) { @@ -303,18 +302,17 @@ EXT_RETURN tls_construct_ctos_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_FAIL; } memcpy(s->session->ext.tick, - s->ext.session_ticket->data, ticklen); + s->ext.session_ticket->data, ticklen); s->session->ext.ticklen = ticklen; } else { ticklen = 0; } - if (ticklen == 0 && s->ext.session_ticket != NULL && - s->ext.session_ticket->data == NULL) + if (ticklen == 0 && s->ext.session_ticket != NULL && s->ext.session_ticket->data == NULL) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket) - || !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, ticklen)) { + || !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, ticklen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -323,8 +321,8 @@ EXT_RETURN tls_construct_ctos_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_ctos_sig_algs(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { size_t salglen; const uint16_t *salg; @@ -338,23 +336,23 @@ EXT_RETURN tls_construct_ctos_sig_algs(SSL_CONNECTION *s, WPACKET *pkt, if (s->client_version < TLS1_2_VERSION || (s->ssl.method->version != TLS_ANY_VERSION && s->version < TLS1_2_VERSION)) - return EXT_RETURN_NOT_SENT; + return EXT_RETURN_NOT_SENT; } else { if (DTLS_VERSION_LT(s->client_version, DTLS1_2_VERSION) || (s->ssl.method->version != DTLS_ANY_VERSION && DTLS_VERSION_LT(s->version, DTLS1_2_VERSION))) - return EXT_RETURN_NOT_SENT; + return EXT_RETURN_NOT_SENT; } salglen = tls12_get_psigalgs(s, 1, &salg); if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signature_algorithms) - /* Sub-packet for sig-algs extension */ - || !WPACKET_start_sub_packet_u16(pkt) - /* Sub-packet for the actual list */ - || !WPACKET_start_sub_packet_u16(pkt) - || !tls12_copy_sigalgs(s, pkt, salg, salglen) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + /* Sub-packet for sig-algs extension */ + || !WPACKET_start_sub_packet_u16(pkt) + /* Sub-packet for the actual list */ + || !WPACKET_start_sub_packet_u16(pkt) + || !tls12_copy_sigalgs(s, pkt, salg, salglen) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -364,8 +362,8 @@ EXT_RETURN tls_construct_ctos_sig_algs(SSL_CONNECTION *s, WPACKET *pkt, #ifndef OPENSSL_NO_OCSP EXT_RETURN tls_construct_ctos_status_request(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { int i; @@ -377,11 +375,11 @@ EXT_RETURN tls_construct_ctos_status_request(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request) - /* Sub-packet for status request extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u8(pkt, TLSEXT_STATUSTYPE_ocsp) - /* Sub-packet for the ids */ - || !WPACKET_start_sub_packet_u16(pkt)) { + /* Sub-packet for status request extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, TLSEXT_STATUSTYPE_ocsp) + /* Sub-packet for the ids */ + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -391,15 +389,15 @@ EXT_RETURN tls_construct_ctos_status_request(SSL_CONNECTION *s, WPACKET *pkt, int idlen = i2d_OCSP_RESPID(id, NULL); if (idlen <= 0 - /* Sub-packet for an individual id */ - || !WPACKET_sub_allocate_bytes_u16(pkt, idlen, &idbytes) - || i2d_OCSP_RESPID(id, &idbytes) != idlen) { + /* Sub-packet for an individual id */ + || !WPACKET_sub_allocate_bytes_u16(pkt, idlen, &idbytes) + || i2d_OCSP_RESPID(id, &idbytes) != idlen) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } } if (!WPACKET_close(pkt) - || !WPACKET_start_sub_packet_u16(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -412,11 +410,11 @@ EXT_RETURN tls_construct_ctos_status_request(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_FAIL; } if (!WPACKET_allocate_bytes(pkt, extlen, &extbytes) - || i2d_X509_EXTENSIONS(s->ext.ocsp.exts, &extbytes) - != extlen) { + || i2d_X509_EXTENSIONS(s->ext.ocsp.exts, &extbytes) + != extlen) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; - } + } } if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -429,8 +427,8 @@ EXT_RETURN tls_construct_ctos_status_request(SSL_CONNECTION *s, WPACKET *pkt, #ifndef OPENSSL_NO_NEXTPROTONEG EXT_RETURN tls_construct_ctos_npn(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { if (SSL_CONNECTION_GET_CTX(s)->ext.npn_select_cb == NULL || !SSL_IS_FIRST_HANDSHAKE(s)) @@ -441,7 +439,7 @@ EXT_RETURN tls_construct_ctos_npn(SSL_CONNECTION *s, WPACKET *pkt, * for Next Protocol Negotiation */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -451,8 +449,8 @@ EXT_RETURN tls_construct_ctos_npn(SSL_CONNECTION *s, WPACKET *pkt, #endif EXT_RETURN tls_construct_ctos_alpn(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { s->s3.alpn_sent = 0; @@ -460,11 +458,11 @@ EXT_RETURN tls_construct_ctos_alpn(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, - TLSEXT_TYPE_application_layer_protocol_negotiation) - /* Sub-packet ALPN extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u16(pkt, s->ext.alpn, s->ext.alpn_len) - || !WPACKET_close(pkt)) { + TLSEXT_TYPE_application_layer_protocol_negotiation) + /* Sub-packet ALPN extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u16(pkt, s->ext.alpn, s->ext.alpn_len) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -473,11 +471,10 @@ EXT_RETURN tls_construct_ctos_alpn(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_SENT; } - #ifndef OPENSSL_NO_SRTP EXT_RETURN tls_construct_ctos_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { SSL *ssl = SSL_CONNECTION_GET_SSL(s); STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(ssl); @@ -487,18 +484,17 @@ EXT_RETURN tls_construct_ctos_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp) - /* Sub-packet for SRTP extension */ - || !WPACKET_start_sub_packet_u16(pkt) - /* Sub-packet for the protection profile list */ - || !WPACKET_start_sub_packet_u16(pkt)) { + /* Sub-packet for SRTP extension */ + || !WPACKET_start_sub_packet_u16(pkt) + /* Sub-packet for the protection profile list */ + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } end = sk_SRTP_PROTECTION_PROFILE_num(clnt); for (i = 0; i < end; i++) { - const SRTP_PROTECTION_PROFILE *prof = - sk_SRTP_PROTECTION_PROFILE_value(clnt, i); + const SRTP_PROTECTION_PROFILE *prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); if (prof == NULL || !WPACKET_put_bytes_u16(pkt, prof->id)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -506,9 +502,9 @@ EXT_RETURN tls_construct_ctos_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, } } if (!WPACKET_close(pkt) - /* Add an empty use_mki value */ - || !WPACKET_put_bytes_u8(pkt, 0) - || !WPACKET_close(pkt)) { + /* Add an empty use_mki value */ + || !WPACKET_put_bytes_u8(pkt, 0) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -518,14 +514,14 @@ EXT_RETURN tls_construct_ctos_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, #endif EXT_RETURN tls_construct_ctos_etm(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { if (s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -535,8 +531,8 @@ EXT_RETURN tls_construct_ctos_etm(SSL_CONNECTION *s, WPACKET *pkt, #ifndef OPENSSL_NO_CT EXT_RETURN tls_construct_ctos_sct(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { if (s->ct_validation_callback == NULL) return EXT_RETURN_NOT_SENT; @@ -546,7 +542,7 @@ EXT_RETURN tls_construct_ctos_sct(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signed_certificate_timestamp) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -556,14 +552,14 @@ EXT_RETURN tls_construct_ctos_sct(SSL_CONNECTION *s, WPACKET *pkt, #endif EXT_RETURN tls_construct_ctos_ems(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -572,8 +568,8 @@ EXT_RETURN tls_construct_ctos_ems(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_ctos_supported_versions(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { int currv, min_version, max_version, reason; @@ -591,8 +587,8 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL_CONNECTION *s, WPACKET *pkt return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u8(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -615,19 +611,19 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL_CONNECTION *s, WPACKET *pkt * Construct a psk_kex_modes extension. */ EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 int nodhe = s->options & SSL_OP_ALLOW_NO_DHE_KEX; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk_kex_modes) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u8(pkt) - || !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE_DHE) - || (nodhe && !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE)) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt) + || !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE_DHE) + || (nodhe && !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE)) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -667,7 +663,7 @@ static int add_key_share(SSL_CONNECTION *s, WPACKET *pkt, unsigned int group_id, /* Encode the public key. */ encodedlen = EVP_PKEY_get1_encoded_public_key(key_share_key, - &encoded_pubkey); + &encoded_pubkey); if (encodedlen == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EC_LIB); goto err; @@ -675,7 +671,7 @@ static int add_key_share(SSL_CONNECTION *s, WPACKET *pkt, unsigned int group_id, /* Create KeyShareEntry */ if (!WPACKET_put_bytes_u16(pkt, group_id) - || !WPACKET_sub_memcpy_u16(pkt, encoded_pubkey, encodedlen)) { + || !WPACKET_sub_memcpy_u16(pkt, encoded_pubkey, encodedlen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -694,7 +690,7 @@ static int add_key_share(SSL_CONNECTION *s, WPACKET *pkt, unsigned int group_id, OPENSSL_free(encoded_pubkey); return 1; - err: +err: if (key_share_key != s->s3.tmp.ks_pkey[loop_num]) EVP_PKEY_free(key_share_key); OPENSSL_free(encoded_pubkey); @@ -703,8 +699,8 @@ static int add_key_share(SSL_CONNECTION *s, WPACKET *pkt, unsigned int group_id, #endif EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 size_t i, num_groups = 0; @@ -715,10 +711,10 @@ EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt, /* key_share extension */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) - /* Extension data sub-packet */ - || !WPACKET_start_sub_packet_u16(pkt) - /* KeyShare list sub-packet */ - || !WPACKET_start_sub_packet_u16(pkt)) { + /* Extension data sub-packet */ + || !WPACKET_start_sub_packet_u16(pkt) + /* KeyShare list sub-packet */ + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -754,7 +750,7 @@ EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt, if (!tls_group_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED)) continue; if (!tls_valid_group(s, pgroups[i], TLS1_3_VERSION, TLS1_3_VERSION, - 0, NULL)) + 0, NULL)) continue; group_id = pgroups[i]; @@ -790,8 +786,8 @@ EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_ctos_cookie(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { EXT_RETURN ret = EXT_RETURN_FAIL; @@ -800,17 +796,17 @@ EXT_RETURN tls_construct_ctos_cookie(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie) - /* Extension data sub-packet */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u16(pkt, s->ext.tls13_cookie, - s->ext.tls13_cookie_len) - || !WPACKET_close(pkt)) { + /* Extension data sub-packet */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u16(pkt, s->ext.tls13_cookie, + s->ext.tls13_cookie_len) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto end; } ret = EXT_RETURN_SENT; - end: +end: OPENSSL_free(s->ext.tls13_cookie); s->ext.tls13_cookie = NULL; s->ext.tls13_cookie_len = 0; @@ -819,12 +815,12 @@ EXT_RETURN tls_construct_ctos_cookie(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { #ifndef OPENSSL_NO_PSK char identity[PSK_MAX_IDENTITY_LEN + 1]; -#endif /* OPENSSL_NO_PSK */ +#endif /* OPENSSL_NO_PSK */ const unsigned char *id = NULL; size_t idlen = 0; SSL_SESSION *psksess = NULL; @@ -836,9 +832,9 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, handmd = ssl_handshake_md(s); if (s->psk_use_session_cb != NULL - && (!s->psk_use_session_cb(ussl, handmd, &id, &idlen, &psksess) - || (psksess != NULL - && psksess->ssl_version != TLS1_3_VERSION))) { + && (!s->psk_use_session_cb(ussl, handmd, &id, &idlen, &psksess) + || (psksess != NULL + && psksess->ssl_version != TLS1_3_VERSION))) { SSL_SESSION_free(psksess); SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_PSK); return EXT_RETURN_FAIL; @@ -851,8 +847,8 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, memset(identity, 0, sizeof(identity)); psklen = s->psk_client_callback(ussl, NULL, - identity, sizeof(identity) - 1, - psk, sizeof(psk)); + identity, sizeof(identity) - 1, + psk, sizeof(psk)); if (psklen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_INTERNAL_ERROR); @@ -873,7 +869,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, * the digest so we default to SHA256 as per the TLSv1.3 spec */ cipher = SSL_CIPHER_find(SSL_CONNECTION_GET_SSL(s), - tls13_aes128gcmsha256_id); + tls13_aes128gcmsha256_id); if (cipher == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -881,9 +877,9 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, psksess = SSL_SESSION_new(); if (psksess == NULL - || !SSL_SESSION_set1_master_key(psksess, psk, psklen) - || !SSL_SESSION_set_cipher(psksess, cipher) - || !SSL_SESSION_set_protocol_version(psksess, TLS1_3_VERSION)) { + || !SSL_SESSION_set1_master_key(psksess, psk, psklen) + || !SSL_SESSION_set_cipher(psksess, cipher) + || !SSL_SESSION_set_protocol_version(psksess, TLS1_3_VERSION)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); OPENSSL_cleanse(psk, psklen); return EXT_RETURN_FAIL; @@ -891,7 +887,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, OPENSSL_cleanse(psk, psklen); } } -#endif /* OPENSSL_NO_PSK */ +#endif /* OPENSSL_NO_PSK */ SSL_SESSION_free(s->psksession); s->psksession = psksess; @@ -907,8 +903,8 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, } if (s->early_data_state != SSL_EARLY_DATA_CONNECTING - || (s->session->ext.max_early_data == 0 - && (psksess == NULL || psksess->ext.max_early_data == 0))) { + || (s->session->ext.max_early_data == 0 + && (psksess == NULL || psksess->ext.max_early_data == 0))) { s->max_early_data = 0; return EXT_RETURN_NOT_SENT; } @@ -917,10 +913,10 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, if (edsess->ext.hostname != NULL) { if (s->ext.hostname == NULL - || (s->ext.hostname != NULL - && strcmp(s->ext.hostname, edsess->ext.hostname) != 0)) { + || (s->ext.hostname != NULL + && strcmp(s->ext.hostname, edsess->ext.hostname) != 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_INCONSISTENT_EARLY_DATA_SNI); + SSL_R_INCONSISTENT_EARLY_DATA_SNI); return EXT_RETURN_FAIL; } } @@ -944,21 +940,21 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, } while (PACKET_get_length_prefixed_1(&prots, &alpnpkt)) { if (PACKET_equal(&alpnpkt, edsess->ext.alpn_selected, - edsess->ext.alpn_selected_len)) { + edsess->ext.alpn_selected_len)) { found = 1; break; } } if (!found) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_INCONSISTENT_EARLY_DATA_ALPN); + SSL_R_INCONSISTENT_EARLY_DATA_ALPN); return EXT_RETURN_FAIL; } } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -973,8 +969,8 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_SENT; } -#define F5_WORKAROUND_MIN_MSG_LEN 0xff -#define F5_WORKAROUND_MAX_MSG_LEN 0x200 +#define F5_WORKAROUND_MIN_MSG_LEN 0xff +#define F5_WORKAROUND_MAX_MSG_LEN 0x200 /* * PSK pre binder overhead = @@ -991,8 +987,8 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, #define PSK_PRE_BINDER_OVERHEAD (2 + 2 + 2 + 2 + 4 + 2 + 1) EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { unsigned char *padbytes; size_t hlen; @@ -1016,10 +1012,10 @@ EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt, * extension, so we need to calculate how long it is going to be. */ if (s->session->ssl_version == TLS1_3_VERSION - && s->session->ext.ticklen != 0 - && s->session->cipher != NULL) { + && s->session->ext.ticklen != 0 + && s->session->cipher != NULL) { const EVP_MD *md = ssl_md(SSL_CONNECTION_GET_CTX(s), - s->session->cipher->algorithm2); + s->session->cipher->algorithm2); if (md != NULL) { /* @@ -1030,8 +1026,8 @@ EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt, if (md_size <= 0) return EXT_RETURN_FAIL; - hlen += PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen - + md_size; + hlen += PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen + + md_size; } } @@ -1051,7 +1047,7 @@ EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt, hlen = 1; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_padding) - || !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) { + || !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1065,8 +1061,8 @@ EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt, * Construct the pre_shared_key extension */ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 uint32_t agesec, agems = 0; @@ -1091,7 +1087,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, * so don't add this extension. */ if (s->session->ssl_version != TLS1_3_VERSION - || (s->session->ext.ticklen == 0 && s->psksession == NULL)) + || (s->session->ext.ticklen == 0 && s->psksession == NULL)) return EXT_RETURN_NOT_SENT; if (s->hello_retry_request == SSL_HRR_PENDING) @@ -1173,7 +1169,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, dores = 1; } - dopsksess: +dopsksess: if (!dores && s->psksession == NULL) return EXT_RETURN_NOT_SENT; @@ -1206,16 +1202,16 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, /* Create the extension, but skip over the binder for now */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } if (dores) { if (!WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, - s->session->ext.ticklen) - || !WPACKET_put_bytes_u32(pkt, agems)) { + s->session->ext.ticklen) + || !WPACKET_put_bytes_u32(pkt, agems)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1223,8 +1219,8 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, if (s->psksession != NULL) { if (!WPACKET_sub_memcpy_u16(pkt, s->psksession_id, - s->psksession_id_len) - || !WPACKET_put_bytes_u32(pkt, 0)) { + s->psksession_id_len) + || !WPACKET_put_bytes_u32(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1232,20 +1228,20 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, } if (!WPACKET_close(pkt) - || !WPACKET_get_total_written(pkt, &binderoffset) - || !WPACKET_start_sub_packet_u16(pkt) - || (dores - && !WPACKET_sub_allocate_bytes_u8(pkt, reshashsize, &resbinder)) - || (s->psksession != NULL - && !WPACKET_sub_allocate_bytes_u8(pkt, pskhashsize, &pskbinder)) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt) - || !WPACKET_get_total_written(pkt, &msglen) - /* - * We need to fill in all the sub-packet lengths now so we can - * calculate the HMAC of the message up to the binders - */ - || !WPACKET_fill_lengths(pkt)) { + || !WPACKET_get_total_written(pkt, &binderoffset) + || !WPACKET_start_sub_packet_u16(pkt) + || (dores + && !WPACKET_sub_allocate_bytes_u8(pkt, reshashsize, &resbinder)) + || (s->psksession != NULL + && !WPACKET_sub_allocate_bytes_u8(pkt, pskhashsize, &pskbinder)) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt) + || !WPACKET_get_total_written(pkt, &msglen) + /* + * We need to fill in all the sub-packet lengths now so we can + * calculate the HMAC of the message up to the binders + */ + || !WPACKET_fill_lengths(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1253,15 +1249,17 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, msgstart = WPACKET_get_curr(pkt) - msglen; if (dores - && tls_psk_do_binder(s, mdres, msgstart, binderoffset, NULL, - resbinder, s->session, 1, 0) != 1) { + && tls_psk_do_binder(s, mdres, msgstart, binderoffset, NULL, + resbinder, s->session, 1, 0) + != 1) { /* SSLfatal() already called */ return EXT_RETURN_FAIL; } if (s->psksession != NULL - && tls_psk_do_binder(s, mdpsk, msgstart, binderoffset, NULL, - pskbinder, s->psksession, 1, 1) != 1) { + && tls_psk_do_binder(s, mdpsk, msgstart, binderoffset, NULL, + pskbinder, s->psksession, 1, 1) + != 1) { /* SSLfatal() already called */ return EXT_RETURN_FAIL; } @@ -1273,9 +1271,9 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL_CONNECTION *s, WPACKET *pkt, - ossl_unused unsigned int context, - ossl_unused X509 *x, - ossl_unused size_t chainidx) + ossl_unused unsigned int context, + ossl_unused X509 *x, + ossl_unused size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 if (!s->pha_enabled) @@ -1283,8 +1281,8 @@ EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL_CONNECTION *s, WPACKET *pk /* construct extension - 0 length, no contents */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_post_handshake_auth) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1297,13 +1295,12 @@ EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL_CONNECTION *s, WPACKET *pk #endif } - /* * Parse the server's renegotiation binding and abort if it's not right */ int tls_parse_stoc_renegotiate(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { size_t expected_len = s->s3.previous_client_finished_len + s->s3.previous_server_finished_len; @@ -1312,9 +1309,9 @@ int tls_parse_stoc_renegotiate(SSL_CONNECTION *s, PACKET *pkt, /* Check for logic errors */ if (!ossl_assert(expected_len == 0 - || s->s3.previous_client_finished_len != 0) + || s->s3.previous_client_finished_len != 0) || !ossl_assert(expected_len == 0 - || s->s3.previous_server_finished_len != 0)) { + || s->s3.previous_server_finished_len != 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1339,14 +1336,16 @@ int tls_parse_stoc_renegotiate(SSL_CONNECTION *s, PACKET *pkt, if (!PACKET_get_bytes(pkt, &data, s->s3.previous_client_finished_len) || memcmp(data, s->s3.previous_client_finished, - s->s3.previous_client_finished_len) != 0) { + s->s3.previous_client_finished_len) + != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_RENEGOTIATION_MISMATCH); return 0; } if (!PACKET_get_bytes(pkt, &data, s->s3.previous_server_finished_len) || memcmp(data, s->s3.previous_server_finished, - s->s3.previous_server_finished_len) != 0) { + s->s3.previous_server_finished_len) + != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_RENEGOTIATION_MISMATCH); return 0; } @@ -1357,8 +1356,8 @@ int tls_parse_stoc_renegotiate(SSL_CONNECTION *s, PACKET *pkt, /* Parse the server's max fragment len extension packet */ int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { unsigned int value; @@ -1370,7 +1369,7 @@ int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, /* |value| should contains a valid max-fragment-length code. */ if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } @@ -1382,7 +1381,7 @@ int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, */ if (value != s->ext.max_fragment_len_mode) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } @@ -1396,8 +1395,8 @@ int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, } int tls_parse_stoc_server_name(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { if (s->ext.hostname == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1425,8 +1424,8 @@ int tls_parse_stoc_server_name(SSL_CONNECTION *s, PACKET *pkt, } int tls_parse_stoc_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { size_t ecpointformats_len; PACKET ecptformatlist; @@ -1454,8 +1453,8 @@ int tls_parse_stoc_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, s->ext.peer_ecpointformats_len = ecpointformats_len; if (!PACKET_copy_bytes(&ecptformatlist, - s->ext.peer_ecpointformats, - ecpointformats_len)) { + s->ext.peer_ecpointformats, + ecpointformats_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1465,15 +1464,12 @@ int tls_parse_stoc_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, } int tls_parse_stoc_session_ticket(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); - if (s->ext.session_ticket_cb != NULL && - !s->ext.session_ticket_cb(ssl, PACKET_data(pkt), - PACKET_remaining(pkt), - s->ext.session_ticket_cb_arg)) { + if (s->ext.session_ticket_cb != NULL && !s->ext.session_ticket_cb(ssl, PACKET_data(pkt), PACKET_remaining(pkt), s->ext.session_ticket_cb_arg)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); return 0; } @@ -1494,8 +1490,8 @@ int tls_parse_stoc_session_ticket(SSL_CONNECTION *s, PACKET *pkt, #ifndef OPENSSL_NO_OCSP int tls_parse_stoc_status_request(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) { /* We ignore this if the server sends a CertificateRequest */ @@ -1533,10 +1529,9 @@ int tls_parse_stoc_status_request(SSL_CONNECTION *s, PACKET *pkt, } #endif - #ifndef OPENSSL_NO_CT int tls_parse_stoc_sct(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) { /* We ignore this if the server sends it in a CertificateRequest */ @@ -1570,23 +1565,25 @@ int tls_parse_stoc_sct(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, } } else { ENDPOINT role = (context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0 - ? ENDPOINT_CLIENT : ENDPOINT_BOTH; + ? ENDPOINT_CLIENT + : ENDPOINT_BOTH; /* * If we didn't ask for it then there must be a custom extension, * otherwise this is unsolicited. */ if (custom_ext_find(&s->cert->custext, role, - TLSEXT_TYPE_signed_certificate_timestamp, - NULL) == NULL) { + TLSEXT_TYPE_signed_certificate_timestamp, + NULL) + == NULL) { SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION); return 0; } if (!custom_ext_parse(s, context, - TLSEXT_TYPE_signed_certificate_timestamp, - PACKET_data(pkt), PACKET_remaining(pkt), - x, chainidx)) { + TLSEXT_TYPE_signed_certificate_timestamp, + PACKET_data(pkt), PACKET_remaining(pkt), + x, chainidx)) { /* SSLfatal already called */ return 0; } @@ -1596,7 +1593,6 @@ int tls_parse_stoc_sct(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, } #endif - #ifndef OPENSSL_NO_NEXTPROTONEG /* * ssl_next_proto_validate validates a Next Protocol Negotiation block. No @@ -1619,7 +1615,7 @@ static int ssl_next_proto_validate(SSL_CONNECTION *s, PACKET *pkt) } int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { unsigned char *selected; unsigned char selected_len; @@ -1643,10 +1639,11 @@ int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, return 0; } if (sctx->ext.npn_select_cb(SSL_CONNECTION_GET_USER_SSL(s), - &selected, &selected_len, - PACKET_data(pkt), PACKET_remaining(pkt), - sctx->ext.npn_select_cb_arg) != SSL_TLSEXT_ERR_OK - || selected_len == 0) { + &selected, &selected_len, + PACKET_data(pkt), PACKET_remaining(pkt), + sctx->ext.npn_select_cb_arg) + != SSL_TLSEXT_ERR_OK + || selected_len == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); return 0; } @@ -1672,7 +1669,7 @@ int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, #endif int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { size_t len; PACKET confpkt, protpkt; @@ -1731,9 +1728,9 @@ int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, s->s3.alpn_selected_len = len; if (s->session->ext.alpn_selected == NULL - || s->session->ext.alpn_selected_len != len - || memcmp(s->session->ext.alpn_selected, s->s3.alpn_selected, len) - != 0) { + || s->session->ext.alpn_selected_len != len + || memcmp(s->session->ext.alpn_selected, s->s3.alpn_selected, len) + != 0) { /* ALPN not consistent with the old session so cannot use early_data */ s->ext.early_data_ok = 0; } @@ -1746,8 +1743,7 @@ int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } - s->session->ext.alpn_selected = - OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); + s->session->ext.alpn_selected = OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { s->session->ext.alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1761,7 +1757,7 @@ int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, #ifndef OPENSSL_NO_SRTP int tls_parse_stoc_use_srtp(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, X509 *x, size_t chainidx) + unsigned int context, X509 *x, size_t chainidx) { unsigned int id, ct, mki; int i; @@ -1769,11 +1765,11 @@ int tls_parse_stoc_use_srtp(SSL_CONNECTION *s, PACKET *pkt, SRTP_PROTECTION_PROFILE *prof; if (!PACKET_get_net_2(pkt, &ct) || ct != 2 - || !PACKET_get_net_2(pkt, &id) - || !PACKET_get_1(pkt, &mki) - || PACKET_remaining(pkt) != 0) { + || !PACKET_get_net_2(pkt, &id) + || !PACKET_get_1(pkt, &mki) + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); return 0; } @@ -1804,29 +1800,29 @@ int tls_parse_stoc_use_srtp(SSL_CONNECTION *s, PACKET *pkt, } SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); return 0; } #endif int tls_parse_stoc_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { /* Ignore if inappropriate ciphersuite */ if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) - && s->s3.tmp.new_cipher->algorithm_mac != SSL_AEAD - && s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4 - && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT - && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12 - && s->s3.tmp.new_cipher->algorithm_enc != SSL_MAGMA - && s->s3.tmp.new_cipher->algorithm_enc != SSL_KUZNYECHIK) + && s->s3.tmp.new_cipher->algorithm_mac != SSL_AEAD + && s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4 + && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT + && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12 + && s->s3.tmp.new_cipher->algorithm_enc != SSL_MAGMA + && s->s3.tmp.new_cipher->algorithm_enc != SSL_KUZNYECHIK) s->ext.use_etm = 1; return 1; } int tls_parse_stoc_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) return 1; @@ -1838,13 +1834,13 @@ int tls_parse_stoc_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, } int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { unsigned int version; if (!PACKET_get_net_2(pkt, &version) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -1855,7 +1851,7 @@ int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt, */ if (version != TLS1_3_VERSION) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_BAD_PROTOCOL_VERSION_NUMBER); + SSL_R_BAD_PROTOCOL_VERSION_NUMBER); return 0; } @@ -1874,8 +1870,8 @@ int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt, } int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned int group_id; @@ -1924,9 +1920,9 @@ int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt, break; } if (i >= num_groups - || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) - || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, - 0, NULL)) { + || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) + || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, + 0, NULL)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); return 0; } @@ -1992,13 +1988,14 @@ int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt, } if ((ginf = tls1_group_id_lookup(SSL_CONNECTION_GET_CTX(s), - group_id)) == NULL) { + group_id)) + == NULL) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); return 0; } if (!PACKET_as_length_prefixed_2(pkt, &encoded_pt) - || PACKET_remaining(&encoded_pt) == 0) { + || PACKET_remaining(&encoded_pt) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -2013,7 +2010,8 @@ int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt, } if (tls13_set_encoded_pub_key(skey, PACKET_data(&encoded_pt), - PACKET_remaining(&encoded_pt)) <= 0) { + PACKET_remaining(&encoded_pt)) + <= 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT); EVP_PKEY_free(skey); return 0; @@ -2042,13 +2040,13 @@ int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt, } int tls_parse_stoc_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { PACKET cookie; if (!PACKET_as_length_prefixed_2(pkt, &cookie) - || !PACKET_memdup(&cookie, &s->ext.tls13_cookie, - &s->ext.tls13_cookie_len)) { + || !PACKET_memdup(&cookie, &s->ext.tls13_cookie, + &s->ext.tls13_cookie_len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -2057,14 +2055,14 @@ int tls_parse_stoc_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, } int tls_parse_stoc_early_data(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) { unsigned long max_early_data; if (!PACKET_get_net_4(pkt, &max_early_data) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_INVALID_MAX_EARLY_DATA); return 0; } @@ -2096,7 +2094,7 @@ int tls_parse_stoc_early_data(SSL_CONNECTION *s, PACKET *pkt, } if (!s->ext.early_data_ok - || !s->hit) { + || !s->hit) { /* * If we get here then we didn't send early data, or we didn't resume * using the first identity, or the SNI/ALPN is not consistent so the @@ -2112,8 +2110,8 @@ int tls_parse_stoc_early_data(SSL_CONNECTION *s, PACKET *pkt, } int tls_parse_stoc_psk(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned int identity; @@ -2152,9 +2150,9 @@ int tls_parse_stoc_psk(SSL_CONNECTION *s, PACKET *pkt, * early_secret across that we generated earlier. */ if ((s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY - && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) - || s->session->ext.max_early_data > 0 - || s->psksession->ext.max_early_data == 0) + && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) + || s->session->ext.max_early_data > 0 + || s->psksession->ext.max_early_data == 0) memcpy(s->early_secret, s->psksession->early_secret, EVP_MAX_MD_SIZE); SSL_SESSION_free(s->session); @@ -2170,17 +2168,17 @@ int tls_parse_stoc_psk(SSL_CONNECTION *s, PACKET *pkt, } EXT_RETURN tls_construct_ctos_client_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { sc->ext.client_cert_type_ctos = OSSL_CERT_TYPE_CTOS_NONE; if (sc->client_cert_type == NULL) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_client_cert_type) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, sc->client_cert_type, sc->client_cert_type_len) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, sc->client_cert_type, sc->client_cert_type_len) + || !WPACKET_close(pkt)) { SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -2189,8 +2187,8 @@ EXT_RETURN tls_construct_ctos_client_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, } int tls_parse_stoc_client_cert_type(SSL_CONNECTION *sc, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { unsigned int type; @@ -2222,17 +2220,17 @@ int tls_parse_stoc_client_cert_type(SSL_CONNECTION *sc, PACKET *pkt, } EXT_RETURN tls_construct_ctos_server_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { sc->ext.server_cert_type_ctos = OSSL_CERT_TYPE_CTOS_NONE; if (sc->server_cert_type == NULL) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_cert_type) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, sc->server_cert_type, sc->server_cert_type_len) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, sc->server_cert_type, sc->server_cert_type_len) + || !WPACKET_close(pkt)) { SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -2241,8 +2239,8 @@ EXT_RETURN tls_construct_ctos_server_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, } int tls_parse_stoc_server_cert_type(SSL_CONNECTION *sc, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { unsigned int type; diff --git a/crypto/openssl/ssl/statem/extensions_cust.c b/crypto/openssl/ssl/statem/extensions_cust.c index aa352529c4cc..ce1c69bbdc1d 100644 --- a/crypto/openssl/ssl/statem/extensions_cust.c +++ b/crypto/openssl/ssl/statem/extensions_cust.c @@ -30,10 +30,10 @@ typedef struct { * Provide thin wrapper callbacks which convert new style arguments to old style */ static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char **out, - size_t *outlen, X509 *x, size_t chainidx, - int *al, void *add_arg) + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, size_t chainidx, + int *al, void *add_arg) { custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg; @@ -41,12 +41,12 @@ static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type, return 1; return add_cb_wrap->add_cb(s, ext_type, out, outlen, al, - add_cb_wrap->add_arg); + add_cb_wrap->add_arg); } static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char *out, void *add_arg) + unsigned int context, + const unsigned char *out, void *add_arg) { custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg; @@ -57,19 +57,18 @@ static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type, } static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type, - unsigned int context, - const unsigned char *in, - size_t inlen, X509 *x, size_t chainidx, - int *al, void *parse_arg) + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, size_t chainidx, + int *al, void *parse_arg) { - custom_ext_parse_cb_wrap *parse_cb_wrap = - (custom_ext_parse_cb_wrap *)parse_arg; + custom_ext_parse_cb_wrap *parse_cb_wrap = (custom_ext_parse_cb_wrap *)parse_arg; if (parse_cb_wrap->parse_cb == NULL) return 1; return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al, - parse_cb_wrap->parse_arg); + parse_cb_wrap->parse_arg); } /* @@ -80,16 +79,16 @@ static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type, * client, or ENDPOINT_BOTH for either */ custom_ext_method *custom_ext_find(const custom_ext_methods *exts, - ENDPOINT role, unsigned int ext_type, - size_t *idx) + ENDPOINT role, unsigned int ext_type, + size_t *idx) { size_t i; custom_ext_method *meth = exts->meths; for (i = 0; i < exts->meths_count; i++, meth++) { if (ext_type == meth->ext_type - && (role == ENDPOINT_BOTH || role == meth->role - || meth->role == ENDPOINT_BOTH)) { + && (role == ENDPOINT_BOTH || role == meth->role + || meth->role == ENDPOINT_BOTH)) { if (idx != NULL) *idx = i; return meth; @@ -112,9 +111,9 @@ void custom_ext_init(custom_ext_methods *exts) /* Pass received custom extension data to the application for parsing. */ int custom_ext_parse(SSL_CONNECTION *s, unsigned int context, - unsigned int ext_type, - const unsigned char *ext_data, size_t ext_size, X509 *x, - size_t chainidx) + unsigned int ext_type, + const unsigned char *ext_data, size_t ext_size, X509 *x, + size_t chainidx) { int al = 0; custom_ext_methods *exts = &s->cert->custext; @@ -133,9 +132,7 @@ int custom_ext_parse(SSL_CONNECTION *s, unsigned int context, if (!extension_is_relevant(s, meth->context, context)) return 1; - if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) { + if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) { /* * If it's ServerHello or EncryptedExtensions we can't have any * extensions not sent in ClientHello. @@ -152,7 +149,7 @@ int custom_ext_parse(SSL_CONNECTION *s, unsigned int context, * extensions in the response messages */ if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST)) - != 0) + != 0) meth->ext_flags |= SSL_EXT_FLAG_RECEIVED; /* If no parse function set return success */ @@ -160,7 +157,8 @@ int custom_ext_parse(SSL_CONNECTION *s, unsigned int context, return 1; if (meth->parse_cb(SSL_CONNECTION_GET_USER_SSL(s), ext_type, context, ext_data, - ext_size, x, chainidx, &al, meth->parse_arg) <= 0) { + ext_size, x, chainidx, &al, meth->parse_arg) + <= 0) { SSLfatal(s, al, SSL_R_BAD_EXTENSION); return 0; } @@ -173,7 +171,7 @@ int custom_ext_parse(SSL_CONNECTION *s, unsigned int context, * buffer. */ int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x, - size_t chainidx, int maxversion) + size_t chainidx, int maxversion) { custom_ext_methods *exts = &s->cert->custext; custom_ext_method *meth; @@ -190,12 +188,7 @@ int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x, if (!should_add_extension(s, meth->context, context, maxversion)) continue; - if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - | SSL_EXT_TLS1_3_CERTIFICATE - | SSL_EXT_TLS1_3_RAW_PUBLIC_KEY - | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) { + if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_RAW_PUBLIC_KEY | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) { /* Only send extensions present in ClientHello/CertificateRequest */ if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED)) continue; @@ -209,26 +202,26 @@ int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x, if (meth->add_cb != NULL) { int cb_retval = meth->add_cb(SSL_CONNECTION_GET_USER_SSL(s), - meth->ext_type, context, &out, - &outlen, x, chainidx, &al, - meth->add_arg); + meth->ext_type, context, &out, + &outlen, x, chainidx, &al, + meth->add_arg); if (cb_retval < 0) { if (!for_comp) SSLfatal(s, al, SSL_R_CALLBACK_FAILED); - return 0; /* error */ + return 0; /* error */ } if (cb_retval == 0) - continue; /* skip this extension */ + continue; /* skip this extension */ } if (!WPACKET_put_bytes_u16(pkt, meth->ext_type) - || !WPACKET_start_sub_packet_u16(pkt) - || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen)) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen)) + || !WPACKET_close(pkt)) { if (meth->free_cb != NULL) meth->free_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type, - context, out, meth->add_arg); + context, out, meth->add_arg); if (!for_comp) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -240,7 +233,7 @@ int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x, if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) { if (meth->free_cb != NULL) meth->free_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type, - context, out, meth->add_arg); + context, out, meth->add_arg); if (!for_comp) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -254,21 +247,21 @@ int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x, } if (meth->free_cb != NULL) meth->free_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type, - context, out, meth->add_arg); + context, out, meth->add_arg); } return 1; } /* Copy the flags from src to dst for any extensions that exist in both */ int custom_exts_copy_flags(custom_ext_methods *dst, - const custom_ext_methods *src) + const custom_ext_methods *src) { size_t i; custom_ext_method *methsrc = src->meths; for (i = 0; i < src->meths_count; i++, methsrc++) { custom_ext_method *methdst = custom_ext_find(dst, methsrc->role, - methsrc->ext_type, NULL); + methsrc->ext_type, NULL); if (methdst == NULL) continue; @@ -281,8 +274,8 @@ int custom_exts_copy_flags(custom_ext_methods *dst, /* Copy old style API wrapper arguments */ static void custom_ext_copy_old_cb(custom_ext_method *methdst, - const custom_ext_method *methsrc, - int *err) + const custom_ext_method *methsrc, + int *err) { if (methsrc->add_cb != custom_ext_add_old_cb_wrap) return; @@ -294,9 +287,9 @@ static void custom_ext_copy_old_cb(custom_ext_method *methdst, } methdst->add_arg = OPENSSL_memdup(methsrc->add_arg, - sizeof(custom_ext_add_cb_wrap)); + sizeof(custom_ext_add_cb_wrap)); methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg, - sizeof(custom_ext_parse_cb_wrap)); + sizeof(custom_ext_parse_cb_wrap)); if (methdst->add_arg == NULL || methdst->parse_arg == NULL) *err = 1; @@ -311,9 +304,8 @@ int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src) int err = 0; if (src->meths_count > 0) { - dst->meths = - OPENSSL_memdup(src->meths, - sizeof(*src->meths) * src->meths_count); + dst->meths = OPENSSL_memdup(src->meths, + sizeof(*src->meths) * src->meths_count); if (dst->meths == NULL) return 0; dst->meths_count = src->meths_count; @@ -332,7 +324,7 @@ int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src) /* Copy custom extensions that were set on connection */ int custom_exts_copy_conn(custom_ext_methods *dst, - const custom_ext_methods *src) + const custom_ext_methods *src) { size_t i; int err = 0; @@ -345,10 +337,8 @@ int custom_exts_copy_conn(custom_ext_methods *dst, meths_count++; if (meths_count > 0) { - custom_ext_method *methdst = - OPENSSL_realloc(dst->meths, - (dst->meths_count + meths_count) * - sizeof(custom_ext_method)); + custom_ext_method *methdst = OPENSSL_realloc(dst->meths, + (dst->meths_count + meths_count) * sizeof(custom_ext_method)); if (methdst == NULL) return 0; @@ -404,17 +394,18 @@ void custom_exts_free(custom_ext_methods *exts) int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type) { return custom_ext_find(&ctx->cert->custext, ENDPOINT_CLIENT, ext_type, - NULL) != NULL; + NULL) + != NULL; } int ossl_tls_add_custom_ext_intern(SSL_CTX *ctx, custom_ext_methods *exts, - ENDPOINT role, unsigned int ext_type, - unsigned int context, - SSL_custom_ext_add_cb_ex add_cb, - SSL_custom_ext_free_cb_ex free_cb, - void *add_arg, - SSL_custom_ext_parse_cb_ex parse_cb, - void *parse_arg) + ENDPOINT role, unsigned int ext_type, + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, + void *parse_arg) { custom_ext_method *meth, *tmp; @@ -435,9 +426,9 @@ int ossl_tls_add_custom_ext_intern(SSL_CTX *ctx, custom_ext_methods *exts, * these two things may not play well together. */ if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp - && (context & SSL_EXT_CLIENT_HELLO) != 0 - && ctx != NULL - && SSL_CTX_ct_is_enabled(ctx)) + && (context & SSL_EXT_CLIENT_HELLO) != 0 + && ctx != NULL + && SSL_CTX_ct_is_enabled(ctx)) return 0; #endif @@ -446,7 +437,7 @@ int ossl_tls_add_custom_ext_intern(SSL_CTX *ctx, custom_ext_methods *exts, * for extension types that previously were not supported, but now are. */ if (SSL_extension_supported(ext_type) - && ext_type != TLSEXT_TYPE_signed_certificate_timestamp) + && ext_type != TLSEXT_TYPE_signed_certificate_timestamp) return 0; /* Extension type must fit in 16 bits */ @@ -456,7 +447,7 @@ int ossl_tls_add_custom_ext_intern(SSL_CTX *ctx, custom_ext_methods *exts, if (custom_ext_find(exts, role, ext_type, NULL)) return 0; tmp = OPENSSL_realloc(exts->meths, - (exts->meths_count + 1) * sizeof(custom_ext_method)); + (exts->meths_count + 1) * sizeof(custom_ext_method)); if (tmp == NULL) return 0; @@ -477,12 +468,12 @@ int ossl_tls_add_custom_ext_intern(SSL_CTX *ctx, custom_ext_methods *exts, } static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role, - unsigned int ext_type, - unsigned int context, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg) + unsigned int ext_type, + unsigned int context, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg) { custom_ext_add_cb_wrap *add_cb_wrap = OPENSSL_malloc(sizeof(*add_cb_wrap)); @@ -503,12 +494,12 @@ static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role, parse_cb_wrap->parse_cb = parse_cb; ret = ossl_tls_add_custom_ext_intern(ctx, NULL, role, ext_type, - context, - custom_ext_add_old_cb_wrap, - custom_ext_free_old_cb_wrap, - add_cb_wrap, - custom_ext_parse_old_cb_wrap, - parse_cb_wrap); + context, + custom_ext_add_old_cb_wrap, + custom_ext_free_old_cb_wrap, + add_cb_wrap, + custom_ext_parse_old_cb_wrap, + parse_cb_wrap); if (!ret) { OPENSSL_free(add_cb_wrap); @@ -520,43 +511,43 @@ static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role, /* Application level functions to add the old custom extension callbacks */ int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg) + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg) { return add_old_custom_ext(ctx, ENDPOINT_CLIENT, ext_type, - SSL_EXT_TLS1_2_AND_BELOW_ONLY - | SSL_EXT_CLIENT_HELLO - | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_IGNORE_ON_RESUMPTION, - add_cb, free_cb, add_arg, parse_cb, parse_arg); + SSL_EXT_TLS1_2_AND_BELOW_ONLY + | SSL_EXT_CLIENT_HELLO + | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_IGNORE_ON_RESUMPTION, + add_cb, free_cb, add_arg, parse_cb, parse_arg); } int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg) + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg) { return add_old_custom_ext(ctx, ENDPOINT_SERVER, ext_type, - SSL_EXT_TLS1_2_AND_BELOW_ONLY - | SSL_EXT_CLIENT_HELLO - | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_IGNORE_ON_RESUMPTION, - add_cb, free_cb, add_arg, parse_cb, parse_arg); + SSL_EXT_TLS1_2_AND_BELOW_ONLY + | SSL_EXT_CLIENT_HELLO + | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_IGNORE_ON_RESUMPTION, + add_cb, free_cb, add_arg, parse_cb, parse_arg); } int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - unsigned int context, - SSL_custom_ext_add_cb_ex add_cb, - SSL_custom_ext_free_cb_ex free_cb, - void *add_arg, - SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg) + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg) { return ossl_tls_add_custom_ext_intern(ctx, NULL, ENDPOINT_BOTH, ext_type, - context, add_cb, free_cb, add_arg, - parse_cb, parse_arg); + context, add_cb, free_cb, add_arg, + parse_cb, parse_arg); } int SSL_extension_supported(unsigned int ext_type) diff --git a/crypto/openssl/ssl/statem/extensions_srvr.c b/crypto/openssl/ssl/statem/extensions_srvr.c index 1a09913ad63f..cdb914daedcf 100644 --- a/crypto/openssl/ssl/statem/extensions_srvr.c +++ b/crypto/openssl/ssl/statem/extensions_srvr.c @@ -13,7 +13,7 @@ #include "internal/cryptlib.h" #include "internal/ssl_unwrap.h" -#define COOKIE_STATE_FORMAT_VERSION 1 +#define COOKIE_STATE_FORMAT_VERSION 1 /* * 2 bytes for packet length, 2 bytes for format version, 2 bytes for @@ -23,7 +23,7 @@ * length bytes, SHA256_DIGEST_LENGTH bytes for the HMAC of the whole thing. */ #define MAX_COOKIE_SIZE (2 + 2 + 2 + 2 + 2 + 1 + 8 + 2 + EVP_MAX_MD_SIZE + 1 \ - + SSL_COOKIE_LENGTH + SHA256_DIGEST_LENGTH) + + SSL_COOKIE_LENGTH + SHA256_DIGEST_LENGTH) /* * Message header + 2 bytes for protocol version + number of random bytes + @@ -32,16 +32,16 @@ * + 2 bytes for extension block length + 6 bytes for key_share extension * + 4 bytes for cookie extension header + the number of bytes in the cookie */ -#define MAX_HRR_SIZE (SSL3_HM_HEADER_LENGTH + 2 + SSL3_RANDOM_SIZE + 1 \ - + SSL_MAX_SSL_SESSION_ID_LENGTH + 2 + 1 + 2 + 6 + 4 \ - + MAX_COOKIE_SIZE) +#define MAX_HRR_SIZE (SSL3_HM_HEADER_LENGTH + 2 + SSL3_RANDOM_SIZE + 1 \ + + SSL_MAX_SSL_SESSION_ID_LENGTH + 2 + 1 + 2 + 6 + 4 \ + + MAX_COOKIE_SIZE) /* * Parse the client's renegotiation binding and abort if it's not right */ int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { unsigned int ilen; const unsigned char *data; @@ -61,7 +61,7 @@ int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt, } ok = memcmp(data, s->s3.previous_client_finished, - s->s3.previous_client_finished_len); + s->s3.previous_client_finished_len); #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION if (ok) { if ((data[0] ^ s->s3.previous_client_finished[0]) != 0xFF) { @@ -103,7 +103,7 @@ int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt, * - On session reconnect, the servername extension may be absent. */ int tls_parse_ctos_server_name(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, X509 *x, size_t chainidx) + unsigned int context, X509 *x, size_t chainidx) { unsigned int servname_type; PACKET sni, hostname; @@ -168,15 +168,15 @@ int tls_parse_ctos_server_name(SSL_CONNECTION *s, PACKET *pkt, */ s->servername_done = (s->session->ext.hostname != NULL) && PACKET_equal(&hostname, s->session->ext.hostname, - strlen(s->session->ext.hostname)); + strlen(s->session->ext.hostname)); } return 1; } int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { unsigned int value; @@ -188,7 +188,7 @@ int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, /* Received |value| should be a valid max-fragment-length code. */ if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); return 0; } @@ -218,12 +218,12 @@ int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, #ifndef OPENSSL_NO_SRP int tls_parse_ctos_srp(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { PACKET srp_I; if (!PACKET_as_length_prefixed_1(pkt, &srp_I) - || PACKET_contains_zero_byte(&srp_I)) { + || PACKET_contains_zero_byte(&srp_I)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -238,8 +238,8 @@ int tls_parse_ctos_srp(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, #endif int tls_parse_ctos_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { PACKET ec_point_format_list; @@ -251,8 +251,8 @@ int tls_parse_ctos_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, if (!s->hit) { if (!PACKET_memdup(&ec_point_format_list, - &s->ext.peer_ecpointformats, - &s->ext.peer_ecpointformats_len)) { + &s->ext.peer_ecpointformats, + &s->ext.peer_ecpointformats_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -262,13 +262,10 @@ int tls_parse_ctos_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, } int tls_parse_ctos_session_ticket(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { - if (s->ext.session_ticket_cb && - !s->ext.session_ticket_cb(SSL_CONNECTION_GET_USER_SSL(s), - PACKET_data(pkt), PACKET_remaining(pkt), - s->ext.session_ticket_cb_arg)) { + if (s->ext.session_ticket_cb && !s->ext.session_ticket_cb(SSL_CONNECTION_GET_USER_SSL(s), PACKET_data(pkt), PACKET_remaining(pkt), s->ext.session_ticket_cb_arg)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -277,14 +274,14 @@ int tls_parse_ctos_session_ticket(SSL_CONNECTION *s, PACKET *pkt, } int tls_parse_ctos_sig_algs_cert(SSL_CONNECTION *s, PACKET *pkt, - ossl_unused unsigned int context, - ossl_unused X509 *x, - ossl_unused size_t chainidx) + ossl_unused unsigned int context, + ossl_unused X509 *x, + ossl_unused size_t chainidx) { PACKET supported_sig_algs; if (!PACKET_as_length_prefixed_2(pkt, &supported_sig_algs) - || PACKET_remaining(&supported_sig_algs) == 0) { + || PACKET_remaining(&supported_sig_algs) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -295,7 +292,7 @@ int tls_parse_ctos_sig_algs_cert(SSL_CONNECTION *s, PACKET *pkt, * of whether it was a resumption or not. */ if ((!s->server || (s->server && !s->hit)) - && !tls1_save_sigalgs(s, &supported_sig_algs, 1)) { + && !tls1_save_sigalgs(s, &supported_sig_algs, 1)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -304,12 +301,12 @@ int tls_parse_ctos_sig_algs_cert(SSL_CONNECTION *s, PACKET *pkt, } int tls_parse_ctos_sig_algs(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, X509 *x, size_t chainidx) + unsigned int context, X509 *x, size_t chainidx) { PACKET supported_sig_algs; if (!PACKET_as_length_prefixed_2(pkt, &supported_sig_algs) - || PACKET_remaining(&supported_sig_algs) == 0) { + || PACKET_remaining(&supported_sig_algs) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -320,7 +317,7 @@ int tls_parse_ctos_sig_algs(SSL_CONNECTION *s, PACKET *pkt, * of whether it was a resumption or not. */ if ((!s->server || (s->server && !s->hit)) - && !tls1_save_sigalgs(s, &supported_sig_algs, 0)) { + && !tls1_save_sigalgs(s, &supported_sig_algs, 0)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -330,8 +327,8 @@ int tls_parse_ctos_sig_algs(SSL_CONNECTION *s, PACKET *pkt, #ifndef OPENSSL_NO_OCSP int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { PACKET responder_id_list, exts; @@ -356,7 +353,7 @@ int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt, return 1; } - if (!PACKET_get_length_prefixed_2 (pkt, &responder_id_list)) { + if (!PACKET_get_length_prefixed_2(pkt, &responder_id_list)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -382,14 +379,14 @@ int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt, const unsigned char *id_data; if (!PACKET_get_length_prefixed_2(&responder_id_list, &responder_id) - || PACKET_remaining(&responder_id) == 0) { + || PACKET_remaining(&responder_id) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } id_data = PACKET_data(&responder_id); id = d2i_OCSP_RESPID(NULL, &id_data, - (int)PACKET_remaining(&responder_id)); + (int)PACKET_remaining(&responder_id)); if (id == NULL) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; @@ -420,9 +417,8 @@ int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt, const unsigned char *ext_data = PACKET_data(&exts); sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, - X509_EXTENSION_free); - s->ext.ocsp.exts = - d2i_X509_EXTENSIONS(NULL, &ext_data, (int)PACKET_remaining(&exts)); + X509_EXTENSION_free); + s->ext.ocsp.exts = d2i_X509_EXTENSIONS(NULL, &ext_data, (int)PACKET_remaining(&exts)); if (s->ext.ocsp.exts == NULL || ext_data != PACKET_end(&exts)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; @@ -435,7 +431,7 @@ int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt, #ifndef OPENSSL_NO_NEXTPROTONEG int tls_parse_ctos_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { /* * We shouldn't accept this extension on a @@ -453,7 +449,7 @@ int tls_parse_ctos_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, * extension, not including type and length. Returns: 1 on success, 0 on error. */ int tls_parse_ctos_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { PACKET protocol_list, save_protocol_list, protocol; @@ -470,7 +466,7 @@ int tls_parse_ctos_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, do { /* Protocol names can't be empty. */ if (!PACKET_get_length_prefixed_1(&protocol_list, &protocol) - || PACKET_remaining(&protocol) == 0) { + || PACKET_remaining(&protocol) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -480,7 +476,7 @@ int tls_parse_ctos_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, s->s3.alpn_proposed = NULL; s->s3.alpn_proposed_len = 0; if (!PACKET_memdup(&save_protocol_list, - &s->s3.alpn_proposed, &s->s3.alpn_proposed_len)) { + &s->s3.alpn_proposed, &s->s3.alpn_proposed_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -490,7 +486,7 @@ int tls_parse_ctos_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, #ifndef OPENSSL_NO_SRTP int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, X509 *x, size_t chainidx) + unsigned int context, X509 *x, size_t chainidx) { STACK_OF(SRTP_PROTECTION_PROFILE) *srvr; unsigned int ct, mki_len, id; @@ -504,9 +500,9 @@ int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt, /* Pull off the length of the cipher suite list and check it is even */ if (!PACKET_get_net_2(pkt, &ct) || (ct & 1) != 0 - || !PACKET_get_sub_packet(pkt, &subpkt, ct)) { + || !PACKET_get_sub_packet(pkt, &subpkt, ct)) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); return 0; } @@ -518,7 +514,7 @@ int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt, while (PACKET_remaining(&subpkt)) { if (!PACKET_get_net_2(&subpkt, &id)) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); return 0; } @@ -529,8 +525,7 @@ int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt, * does nothing. */ for (i = 0; i < srtp_pref; i++) { - SRTP_PROTECTION_PROFILE *sprof = - sk_SRTP_PROTECTION_PROFILE_value(srvr, i); + SRTP_PROTECTION_PROFILE *sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i); if (sprof->id == id) { s->srtp_profile = sprof; @@ -543,7 +538,7 @@ int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt, /* Now extract the MKI value as a sanity check, but discard it for now */ if (!PACKET_get_1(pkt, &mki_len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); return 0; } @@ -558,7 +553,7 @@ int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt, #endif int tls_parse_ctos_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)) s->ext.use_etm = 1; @@ -571,15 +566,15 @@ int tls_parse_ctos_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, * the raw PACKET data for the extension. Returns 1 on success or 0 on failure. */ int tls_parse_ctos_psk_kex_modes(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 PACKET psk_kex_modes; unsigned int mode; if (!PACKET_as_length_prefixed_1(pkt, &psk_kex_modes) - || PACKET_remaining(&psk_kex_modes) == 0) { + || PACKET_remaining(&psk_kex_modes) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -588,12 +583,12 @@ int tls_parse_ctos_psk_kex_modes(SSL_CONNECTION *s, PACKET *pkt, if (mode == TLSEXT_KEX_MODE_KE_DHE) s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE_DHE; else if (mode == TLSEXT_KEX_MODE_KE - && (s->options & SSL_OP_ALLOW_NO_DHE_KEX) != 0) + && (s->options & SSL_OP_ALLOW_NO_DHE_KEX) != 0) s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE; } if (((s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) != 0) - && (s->options & SSL_OP_PREFER_NO_DHE_KEX) != 0) { + && (s->options & SSL_OP_PREFER_NO_DHE_KEX) != 0) { /* * If NO_DHE is supported and preferred, then we only remember this @@ -631,20 +626,21 @@ static int tls_accept_ksgroup(SSL_CONNECTION *s, uint16_t ksgroup, PACKET *encod s->session->kex_group = ksgroup; if ((s->s3.peer_tmp = ssl_generate_param_group(s, ksgroup)) == NULL) { SSLfatal(s, - SSL_AD_INTERNAL_ERROR, - SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); + SSL_AD_INTERNAL_ERROR, + SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); return 0; } if (tls13_set_encoded_pub_key(s->s3.peer_tmp, - PACKET_data(encoded_pubkey), - PACKET_remaining(encoded_pubkey)) <= 0) { + PACKET_data(encoded_pubkey), + PACKET_remaining(encoded_pubkey)) + <= 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT); return 0; } return 1; } -# define GROUPLIST_INCREMENT 32 /* Memory allocation chunk size (nominally 64 Bytes chunks) */ +#define GROUPLIST_INCREMENT 32 /* Memory allocation chunk size (nominally 64 Bytes chunks) */ typedef enum KS_EXTRACTION_RESULT { EXTRACTION_FAILURE, @@ -653,10 +649,10 @@ typedef enum KS_EXTRACTION_RESULT { } KS_EXTRACTION_RESULT; static KS_EXTRACTION_RESULT extract_keyshares(SSL_CONNECTION *s, PACKET *key_share_list, - const uint16_t *clntgroups, size_t clnt_num_groups, - const uint16_t *srvrgroups, size_t srvr_num_groups, - uint16_t **keyshares_arr, PACKET **encoded_pubkey_arr, - size_t *keyshares_cnt, size_t *keyshares_max) + const uint16_t *clntgroups, size_t clnt_num_groups, + const uint16_t *srvrgroups, size_t srvr_num_groups, + uint16_t **keyshares_arr, PACKET **encoded_pubkey_arr, + size_t *keyshares_cnt, size_t *keyshares_max) { PACKET encoded_pubkey; size_t key_share_pos = 0; @@ -678,8 +674,8 @@ static KS_EXTRACTION_RESULT extract_keyshares(SSL_CONNECTION *s, PACKET *key_sha while (PACKET_remaining(key_share_list) > 0) { /* Get the group_id for the current share and its encoded_pubkey */ if (!PACKET_get_net_2(key_share_list, &group_id) - || !PACKET_get_length_prefixed_2(key_share_list, &encoded_pubkey) - || PACKET_remaining(&encoded_pubkey) == 0) { + || !PACKET_get_length_prefixed_2(key_share_list, &encoded_pubkey) + || PACKET_remaining(&encoded_pubkey) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto failure; } @@ -689,8 +685,8 @@ static KS_EXTRACTION_RESULT extract_keyshares(SSL_CONNECTION *s, PACKET *key_sha * we requested, and must be the only key_share sent. */ if (s->s3.group_id != 0 - && (group_id != s->s3.group_id - || PACKET_remaining(key_share_list) != 0)) { + && (group_id != s->s3.group_id + || PACKET_remaining(key_share_list) != 0)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); goto failure; } @@ -731,9 +727,9 @@ static KS_EXTRACTION_RESULT extract_keyshares(SSL_CONNECTION *s, PACKET *key_sha * suitable for TLSv1.3 or which is not supported by the server */ if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1, NULL) - || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) - || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, - 0, NULL)) { + || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) + || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, + 0, NULL)) { /* Share not suitable or not supported, check next share */ continue; } @@ -749,23 +745,25 @@ static KS_EXTRACTION_RESULT extract_keyshares(SSL_CONNECTION *s, PACKET *key_sha */ if (*keyshares_cnt == *keyshares_max) { PACKET *tmp_pkt; - uint16_t *tmp = - OPENSSL_realloc(*keyshares_arr, - (*keyshares_max + GROUPLIST_INCREMENT) * sizeof(**keyshares_arr)); + uint16_t *tmp = OPENSSL_realloc(*keyshares_arr, + (*keyshares_max + GROUPLIST_INCREMENT) * sizeof(**keyshares_arr)); - if (tmp == NULL) + if (tmp == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto failure; + } + *keyshares_arr = tmp; - tmp_pkt = - OPENSSL_realloc(*encoded_pubkey_arr, - (*keyshares_max + GROUPLIST_INCREMENT) * - sizeof(**encoded_pubkey_arr)); - if (tmp_pkt == NULL) + tmp_pkt = OPENSSL_realloc(*encoded_pubkey_arr, + (*keyshares_max + GROUPLIST_INCREMENT) * sizeof(**encoded_pubkey_arr)); + if (tmp_pkt == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto failure; + } + *encoded_pubkey_arr = tmp_pkt; *keyshares_max += GROUPLIST_INCREMENT; } - } return EXTRACTION_SUCCESS; @@ -786,10 +784,10 @@ failure: */ #ifndef OPENSSL_NO_TLS1_3 static void check_overlap(SSL_CONNECTION *s, - const uint16_t *prio_groups, size_t prio_num_groups, - const uint16_t *candidate_groups, size_t candidate_num_groups, - int *prio_group_idx, int *candidate_group_idx, - uint16_t *selected_group) + const uint16_t *prio_groups, size_t prio_num_groups, + const uint16_t *candidate_groups, size_t candidate_num_groups, + int *prio_group_idx, int *candidate_group_idx, + uint16_t *selected_group) { uint16_t current_group; size_t group_idx = prio_num_groups; @@ -801,11 +799,11 @@ static void check_overlap(SSL_CONNECTION *s, for (current_group = 0; current_group < candidate_num_groups; current_group++) { if (!check_in_list(s, candidate_groups[current_group], prio_groups, - prio_num_groups, 1, &new_group_idx) + prio_num_groups, 1, &new_group_idx) || !tls_group_allowed(s, candidate_groups[current_group], - SSL_SECOP_CURVE_SUPPORTED) + SSL_SECOP_CURVE_SUPPORTED) || !tls_valid_group(s, candidate_groups[current_group], TLS1_3_VERSION, - TLS1_3_VERSION, 0, NULL)) + TLS1_3_VERSION, 0, NULL)) /* No overlap or group not suitable, check next group */ continue; @@ -824,7 +822,7 @@ static void check_overlap(SSL_CONNECTION *s, #endif int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, X509 *x, size_t chainidx) + unsigned int context, X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 PACKET key_share_list; @@ -870,7 +868,7 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, * extension. */ SSLfatal(s, SSL_AD_MISSING_EXTENSION, - SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION); + SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION); return 0; } @@ -886,11 +884,11 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, /* We parse the key share extension and memorize the entries (after some checks) */ ks_extraction_result = extract_keyshares(s, - &key_share_list, - clntgroups, clnt_num_groups, - srvrgroups, srvr_num_groups, - &keyshares_arr, &encoded_pubkey_arr, - &keyshares_cnt, &keyshares_max); + &key_share_list, + clntgroups, clnt_num_groups, + srvrgroups, srvr_num_groups, + &keyshares_arr, &encoded_pubkey_arr, + &keyshares_cnt, &keyshares_max); if (ks_extraction_result == EXTRACTION_FAILURE) /* Fatal error during tests */ return 0; /* Memory already freed and SSLfatal already called */ @@ -898,7 +896,7 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, goto end; /* - * We now have the folowing lists available to make a decision for + * We now have the following lists available to make a decision for * which group the server should use for key exchange : * From client: clntgroups[clnt_num_groups], * keyshares_arr[keyshares_cnt], encoded_pubkey_arr[keyshares_cnt] @@ -924,13 +922,13 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, /* Server preference */ /* Is there overlap with a key share group? */ check_overlap(s, - first_group_in_tuple, number_of_groups_in_tuple, - keyshares_arr, keyshares_cnt, - &prio_group_idx, &candidate_group_idx, - &group_id_candidate); + first_group_in_tuple, number_of_groups_in_tuple, + keyshares_arr, keyshares_cnt, + &prio_group_idx, &candidate_group_idx, + &group_id_candidate); if (group_id_candidate > 0) { /* Overlap found -> accept the key share group */ if (!tls_accept_ksgroup(s, group_id_candidate, - &encoded_pubkey_arr[candidate_group_idx])) + &encoded_pubkey_arr[candidate_group_idx])) goto err; /* SSLfatal already called */ /* We have all info for a SH, hence we're done here */ goto end; @@ -940,10 +938,10 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, * supported_group overlapping with the current tuple? */ check_overlap(s, - first_group_in_tuple, number_of_groups_in_tuple, - clntgroups, clnt_num_groups, - &prio_group_idx, &candidate_group_idx, - &group_id_candidate); + first_group_in_tuple, number_of_groups_in_tuple, + clntgroups, clnt_num_groups, + &prio_group_idx, &candidate_group_idx, + &group_id_candidate); if (group_id_candidate > 0) { /* * We did not have a key share overlap, but at least the supported @@ -964,20 +962,20 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, } else { /* We have client preference */ check_overlap(s, - keyshares_arr, keyshares_cnt, - first_group_in_tuple, number_of_groups_in_tuple, - &prio_group_idx, &candidate_group_idx, - &group_id_candidate); + keyshares_arr, keyshares_cnt, + first_group_in_tuple, number_of_groups_in_tuple, + &prio_group_idx, &candidate_group_idx, + &group_id_candidate); if (group_id_candidate > 0) { if (!tls_accept_ksgroup(s, group_id_candidate, &encoded_pubkey_arr[prio_group_idx])) goto err; goto end; } else { check_overlap(s, - clntgroups, clnt_num_groups, - first_group_in_tuple, number_of_groups_in_tuple, - &prio_group_idx, &candidate_group_idx, - &group_id_candidate); + clntgroups, clnt_num_groups, + first_group_in_tuple, number_of_groups_in_tuple, + &prio_group_idx, &candidate_group_idx, + &group_id_candidate); if (group_id_candidate > 0) { s->s3.group_id_candidate = group_id_candidate; goto end; @@ -1003,7 +1001,7 @@ err: } int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned int format, version, key_share, group_id; @@ -1021,7 +1019,7 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, /* Ignore any cookie if we're not set up to verify it */ if (sctx->verify_stateless_cookie_cb == NULL - || (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) + || (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) return 1; if (!PACKET_as_length_prefixed_2(pkt, &cookie)) { @@ -1033,7 +1031,7 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, data = PACKET_data(&raw); rawlen = PACKET_remaining(&raw); if (rawlen < SHA256_DIGEST_LENGTH - || !PACKET_forward(&raw, rawlen - SHA256_DIGEST_LENGTH)) { + || !PACKET_forward(&raw, rawlen - SHA256_DIGEST_LENGTH)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -1042,9 +1040,9 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, /* Verify the HMAC of the cookie */ hctx = EVP_MD_CTX_create(); pkey = EVP_PKEY_new_raw_private_key_ex(sctx->libctx, "HMAC", - sctx->propq, - s->session_ctx->ext.cookie_hmac_key, - sizeof(s->session_ctx->ext.cookie_hmac_key)); + sctx->propq, + s->session_ctx->ext.cookie_hmac_key, + sizeof(s->session_ctx->ext.cookie_hmac_key)); if (hctx == NULL || pkey == NULL) { EVP_MD_CTX_free(hctx); EVP_PKEY_free(pkey); @@ -1054,10 +1052,12 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, hmaclen = SHA256_DIGEST_LENGTH; if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", sctx->libctx, - sctx->propq, pkey, NULL) <= 0 - || EVP_DigestSign(hctx, hmac, &hmaclen, data, - rawlen - SHA256_DIGEST_LENGTH) <= 0 - || hmaclen != SHA256_DIGEST_LENGTH) { + sctx->propq, pkey, NULL) + <= 0 + || EVP_DigestSign(hctx, hmac, &hmaclen, data, + rawlen - SHA256_DIGEST_LENGTH) + <= 0 + || hmaclen != SHA256_DIGEST_LENGTH) { EVP_MD_CTX_free(hctx); EVP_PKEY_free(pkey); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1092,7 +1092,7 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, } if (version != TLS1_3_VERSION) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_BAD_PROTOCOL_VERSION_NUMBER); + SSL_R_BAD_PROTOCOL_VERSION_NUMBER); return 0; } @@ -1107,8 +1107,8 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, return 0; } if (group_id != s->s3.group_id - || s->s3.tmp.new_cipher - != ssl_get_cipher_by_char(s, ciphdata, 0)) { + || s->s3.tmp.new_cipher + != ssl_get_cipher_by_char(s, ciphdata, 0)) { /* * We chose a different cipher or group id this time around to what is * in the cookie. Something must have changed. @@ -1118,10 +1118,10 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, } if (!PACKET_get_1(&cookie, &key_share) - || !PACKET_get_net_8(&cookie, &tm) - || !PACKET_get_length_prefixed_2(&cookie, &chhash) - || !PACKET_get_length_prefixed_1(&cookie, &appcookie) - || PACKET_remaining(&cookie) != SHA256_DIGEST_LENGTH) { + || !PACKET_get_net_8(&cookie, &tm) + || !PACKET_get_length_prefixed_2(&cookie, &chhash) + || !PACKET_get_length_prefixed_1(&cookie, &appcookie) + || PACKET_remaining(&cookie) != SHA256_DIGEST_LENGTH) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return 0; } @@ -1135,8 +1135,9 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, /* Verify the app cookie */ if (sctx->verify_stateless_cookie_cb(SSL_CONNECTION_GET_USER_SSL(s), - PACKET_data(&appcookie), - PACKET_remaining(&appcookie)) == 0) { + PACKET_data(&appcookie), + PACKET_remaining(&appcookie)) + == 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_COOKIE_MISMATCH); return 0; } @@ -1151,45 +1152,45 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, return 0; } if (!WPACKET_put_bytes_u8(&hrrpkt, SSL3_MT_SERVER_HELLO) - || !WPACKET_start_sub_packet_u24(&hrrpkt) - || !WPACKET_put_bytes_u16(&hrrpkt, TLS1_2_VERSION) - || !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE) - || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id, - s->tmp_session_id_len) - || !ssl->method->put_cipher_by_char(s->s3.tmp.new_cipher, &hrrpkt, - &ciphlen) - || !WPACKET_put_bytes_u8(&hrrpkt, 0) - || !WPACKET_start_sub_packet_u16(&hrrpkt)) { + || !WPACKET_start_sub_packet_u24(&hrrpkt) + || !WPACKET_put_bytes_u16(&hrrpkt, TLS1_2_VERSION) + || !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE) + || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id, + s->tmp_session_id_len) + || !ssl->method->put_cipher_by_char(s->s3.tmp.new_cipher, &hrrpkt, + &ciphlen) + || !WPACKET_put_bytes_u8(&hrrpkt, 0) + || !WPACKET_start_sub_packet_u16(&hrrpkt)) { WPACKET_cleanup(&hrrpkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions) - || !WPACKET_start_sub_packet_u16(&hrrpkt) - || !WPACKET_put_bytes_u16(&hrrpkt, s->version) - || !WPACKET_close(&hrrpkt)) { + || !WPACKET_start_sub_packet_u16(&hrrpkt) + || !WPACKET_put_bytes_u16(&hrrpkt, s->version) + || !WPACKET_close(&hrrpkt)) { WPACKET_cleanup(&hrrpkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } if (key_share) { if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_key_share) - || !WPACKET_start_sub_packet_u16(&hrrpkt) - || !WPACKET_put_bytes_u16(&hrrpkt, s->s3.group_id) - || !WPACKET_close(&hrrpkt)) { + || !WPACKET_start_sub_packet_u16(&hrrpkt) + || !WPACKET_put_bytes_u16(&hrrpkt, s->s3.group_id) + || !WPACKET_close(&hrrpkt)) { WPACKET_cleanup(&hrrpkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } } if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_cookie) - || !WPACKET_start_sub_packet_u16(&hrrpkt) - || !WPACKET_sub_memcpy_u16(&hrrpkt, data, rawlen) - || !WPACKET_close(&hrrpkt) /* cookie extension */ - || !WPACKET_close(&hrrpkt) /* extension block */ - || !WPACKET_close(&hrrpkt) /* message */ - || !WPACKET_get_total_written(&hrrpkt, &hrrlen) - || !WPACKET_finish(&hrrpkt)) { + || !WPACKET_start_sub_packet_u16(&hrrpkt) + || !WPACKET_sub_memcpy_u16(&hrrpkt, data, rawlen) + || !WPACKET_close(&hrrpkt) /* cookie extension */ + || !WPACKET_close(&hrrpkt) /* extension block */ + || !WPACKET_close(&hrrpkt) /* message */ + || !WPACKET_get_total_written(&hrrpkt, &hrrlen) + || !WPACKET_finish(&hrrpkt)) { WPACKET_cleanup(&hrrpkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -1197,8 +1198,8 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, /* Reconstruct the transcript hash */ if (!create_synthetic_message_hash(s, PACKET_data(&chhash), - PACKET_remaining(&chhash), hrr, - hrrlen)) { + PACKET_remaining(&chhash), hrr, + hrrlen)) { /* SSLfatal() already called */ return 0; } @@ -1213,15 +1214,15 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, } int tls_parse_ctos_supported_groups(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { PACKET supported_groups_list; /* Each group is 2 bytes and we must have at least 1. */ if (!PACKET_as_length_prefixed_2(pkt, &supported_groups_list) - || PACKET_remaining(&supported_groups_list) == 0 - || (PACKET_remaining(&supported_groups_list) % 2) != 0) { + || PACKET_remaining(&supported_groups_list) == 0 + || (PACKET_remaining(&supported_groups_list) % 2) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } @@ -1231,8 +1232,8 @@ int tls_parse_ctos_supported_groups(SSL_CONNECTION *s, PACKET *pkt, s->ext.peer_supportedgroups = NULL; s->ext.peer_supportedgroups_len = 0; if (!tls1_save_u16(&supported_groups_list, - &s->ext.peer_supportedgroups, - &s->ext.peer_supportedgroups_len)) { + &s->ext.peer_supportedgroups, + &s->ext.peer_supportedgroups_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1242,7 +1243,7 @@ int tls_parse_ctos_supported_groups(SSL_CONNECTION *s, PACKET *pkt, } int tls_parse_ctos_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { /* The extension must always be empty */ if (PACKET_remaining(pkt) != 0) { @@ -1258,9 +1259,8 @@ int tls_parse_ctos_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, return 1; } - int tls_parse_ctos_early_data(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); @@ -1276,25 +1276,25 @@ int tls_parse_ctos_early_data(SSL_CONNECTION *s, PACKET *pkt, unsigned int conte } static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL_CONNECTION *s, PACKET *tick, - SSL_SESSION **sess) + SSL_SESSION **sess) { SSL_SESSION *tmpsess = NULL; s->ext.ticket_expected = 1; switch (PACKET_remaining(tick)) { - case 0: - return SSL_TICKET_EMPTY; + case 0: + return SSL_TICKET_EMPTY; - case SSL_MAX_SSL_SESSION_ID_LENGTH: - break; + case SSL_MAX_SSL_SESSION_ID_LENGTH: + break; - default: - return SSL_TICKET_NO_DECRYPT; + default: + return SSL_TICKET_NO_DECRYPT; } tmpsess = lookup_sess_in_cache(s, PACKET_data(tick), - SSL_MAX_SSL_SESSION_ID_LENGTH); + SSL_MAX_SSL_SESSION_ID_LENGTH); if (tmpsess == NULL) return SSL_TICKET_NO_DECRYPT; @@ -1304,7 +1304,7 @@ static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL_CONNECTION *s, PACKET *tick } int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { PACKET identities, binders, binder; size_t binderoffset; @@ -1320,7 +1320,8 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, * ignore this extension */ if ((s->ext.psk_kex_mode - & (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) == 0) + & (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) + == 0) return 1; if (!PACKET_get_length_prefixed_2(pkt, &identities)) { @@ -1335,23 +1336,23 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, size_t idlen; if (!PACKET_get_length_prefixed_2(&identities, &identity) - || !PACKET_get_net_4(&identities, &ticket_agel)) { + || !PACKET_get_net_4(&identities, &ticket_agel)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } idlen = PACKET_remaining(&identity); if (s->psk_find_session_cb != NULL - && !s->psk_find_session_cb(ussl, PACKET_data(&identity), idlen, - &sess)) { + && !s->psk_find_session_cb(ussl, PACKET_data(&identity), idlen, + &sess)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_EXTENSION); return 0; } #ifndef OPENSSL_NO_PSK if (sess == NULL - && s->psk_server_callback != NULL - && idlen <= PSK_MAX_IDENTITY_LEN) { + && s->psk_server_callback != NULL + && idlen <= PSK_MAX_IDENTITY_LEN) { char *pskid = NULL; unsigned char pskdata[PSK_MAX_PSK_LEN]; unsigned int pskdatalen; @@ -1361,7 +1362,7 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, return 0; } pskdatalen = s->psk_server_callback(ussl, pskid, pskdata, - sizeof(pskdata)); + sizeof(pskdata)); OPENSSL_free(pskid); if (pskdatalen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1375,7 +1376,7 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, * the digest so we default to SHA256 as per the TLSv1.3 spec */ cipher = SSL_CIPHER_find(SSL_CONNECTION_GET_SSL(s), - tls13_aes128gcmsha256_id); + tls13_aes128gcmsha256_id); if (cipher == NULL) { OPENSSL_cleanse(pskdata, pskdatalen); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1384,11 +1385,11 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, sess = SSL_SESSION_new(); if (sess == NULL - || !SSL_SESSION_set1_master_key(sess, pskdata, - pskdatalen) - || !SSL_SESSION_set_cipher(sess, cipher) - || !SSL_SESSION_set_protocol_version(sess, - TLS1_3_VERSION)) { + || !SSL_SESSION_set1_master_key(sess, pskdata, + pskdatalen) + || !SSL_SESSION_set_cipher(sess, cipher) + || !SSL_SESSION_set_protocol_version(sess, + TLS1_3_VERSION)) { OPENSSL_cleanse(pskdata, pskdatalen); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -1429,13 +1430,13 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, * is no point in using full stateless tickets. */ if ((s->options & SSL_OP_NO_TICKET) != 0 - || (s->max_early_data > 0 - && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)) + || (s->max_early_data > 0 + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)) ret = tls_get_stateful_ticket(s, &identity, &sess); else ret = tls_decrypt_ticket(s, PACKET_data(&identity), - PACKET_remaining(&identity), NULL, 0, - &sess); + PACKET_remaining(&identity), NULL, 0, + &sess); if (ret == SSL_TICKET_EMPTY) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); @@ -1443,7 +1444,7 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, } if (ret == SSL_TICKET_FATAL_ERR_MALLOC - || ret == SSL_TICKET_FATAL_ERR_OTHER) { + || ret == SSL_TICKET_FATAL_ERR_OTHER) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -1452,15 +1453,15 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, /* Check for replay */ if (s->max_early_data > 0 - && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0 - && !SSL_CTX_remove_session(s->session_ctx, sess)) { + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0 + && !SSL_CTX_remove_session(s->session_ctx, sess)) { SSL_SESSION_free(sess); sess = NULL; continue; } age = ossl_time_subtract(ossl_ms2time(ticket_agel), - ossl_ms2time(sess->ext.tick_age_add)); + ossl_ms2time(sess->ext.tick_age_add)); t = ossl_time_subtract(ossl_time_now(), sess->time); /* @@ -1475,10 +1476,11 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, expire = ossl_time_add(t, ossl_ms2time(1000)); if (id == 0 - && ossl_time_compare(sess->timeout, t) >= 0 - && ossl_time_compare(age, expire) <= 0 - && ossl_time_compare(ossl_time_add(age, TICKET_AGE_ALLOWANCE), - expire) >= 0) { + && ossl_time_compare(sess->timeout, t) >= 0 + && ossl_time_compare(age, expire) <= 0 + && ossl_time_compare(ossl_time_add(age, TICKET_AGE_ALLOWANCE), + expire) + >= 0) { /* * Ticket age is within tolerance and not expired. We allow it * for early data @@ -1494,7 +1496,7 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, } if (!EVP_MD_is_a(md, EVP_MD_get0_name(ssl_md(sctx, - s->s3.tmp.new_cipher->algorithm2)))) { + s->s3.tmp.new_cipher->algorithm2)))) { /* The ciphersuite is not compatible with this session. */ SSL_SESSION_free(sess); sess = NULL; @@ -1530,8 +1532,9 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, goto err; } if (tls_psk_do_binder(s, md, (const unsigned char *)s->init_buf->data, - binderoffset, PACKET_data(&binder), NULL, sess, 0, - ext) != 1) { + binderoffset, PACKET_data(&binder), NULL, sess, 0, + ext) + != 1) { /* SSLfatal() already called */ goto err; } @@ -1547,13 +1550,13 @@ err: } int tls_parse_ctos_post_handshake_auth(SSL_CONNECTION *s, PACKET *pkt, - ossl_unused unsigned int context, - ossl_unused X509 *x, - ossl_unused size_t chainidx) + ossl_unused unsigned int context, + ossl_unused X509 *x, + ossl_unused size_t chainidx) { if (PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, - SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR); + SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR); return 0; } @@ -1566,22 +1569,22 @@ int tls_parse_ctos_post_handshake_auth(SSL_CONNECTION *s, PACKET *pkt, * Add the server's renegotiation binding */ EXT_RETURN tls_construct_stoc_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (!s->s3.send_connection_binding) return EXT_RETURN_NOT_SENT; /* Still add this even if SSL_OP_NO_RENEGOTIATION is set */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u8(pkt) - || !WPACKET_memcpy(pkt, s->s3.previous_client_finished, - s->s3.previous_client_finished_len) - || !WPACKET_memcpy(pkt, s->s3.previous_server_finished, - s->s3.previous_server_finished_len) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt) + || !WPACKET_memcpy(pkt, s->s3.previous_client_finished, + s->s3.previous_client_finished_len) + || !WPACKET_memcpy(pkt, s->s3.previous_server_finished, + s->s3.previous_server_finished_len) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1590,8 +1593,8 @@ EXT_RETURN tls_construct_stoc_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_server_name(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (s->servername_done != 1) return EXT_RETURN_NOT_SENT; @@ -1604,7 +1607,7 @@ EXT_RETURN tls_construct_stoc_server_name(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1614,8 +1617,8 @@ EXT_RETURN tls_construct_stoc_server_name(SSL_CONNECTION *s, WPACKET *pkt, /* Add/include the server's max fragment len extension into ServerHello */ EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (!USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) return EXT_RETURN_NOT_SENT; @@ -1636,13 +1639,13 @@ EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; unsigned long alg_a = s->s3.tmp.new_cipher->algorithm_auth; int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) - && (s->ext.peer_ecpointformats != NULL); + && (s->ext.peer_ecpointformats != NULL); const unsigned char *plist; size_t plistlen; @@ -1651,9 +1654,9 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, tls1_get_formatlist(s, &plist, &plistlen); if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, plist, plistlen) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, plist, plistlen) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1662,8 +1665,8 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { const uint16_t *groups; size_t numgroups, i, first = 1; @@ -1686,7 +1689,7 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, uint16_t group = groups[i]; if (tls_valid_group(s, group, version, version, 0, NULL) - && tls_group_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) { + && tls_group_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) { if (first) { /* * Check if the client is already using our preferred group. If @@ -1697,9 +1700,9 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, /* Add extension header */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups) - /* Sub-packet for supported_groups extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt)) { + /* Sub-packet for supported_groups extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1707,9 +1710,9 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, first = 0; } if (!WPACKET_put_bytes_u16(pkt, group)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } } } @@ -1722,8 +1725,8 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (!s->ext.ticket_expected || !tls_use_ticket(s)) { s->ext.ticket_expected = 0; @@ -1731,7 +1734,7 @@ EXT_RETURN tls_construct_stoc_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1741,8 +1744,8 @@ EXT_RETURN tls_construct_stoc_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, #ifndef OPENSSL_NO_OCSP EXT_RETURN tls_construct_stoc_status_request(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { /* We don't currently support this extension inside a CertificateRequest */ if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) @@ -1755,7 +1758,7 @@ EXT_RETURN tls_construct_stoc_status_request(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request) - || !WPACKET_start_sub_packet_u16(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1766,8 +1769,8 @@ EXT_RETURN tls_construct_stoc_status_request(SSL_CONNECTION *s, WPACKET *pkt, * separate message */ if (SSL_CONNECTION_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt)) { - /* SSLfatal() already called */ - return EXT_RETURN_FAIL; + /* SSLfatal() already called */ + return EXT_RETURN_FAIL; } if (!WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1780,8 +1783,8 @@ EXT_RETURN tls_construct_stoc_status_request(SSL_CONNECTION *s, WPACKET *pkt, #ifndef OPENSSL_NO_NEXTPROTONEG EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { const unsigned char *npa; unsigned int npalen; @@ -1794,10 +1797,10 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; ret = sctx->ext.npn_advertised_cb(SSL_CONNECTION_GET_USER_SSL(s), &npa, - &npalen, sctx->ext.npn_advertised_cb_arg); + &npalen, sctx->ext.npn_advertised_cb_arg); if (ret == SSL_TLSEXT_ERR_OK) { if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg) - || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) { + || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1810,19 +1813,19 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt, #endif EXT_RETURN tls_construct_stoc_alpn(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) + X509 *x, size_t chainidx) { if (s->s3.alpn_selected == NULL) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, - TLSEXT_TYPE_application_layer_protocol_negotiation) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, s->s3.alpn_selected, - s->s3.alpn_selected_len) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + TLSEXT_TYPE_application_layer_protocol_negotiation) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, s->s3.alpn_selected, + s->s3.alpn_selected_len) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1832,18 +1835,18 @@ EXT_RETURN tls_construct_stoc_alpn(SSL_CONNECTION *s, WPACKET *pkt, unsigned int #ifndef OPENSSL_NO_SRTP EXT_RETURN tls_construct_stoc_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (s->srtp_profile == NULL) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, 2) - || !WPACKET_put_bytes_u16(pkt, s->srtp_profile->id) - || !WPACKET_put_bytes_u8(pkt, 0) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, 2) + || !WPACKET_put_bytes_u16(pkt, s->srtp_profile->id) + || !WPACKET_put_bytes_u8(pkt, 0) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1853,8 +1856,8 @@ EXT_RETURN tls_construct_stoc_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, #endif EXT_RETURN tls_construct_stoc_etm(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { if (!s->ext.use_etm) return EXT_RETURN_NOT_SENT; @@ -1874,7 +1877,7 @@ EXT_RETURN tls_construct_stoc_etm(SSL_CONNECTION *s, WPACKET *pkt, } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1883,14 +1886,14 @@ EXT_RETURN tls_construct_stoc_etm(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1899,8 +1902,8 @@ EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_supported_versions(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (!ossl_assert(SSL_CONNECTION_IS_TLS13(s))) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1908,9 +1911,9 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL_CONNECTION *s, WPACKET *pkt } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->version) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->version) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1919,8 +1922,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL_CONNECTION *s, WPACKET *pkt } EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned char *encoded_pubkey; @@ -1934,9 +1937,9 @@ EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1964,14 +1967,15 @@ EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->s3.group_id)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->s3.group_id)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } if ((ginf = tls1_group_id_lookup(SSL_CONNECTION_GET_CTX(s), - s->s3.group_id)) == NULL) { + s->s3.group_id)) + == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -1993,7 +1997,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, } if (!WPACKET_sub_memcpy_u16(pkt, encoded_pubkey, encoded_pubkey_len) - || !WPACKET_close(pkt)) { + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); EVP_PKEY_free(skey); OPENSSL_free(encoded_pubkey); @@ -2032,7 +2036,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, } if (!WPACKET_sub_memcpy_u16(pkt, ct, ctlen) - || !WPACKET_close(pkt)) { + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); OPENSSL_free(ct); return EXT_RETURN_FAIL; @@ -2055,8 +2059,8 @@ EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 unsigned char *hashval1, *hashval2, *appcookie1, *appcookie2, *cookie; @@ -2078,20 +2082,20 @@ EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_get_total_written(pkt, &startlen) - || !WPACKET_reserve_bytes(pkt, MAX_COOKIE_SIZE, &cookie) - || !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION) - || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION) - || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) - || !ssl->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, - &ciphlen) - /* Is there a key_share extension present in this HRR? */ - || !WPACKET_put_bytes_u8(pkt, s->s3.peer_tmp == NULL) - || !WPACKET_put_bytes_u64(pkt, time(NULL)) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &hashval1)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_get_total_written(pkt, &startlen) + || !WPACKET_reserve_bytes(pkt, MAX_COOKIE_SIZE, &cookie) + || !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION) + || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION) + || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) + || !ssl->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, + &ciphlen) + /* Is there a key_share extension present in this HRR? */ + || !WPACKET_put_bytes_u8(pkt, s->s3.peer_tmp == NULL) + || !WPACKET_put_bytes_u64(pkt, time(NULL)) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &hashval1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -2102,32 +2106,33 @@ EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, * subsequently allocate them (below) */ if (!ssl3_digest_cached_records(s, 0) - || !ssl_handshake_hash(s, hashval1, EVP_MAX_MD_SIZE, &hashlen)) { + || !ssl_handshake_hash(s, hashval1, EVP_MAX_MD_SIZE, &hashlen)) { /* SSLfatal() already called */ return EXT_RETURN_FAIL; } if (!WPACKET_allocate_bytes(pkt, hashlen, &hashval2) - || !ossl_assert(hashval1 == hashval2) - || !WPACKET_close(pkt) - || !WPACKET_start_sub_packet_u8(pkt) - || !WPACKET_reserve_bytes(pkt, SSL_COOKIE_LENGTH, &appcookie1)) { + || !ossl_assert(hashval1 == hashval2) + || !WPACKET_close(pkt) + || !WPACKET_start_sub_packet_u8(pkt) + || !WPACKET_reserve_bytes(pkt, SSL_COOKIE_LENGTH, &appcookie1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } /* Generate the application cookie */ if (sctx->gen_stateless_cookie_cb(ussl, appcookie1, - &appcookielen) == 0) { + &appcookielen) + == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); return EXT_RETURN_FAIL; } if (!WPACKET_allocate_bytes(pkt, appcookielen, &appcookie2) - || !ossl_assert(appcookie1 == appcookie2) - || !WPACKET_close(pkt) - || !WPACKET_get_total_written(pkt, &totcookielen) - || !WPACKET_reserve_bytes(pkt, SHA256_DIGEST_LENGTH, &hmac)) { + || !ossl_assert(appcookie1 == appcookie2) + || !WPACKET_close(pkt) + || !WPACKET_get_total_written(pkt, &totcookielen) + || !WPACKET_reserve_bytes(pkt, SHA256_DIGEST_LENGTH, &hmac)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -2142,18 +2147,20 @@ EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, /* HMAC the cookie */ hctx = EVP_MD_CTX_create(); pkey = EVP_PKEY_new_raw_private_key_ex(sctx->libctx, "HMAC", - sctx->propq, - s->session_ctx->ext.cookie_hmac_key, - sizeof(s->session_ctx->ext.cookie_hmac_key)); + sctx->propq, + s->session_ctx->ext.cookie_hmac_key, + sizeof(s->session_ctx->ext.cookie_hmac_key)); if (hctx == NULL || pkey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", sctx->libctx, - sctx->propq, pkey, NULL) <= 0 - || EVP_DigestSign(hctx, hmac, &hmaclen, cookie, - totcookielen) <= 0) { + sctx->propq, pkey, NULL) + <= 0 + || EVP_DigestSign(hctx, hmac, &hmaclen, cookie, + totcookielen) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2164,17 +2171,17 @@ EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, } if (!WPACKET_allocate_bytes(pkt, hmaclen, &hmac2) - || !ossl_assert(hmac == hmac2) - || !ossl_assert(cookie == hmac - totcookielen) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { + || !ossl_assert(hmac == hmac2) + || !ossl_assert(cookie == hmac - totcookielen) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } ret = EXT_RETURN_SENT; - err: +err: EVP_MD_CTX_free(hctx); EVP_PKEY_free(pkey); return ret; @@ -2184,12 +2191,12 @@ EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { const unsigned char cryptopro_ext[36] = { - 0xfd, 0xe8, /* 65000 */ - 0x00, 0x20, /* 32 bytes length */ + 0xfd, 0xe8, /* 65000 */ + 0x00, 0x20, /* 32 bytes length */ 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, @@ -2197,9 +2204,10 @@ EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL_CONNECTION *s, WPACKET *pkt, }; if (((s->s3.tmp.new_cipher->id & 0xFFFF) != 0x80 - && (s->s3.tmp.new_cipher->id & 0xFFFF) != 0x81) - || (SSL_get_options(SSL_CONNECTION_GET_SSL(s)) - & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0) + && (s->s3.tmp.new_cipher->id & 0xFFFF) != 0x81) + || (SSL_get_options(SSL_CONNECTION_GET_SSL(s)) + & SSL_OP_CRYPTOPRO_TLSEXT_BUG) + == 0) return EXT_RETURN_NOT_SENT; if (!WPACKET_memcpy(pkt, cryptopro_ext, sizeof(cryptopro_ext))) { @@ -2211,17 +2219,17 @@ EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_early_data(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) + unsigned int context, X509 *x, + size_t chainidx) { if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) { if (s->max_early_data == 0) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u32(pkt, s->max_early_data) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u32(pkt, s->max_early_data) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -2233,8 +2241,8 @@ EXT_RETURN tls_construct_stoc_early_data(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -2243,16 +2251,16 @@ EXT_RETURN tls_construct_stoc_early_data(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_psk(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { if (!s->hit) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->ext.tick_identity) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->ext.tick_identity) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -2261,8 +2269,8 @@ EXT_RETURN tls_construct_stoc_psk(SSL_CONNECTION *s, WPACKET *pkt, } EXT_RETURN tls_construct_stoc_client_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { if (sc->ext.client_cert_type_ctos == OSSL_CERT_TYPE_CTOS_ERROR && (send_certificate_request(sc) @@ -2282,8 +2290,8 @@ EXT_RETURN tls_construct_stoc_client_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, * but TLSv1.3 could do a PHA request if the client supports it */ if ((!send_certificate_request(sc) && sc->post_handshake_auth != SSL_PHA_EXT_RECEIVED) - || sc->ext.client_cert_type_ctos != OSSL_CERT_TYPE_CTOS_GOOD - || sc->client_cert_type == NULL) { + || sc->ext.client_cert_type_ctos != OSSL_CERT_TYPE_CTOS_GOOD + || sc->client_cert_type == NULL) { /* if we don't send it, reset to TLSEXT_cert_type_x509 */ sc->ext.client_cert_type_ctos = OSSL_CERT_TYPE_CTOS_NONE; sc->ext.client_cert_type = TLSEXT_cert_type_x509; @@ -2291,9 +2299,9 @@ EXT_RETURN tls_construct_stoc_client_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_client_cert_type) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u8(pkt, sc->ext.client_cert_type) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, sc->ext.client_cert_type) + || !WPACKET_close(pkt)) { SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -2302,8 +2310,8 @@ EXT_RETURN tls_construct_stoc_client_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, /* One of |pref|, |other| is configured and the values are sanitized */ static int reconcile_cert_type(const unsigned char *pref, size_t pref_len, - const unsigned char *other, size_t other_len, - uint8_t *chosen_cert_type) + const unsigned char *other, size_t other_len, + uint8_t *chosen_cert_type) { size_t i; @@ -2317,8 +2325,8 @@ static int reconcile_cert_type(const unsigned char *pref, size_t pref_len, } int tls_parse_ctos_client_cert_type(SSL_CONNECTION *sc, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { PACKET supported_cert_types; const unsigned char *data; @@ -2348,23 +2356,23 @@ int tls_parse_ctos_client_cert_type(SSL_CONNECTION *sc, PACKET *pkt, } /* client_cert_type: client (peer) has priority */ sc->ext.client_cert_type_ctos = reconcile_cert_type(data, len, - sc->client_cert_type, sc->client_cert_type_len, - &sc->ext.client_cert_type); + sc->client_cert_type, sc->client_cert_type_len, + &sc->ext.client_cert_type); /* Ignore the error until sending - so we can check cert auth*/ return 1; } EXT_RETURN tls_construct_stoc_server_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { if (sc->ext.server_cert_type == TLSEXT_cert_type_x509) { sc->ext.server_cert_type_ctos = OSSL_CERT_TYPE_CTOS_NONE; return EXT_RETURN_NOT_SENT; } if (sc->ext.server_cert_type_ctos != OSSL_CERT_TYPE_CTOS_GOOD - || sc->server_cert_type == NULL) { + || sc->server_cert_type == NULL) { /* if we don't send it, reset to TLSEXT_cert_type_x509 */ sc->ext.server_cert_type_ctos = OSSL_CERT_TYPE_CTOS_NONE; sc->ext.server_cert_type = TLSEXT_cert_type_x509; @@ -2372,9 +2380,9 @@ EXT_RETURN tls_construct_stoc_server_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_cert_type) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u8(pkt, sc->ext.server_cert_type) - || !WPACKET_close(pkt)) { + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, sc->ext.server_cert_type) + || !WPACKET_close(pkt)) { SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } @@ -2382,8 +2390,8 @@ EXT_RETURN tls_construct_stoc_server_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, } int tls_parse_ctos_server_cert_type(SSL_CONNECTION *sc, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) + unsigned int context, + X509 *x, size_t chainidx) { PACKET supported_cert_types; const unsigned char *data; @@ -2411,8 +2419,8 @@ int tls_parse_ctos_server_cert_type(SSL_CONNECTION *sc, PACKET *pkt, } /* server_cert_type: server (this) has priority */ sc->ext.server_cert_type_ctos = reconcile_cert_type(sc->server_cert_type, sc->server_cert_type_len, - data, len, - &sc->ext.server_cert_type); + data, len, + &sc->ext.server_cert_type); if (sc->ext.server_cert_type_ctos == OSSL_CERT_TYPE_CTOS_GOOD) return 1; diff --git a/crypto/openssl/ssl/statem/statem.c b/crypto/openssl/ssl/statem/statem.c index 05b491c3956a..3342cb06d208 100644 --- a/crypto/openssl/ssl/statem/statem.c +++ b/crypto/openssl/ssl/statem/statem.c @@ -10,8 +10,8 @@ #include "internal/e_os.h" #if defined(__TANDEM) && defined(_SPT_MODEL_) -# include <spthread.h> -# include <spt_extensions.h> /* timeval */ +#include <spthread.h> +#include <spt_extensions.h> /* timeval */ #endif #include "internal/cryptlib.h" @@ -148,7 +148,7 @@ void ossl_statem_send_fatal(SSL_CONNECTION *s, int al) { /* We shouldn't call SSLfatal() twice. Once is enough */ if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR) - return; + return; ossl_statem_set_in_init(s, 1); s->statem.state = MSG_FLOW_ERROR; if (al != SSL_AD_NO_ALERT) @@ -162,7 +162,7 @@ void ossl_statem_send_fatal(SSL_CONNECTION *s, int al) * This is a permanent error for the current connection. */ void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason, - const char *fmt, ...) + const char *fmt, ...) { va_list args; @@ -178,10 +178,10 @@ void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason, * a fatal error state. We verify that we are, and set it if not (this would * indicate a bug). */ -#define check_fatal(s) \ - do { \ - if (!ossl_assert((s)->statem.in_init \ - && (s)->statem.state == MSG_FLOW_ERROR)) \ +#define check_fatal(s) \ + do { \ + if (!ossl_assert((s)->statem.in_init \ + && (s)->statem.state == MSG_FLOW_ERROR)) \ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_FATAL); \ } while (0) @@ -227,8 +227,8 @@ int ossl_statem_skip_early_data(SSL_CONNECTION *s) return 0; if (!s->server - || s->statem.hand_state != TLS_ST_EARLY_DATA - || s->hello_retry_request == SSL_HRR_COMPLETE) + || s->statem.hand_state != TLS_ST_EARLY_DATA + || s->hello_retry_request == SSL_HRR_COMPLETE) return 0; return 1; @@ -246,7 +246,7 @@ int ossl_statem_check_finish_init(SSL_CONNECTION *s, int sending) { if (sending == -1) { if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END - || s->statem.hand_state == TLS_ST_EARLY_DATA) { + || s->statem.hand_state == TLS_ST_EARLY_DATA) { ossl_statem_set_in_init(s, 1); if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { /* @@ -257,10 +257,9 @@ int ossl_statem_check_finish_init(SSL_CONNECTION *s, int sending) } } } else if (!s->server) { - if ((sending && (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END - || s->statem.hand_state == TLS_ST_EARLY_DATA) - && s->early_data_state != SSL_EARLY_DATA_WRITING) - || (!sending && s->statem.hand_state == TLS_ST_EARLY_DATA)) { + if ((sending && (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END || s->statem.hand_state == TLS_ST_EARLY_DATA) + && s->early_data_state != SSL_EARLY_DATA_WRITING) + || (!sending && s->statem.hand_state == TLS_ST_EARLY_DATA)) { ossl_statem_set_in_init(s, 1); /* * SSL_write() has been called directly. We don't allow any more @@ -271,7 +270,7 @@ int ossl_statem_check_finish_init(SSL_CONNECTION *s, int sending) } } else { if (s->early_data_state == SSL_EARLY_DATA_FINISHED_READING - && s->statem.hand_state == TLS_ST_EARLY_DATA) + && s->statem.hand_state == TLS_ST_EARLY_DATA) ossl_statem_set_in_init(s, 1); } return 1; @@ -311,7 +310,7 @@ int ossl_statem_accept(SSL *s) return state_machine(sc, 1); } -typedef void (*info_cb) (const SSL *, int, int); +typedef void (*info_cb)(const SSL *, int, int); static info_cb get_callback(SSL_CONNECTION *s) { @@ -356,7 +355,7 @@ static info_cb get_callback(SSL_CONNECTION *s) static int state_machine(SSL_CONNECTION *s, int server) { BUF_MEM *buf = NULL; - void (*cb) (const SSL *ssl, int type, int val) = NULL; + void (*cb)(const SSL *ssl, int type, int val) = NULL; OSSL_STATEM *st = &s->statem; int ret = -1; int ssret; @@ -389,13 +388,13 @@ static int state_machine(SSL_CONNECTION *s, int server) * identifier other than 0. */ BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, - st->in_handshake, NULL); + st->in_handshake, NULL); } #endif /* Initialise state machine */ if (st->state == MSG_FLOW_UNINITED - || st->state == MSG_FLOW_FINISHED) { + || st->state == MSG_FLOW_FINISHED) { if (st->state == MSG_FLOW_UNINITED) { st->hand_state = TLS_ST_BEFORE; st->request_state = TLS_ST_BEFORE; @@ -414,8 +413,7 @@ static int state_machine(SSL_CONNECTION *s, int server) */ if (SSL_CONNECTION_IS_DTLS(s)) { - if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) && - (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) { + if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) && (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) { SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); goto end; } @@ -464,7 +462,7 @@ static int state_machine(SSL_CONNECTION *s, int server) } if ((SSL_in_before(ssl)) - || s->renegotiate) { + || s->renegotiate) { if (!tls_setup_handshake(s)) { /* SSLfatal() already called */ goto end; @@ -509,7 +507,7 @@ static int state_machine(SSL_CONNECTION *s, int server) ret = 1; - end: +end: st->in_handshake--; #ifndef OPENSSL_NO_SCTP @@ -519,7 +517,7 @@ static int state_machine(SSL_CONNECTION *s, int server) * identifier other than 0. */ BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, - st->in_handshake, NULL); + st->in_handshake, NULL); } #endif @@ -543,7 +541,8 @@ static void init_read_state_machine(SSL_CONNECTION *s) st->read_state = READ_STATE_HEADER; } -static int grow_init_buf(SSL_CONNECTION *s, size_t size) { +static int grow_init_buf(SSL_CONNECTION *s, size_t size) +{ size_t msg_offset = (char *)s->init_msg - s->init_buf->data; @@ -589,12 +588,12 @@ static SUB_STATE_RETURN read_state_machine(SSL_CONNECTION *s) OSSL_STATEM *st = &s->statem; int ret, mt; size_t len = 0; - int (*transition) (SSL_CONNECTION *s, int mt); + int (*transition)(SSL_CONNECTION *s, int mt); PACKET pkt; - MSG_PROCESS_RETURN(*process_message) (SSL_CONNECTION *s, PACKET *pkt); - WORK_STATE(*post_process_message) (SSL_CONNECTION *s, WORK_STATE wst); - size_t (*max_message_size) (SSL_CONNECTION *s); - void (*cb) (const SSL *ssl, int type, int val) = NULL; + MSG_PROCESS_RETURN (*process_message)(SSL_CONNECTION *s, PACKET *pkt); + WORK_STATE (*post_process_message)(SSL_CONNECTION *s, WORK_STATE wst); + size_t (*max_message_size)(SSL_CONNECTION *s); + void (*cb)(const SSL *ssl, int type, int val) = NULL; SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); cb = get_callback(s); @@ -650,15 +649,14 @@ static SUB_STATE_RETURN read_state_machine(SSL_CONNECTION *s) if (s->s3.tmp.message_size > max_message_size(s)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_EXCESSIVE_MESSAGE_SIZE); + SSL_R_EXCESSIVE_MESSAGE_SIZE); return SUB_STATE_ERROR; } /* dtls_get_message already did this */ if (!SSL_CONNECTION_IS_DTLS(s) - && s->s3.tmp.message_size > 0 - && !grow_init_buf(s, s->s3.tmp.message_size - + SSL3_HM_HEADER_LENGTH)) { + && s->s3.tmp.message_size > 0 + && !grow_init_buf(s, s->s3.tmp.message_size + SSL3_HM_HEADER_LENGTH)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BUF_LIB); return SUB_STATE_ERROR; } @@ -808,15 +806,15 @@ static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s) { OSSL_STATEM *st = &s->statem; int ret; - WRITE_TRAN(*transition) (SSL_CONNECTION *s); - WORK_STATE(*pre_work) (SSL_CONNECTION *s, WORK_STATE wst); - WORK_STATE(*post_work) (SSL_CONNECTION *s, WORK_STATE wst); - int (*get_construct_message_f) (SSL_CONNECTION *s, - CON_FUNC_RETURN (**confunc) (SSL_CONNECTION *s, - WPACKET *pkt), - int *mt); - void (*cb) (const SSL *ssl, int type, int val) = NULL; - CON_FUNC_RETURN (*confunc) (SSL_CONNECTION *s, WPACKET *pkt); + WRITE_TRAN (*transition)(SSL_CONNECTION *s); + WORK_STATE (*pre_work)(SSL_CONNECTION *s, WORK_STATE wst); + WORK_STATE (*post_work)(SSL_CONNECTION *s, WORK_STATE wst); + int (*get_construct_message_f)(SSL_CONNECTION *s, + CON_FUNC_RETURN (**confunc)(SSL_CONNECTION *s, + WPACKET *pkt), + int *mt); + void (*cb)(const SSL *ssl, int type, int val) = NULL; + CON_FUNC_RETURN (*confunc)(SSL_CONNECTION *s, WPACKET *pkt); int mt; WPACKET pkt; SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); @@ -891,7 +889,7 @@ static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s) break; } if (!WPACKET_init(&pkt, s->init_buf) - || !ssl_set_handshake_header(s, &pkt, mt)) { + || !ssl_set_handshake_header(s, &pkt, mt)) { WPACKET_cleanup(&pkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return SUB_STATE_ERROR; @@ -916,7 +914,7 @@ static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s) } /* else success */ } if (!ssl_close_construct_packet(s, &pkt, mt) - || !WPACKET_finish(&pkt)) { + || !WPACKET_finish(&pkt)) { WPACKET_cleanup(&pkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return SUB_STATE_ERROR; @@ -1024,7 +1022,7 @@ int ossl_statem_app_data_allowed(SSL_CONNECTION *s) int ossl_statem_export_allowed(SSL_CONNECTION *s) { return s->s3.previous_server_finished_len != 0 - && s->statem.hand_state != TLS_ST_SW_FINISHED; + && s->statem.hand_state != TLS_ST_SW_FINISHED; } /* @@ -1039,5 +1037,5 @@ int ossl_statem_export_early_allowed(SSL_CONNECTION *s) * as we have sent early_data. */ return s->ext.early_data == SSL_EARLY_DATA_ACCEPTED - || (!s->server && s->ext.early_data != SSL_EARLY_DATA_NOT_SENT); + || (!s->server && s->ext.early_data != SSL_EARLY_DATA_NOT_SENT); } diff --git a/crypto/openssl/ssl/statem/statem_clnt.c b/crypto/openssl/ssl/statem/statem_clnt.c index ba4500dd6597..0619fbd6f13a 100644 --- a/crypto/openssl/ssl/statem/statem_clnt.c +++ b/crypto/openssl/ssl/statem/statem_clnt.c @@ -31,14 +31,14 @@ #include "internal/ssl_unwrap.h" static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); static ossl_inline int cert_req_allowed(SSL_CONNECTION *s); static int key_exchange_expected(SSL_CONNECTION *s); static int ssl_cipher_list_to_bytes(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *sk, - WPACKET *pkt); + WPACKET *pkt); static ossl_inline int received_server_cert(SSL_CONNECTION *sc) { @@ -56,7 +56,7 @@ static ossl_inline int cert_req_allowed(SSL_CONNECTION *s) { /* TLS does not like anon-DH with client cert */ if ((s->version > SSL3_VERSION - && (s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL)) + && (s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL)) || (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK))) return 0; @@ -78,8 +78,7 @@ static int key_exchange_expected(SSL_CONNECTION *s) * Can't skip server key exchange if this is an ephemeral * ciphersuite or for SRP */ - if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK - | SSL_kSRP)) { + if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK | SSL_kSRP)) { return 1; } @@ -144,7 +143,7 @@ static int ossl_statem_client13_read_transition(SSL_CONNECTION *s, int mt) } #ifndef OPENSSL_NO_COMP_ALG if (mt == SSL3_MT_COMPRESSED_CERTIFICATE - && s->ext.compress_certificate_sent) { + && s->ext.compress_certificate_sent) { st->hand_state = TLS_ST_CR_COMP_CERT; return 1; } @@ -159,7 +158,7 @@ static int ossl_statem_client13_read_transition(SSL_CONNECTION *s, int mt) } #ifndef OPENSSL_NO_COMP_ALG if (mt == SSL3_MT_COMPRESSED_CERTIFICATE - && s->ext.compress_certificate_sent) { + && s->ext.compress_certificate_sent) { st->hand_state = TLS_ST_CR_COMP_CERT; return 1; } @@ -193,7 +192,7 @@ static int ossl_statem_client13_read_transition(SSL_CONNECTION *s, int mt) if (mt == SSL3_MT_CERTIFICATE_REQUEST) { #if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION /* Restore digest for PHA before adding message.*/ -# error Internal DTLS version error +#error Internal DTLS version error #endif if (!SSL_CONNECTION_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT) { @@ -290,9 +289,9 @@ int ossl_statem_client_read_transition(SSL_CONNECTION *s, int mt) st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST; return 1; } else if (s->version >= TLS1_VERSION - && s->ext.session_secret_cb != NULL - && s->session->ext.tick != NULL - && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { + && s->ext.session_secret_cb != NULL + && s->session->ext.tick != NULL + && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { /* * Normally, we can tell if the server is resuming the session * from the session ID. EAP-FAST (RFC 4851), however, relies on @@ -303,7 +302,7 @@ int ossl_statem_client_read_transition(SSL_CONNECTION *s, int mt) st->hand_state = TLS_ST_CR_CHANGE; return 1; } else if (!(s->s3.tmp.new_cipher->algorithm_auth - & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { + & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { if (mt == SSL3_MT_CERTIFICATE) { st->hand_state = TLS_ST_CR_CERT; return 1; @@ -319,7 +318,7 @@ int ossl_statem_client_read_transition(SSL_CONNECTION *s, int mt) return 1; } } else if (mt == SSL3_MT_CERTIFICATE_REQUEST - && cert_req_allowed(s)) { + && cert_req_allowed(s)) { st->hand_state = TLS_ST_CR_CERT_REQ; return 1; } else if (mt == SSL3_MT_SERVER_DONE) { @@ -345,8 +344,7 @@ int ossl_statem_client_read_transition(SSL_CONNECTION *s, int mt) case TLS_ST_CR_CERT_STATUS: ske_expected = key_exchange_expected(s); /* SKE is optional for some PSK ciphersuites */ - if (ske_expected || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) - && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) { + if (ske_expected || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) { if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) { st->hand_state = TLS_ST_CR_KEY_EXCH; return 1; @@ -406,7 +404,7 @@ int ossl_statem_client_read_transition(SSL_CONNECTION *s, int mt) break; } - err: +err: /* No valid transition found */ if (SSL_CONNECTION_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { BIO *rbio; @@ -475,10 +473,10 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL_CONNECTION *s) case TLS_ST_CR_FINISHED: if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY - || s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING) + || s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING) st->hand_state = TLS_ST_PENDING_EARLY_DATA_END; else if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 - && s->hello_retry_request == SSL_HRR_NONE) + && s->hello_retry_request == SSL_HRR_NONE) st->hand_state = TLS_ST_CW_CHANGE; else if (s->s3.tmp.cert_req == 0) st->hand_state = TLS_ST_CW_FINISHED; @@ -511,7 +509,7 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL_CONNECTION *s) case TLS_ST_CW_CERT: /* If a non-empty Certificate we also send CertificateVerify */ st->hand_state = (s->s3.tmp.cert_req == 1) ? TLS_ST_CW_CERT_VRFY - : TLS_ST_CW_FINISHED; + : TLS_ST_CW_FINISHED; return WRITE_TRAN_CONTINUE; case TLS_ST_CW_CERT_VRFY: @@ -574,7 +572,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL_CONNECTION *s) case TLS_ST_CW_CLNT_HELLO: if (s->early_data_state == SSL_EARLY_DATA_CONNECTING - && !SSL_IS_QUIC_HANDSHAKE(s)) { + && !SSL_IS_QUIC_HANDSHAKE(s)) { /* * We are assuming this is a TLSv1.3 connection, although we haven't * actually selected a version yet. @@ -599,7 +597,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL_CONNECTION *s) * because we did early data. */ if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 - && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) + && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) st->hand_state = TLS_ST_CW_CHANGE; else st->hand_state = TLS_ST_CW_CLNT_HELLO; @@ -737,12 +735,12 @@ WORK_STATE ossl_statem_client_pre_work(SSL_CONNECTION *s, WORK_STATE wst) * write record layer in order to write in plaintext again. */ if (!ssl_set_new_record_layer(s, - TLS_ANY_VERSION, - OSSL_RECORD_DIRECTION_WRITE, - OSSL_RECORD_PROTECTION_LEVEL_NONE, - NULL, 0, NULL, 0, NULL, 0, NULL, 0, - NULL, 0, NID_undef, NULL, NULL, - NULL)) { + TLS_ANY_VERSION, + OSSL_RECORD_DIRECTION_WRITE, + OSSL_RECORD_PROTECTION_LEVEL_NONE, + NULL, 0, NULL, 0, NULL, 0, NULL, 0, + NULL, 0, NID_undef, NULL, NULL, + NULL)) { /* SSLfatal already called */ return WORK_ERROR; } @@ -774,7 +772,7 @@ WORK_STATE ossl_statem_client_pre_work(SSL_CONNECTION *s, WORK_STATE wst) * on with the handshake. Otherwise we pause here. */ if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING - || s->early_data_state == SSL_EARLY_DATA_NONE) + || s->early_data_state == SSL_EARLY_DATA_NONE) return WORK_FINISHED_CONTINUE; /* Fall through */ @@ -807,7 +805,7 @@ WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst) case TLS_ST_CW_CLNT_HELLO: if (s->early_data_state == SSL_EARLY_DATA_CONNECTING - && s->max_early_data > 0) { + && s->max_early_data > 0) { /* * We haven't selected TLSv1.3 yet so we don't call the change * cipher state function associated with the SSL_METHOD. Instead @@ -815,7 +813,7 @@ WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst) */ if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0) { if (!tls13_change_cipher_state(s, - SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { + SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { /* SSLfatal() already called */ return WORK_ERROR; } @@ -843,14 +841,14 @@ WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst) || s->hello_retry_request == SSL_HRR_PENDING) break; if (s->early_data_state == SSL_EARLY_DATA_CONNECTING - && s->max_early_data > 0) { + && s->max_early_data > 0) { /* * We haven't selected TLSv1.3 yet so we don't call the change * cipher state function associated with the SSL_METHOD. Instead * we call tls13_change_cipher_state() directly. */ if (!tls13_change_cipher_state(s, - SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) + SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) return WORK_ERROR; break; } @@ -869,7 +867,7 @@ WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst) } if (!ssl->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { + SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { /* SSLfatal() already called */ return WORK_ERROR; } @@ -877,11 +875,11 @@ WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst) #ifndef OPENSSL_NO_SCTP if (SSL_CONNECTION_IS_DTLS(s) && s->hit) { /* - * Change to new shared key of SCTP-Auth, will be ignored if - * no SCTP used. - */ + * Change to new shared key of SCTP-Auth, will be ignored if + * no SCTP used. + */ BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, - 0, NULL); + 0, NULL); } #endif break; @@ -894,7 +892,7 @@ WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst) * no SCTP used. */ BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, - 0, NULL); + 0, NULL); } #endif if (statem_flush(s) != 1) @@ -917,8 +915,8 @@ WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst) * keys. */ if (SSL_IS_QUIC_HANDSHAKE(s) - && !ssl->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) { + && !ssl->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) { /* SSLfatal() already called */ return WORK_ERROR; } @@ -948,7 +946,7 @@ WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst) * 0: Error */ int ossl_statem_client_construct_message(SSL_CONNECTION *s, - confunc_f *confunc, int *mt) + confunc_f *confunc, int *mt) { OSSL_STATEM *st = &s->statem; @@ -1090,7 +1088,7 @@ size_t ossl_statem_client_max_message_size(SSL_CONNECTION *s) * Process a message that the client has received from the server. */ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL_CONNECTION *s, - PACKET *pkt) + PACKET *pkt) { OSSL_STATEM *st = &s->statem; @@ -1154,7 +1152,7 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL_CONNECTION *s, * from the server */ WORK_STATE ossl_statem_client_post_process_message(SSL_CONNECTION *s, - WORK_STATE wst) + WORK_STATE wst) { OSSL_STATEM *st = &s->statem; @@ -1194,10 +1192,10 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) } if (sess == NULL - || !ssl_version_supported(s, sess->ssl_version, NULL) - || !SSL_SESSION_is_resumable(sess)) { + || !ssl_version_supported(s, sess->ssl_version, NULL) + || !SSL_SESSION_is_resumable(sess)) { if (s->hello_retry_request == SSL_HRR_NONE - && !ssl_get_new_session(s, 0)) { + && !ssl_get_new_session(s, 0)) { /* SSLfatal() already called */ return CON_FUNC_ERROR; } @@ -1223,8 +1221,7 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) i = (s->hello_retry_request == SSL_HRR_NONE); } - if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3.client_random), - DOWNGRADE_NONE) <= 0) { + if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3.client_random), DOWNGRADE_NONE) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return CON_FUNC_ERROR; } @@ -1263,7 +1260,7 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) * supported_versions extension for the real supported versions. */ if (!WPACKET_put_bytes_u16(pkt, s->client_version) - || !WPACKET_memcpy(pkt, s->s3.client_random, SSL3_RANDOM_SIZE)) { + || !WPACKET_memcpy(pkt, s->s3.client_random, SSL3_RANDOM_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return CON_FUNC_ERROR; } @@ -1272,13 +1269,14 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) session_id = s->session->session_id; if (s->new_session || s->session->ssl_version == TLS1_3_VERSION) { if (s->version == TLS1_3_VERSION - && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) { + && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) { sess_id_len = sizeof(s->tmp_session_id); s->tmp_session_id_len = sess_id_len; session_id = s->tmp_session_id; if (s->hello_retry_request == SSL_HRR_NONE - && RAND_bytes_ex(sctx->libctx, s->tmp_session_id, - sess_id_len, 0) <= 0) { + && RAND_bytes_ex(sctx->libctx, s->tmp_session_id, + sess_id_len, 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return CON_FUNC_ERROR; } @@ -1294,9 +1292,8 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) } } if (!WPACKET_start_sub_packet_u8(pkt) - || (sess_id_len != 0 && !WPACKET_memcpy(pkt, session_id, - sess_id_len)) - || !WPACKET_close(pkt)) { + || (sess_id_len != 0 && !WPACKET_memcpy(pkt, session_id, sess_id_len)) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return CON_FUNC_ERROR; } @@ -1304,8 +1301,8 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) /* cookie stuff for DTLS */ if (SSL_CONNECTION_IS_DTLS(s)) { if (s->d1->cookie_len > sizeof(s->d1->cookie) - || !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie, - s->d1->cookie_len)) { + || !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie, + s->d1->cookie_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return CON_FUNC_ERROR; } @@ -1318,7 +1315,7 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) } if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(SSL_CONNECTION_GET_SSL(s)), - pkt)) { + pkt)) { /* SSLfatal() already called */ return CON_FUNC_ERROR; } @@ -1334,9 +1331,9 @@ CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt) } #ifndef OPENSSL_NO_COMP if (ssl_allow_compression(s) - && sctx->comp_methods - && (SSL_CONNECTION_IS_DTLS(s) - || s->s3.tmp.max_ver < TLS1_3_VERSION)) { + && sctx->comp_methods + && (SSL_CONNECTION_IS_DTLS(s) + || s->s3.tmp.max_ver < TLS1_3_VERSION)) { int compnum = sk_SSL_COMP_num(sctx->comp_methods); for (i = 0; i < compnum; i++) { comp = sk_SSL_COMP_value(sctx->comp_methods, i); @@ -1389,7 +1386,7 @@ MSG_PROCESS_RETURN dtls_process_hello_verify(SSL_CONNECTION *s, PACKET *pkt) } static int set_client_ciphersuite(SSL_CONNECTION *s, - const unsigned char *cipherchars) + const unsigned char *cipherchars) { STACK_OF(SSL_CIPHER) *sk; const SSL_CIPHER *c; @@ -1420,7 +1417,7 @@ static int set_client_ciphersuite(SSL_CONNECTION *s, } if (SSL_CONNECTION_IS_TLS13(s) && s->s3.tmp.new_cipher != NULL - && s->s3.tmp.new_cipher->id != c->id) { + && s->s3.tmp.new_cipher->id != c->id) { /* ServerHello selected a different ciphersuite to that in the HRR */ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_CIPHER_RETURNED); return 0; @@ -1446,9 +1443,9 @@ static int set_client_ciphersuite(SSL_CONNECTION *s, * ciphersuite as long as the hash is the same. */ if (md == NULL - || md != ssl_md(sctx, s->session->cipher->algorithm2)) { + || md != ssl_md(sctx, s->session->cipher->algorithm2)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED); + SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED); return 0; } } else { @@ -1457,7 +1454,7 @@ static int set_client_ciphersuite(SSL_CONNECTION *s, * ciphersuite. */ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); + SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); return 0; } } @@ -1489,9 +1486,9 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) /* load the server random */ if (s->version == TLS1_3_VERSION - && sversion == TLS1_2_VERSION - && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE - && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) { + && sversion == TLS1_2_VERSION + && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE + && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) { if (s->hello_retry_request != SSL_HRR_NONE) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto err; @@ -1540,16 +1537,16 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) if (PACKET_remaining(pkt) == 0 && !hrr) { PACKET_null_init(&extpkt); } else if (!PACKET_as_length_prefixed_2(pkt, &extpkt) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_LENGTH); goto err; } if (!hrr) { if (!tls_collect_extensions(s, &extpkt, - SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_SERVER_HELLO, - &extensions, NULL, 1)) { + SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_SERVER_HELLO, + &extensions, NULL, 1)) { /* SSLfatal() already called */ goto err; } @@ -1563,13 +1560,14 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) if (SSL_CONNECTION_IS_TLS13(s) || hrr) { if (compression != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INVALID_COMPRESSION_ALGORITHM); + SSL_R_INVALID_COMPRESSION_ALGORITHM); goto err; } if (session_id_len != s->tmp_session_id_len - || memcmp(PACKET_data(&session_id), s->tmp_session_id, - session_id_len) != 0) { + || memcmp(PACKET_data(&session_id), s->tmp_session_id, + session_id_len) + != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INVALID_SESSION_ID); goto err; } @@ -1604,14 +1602,14 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) */ if (RECORD_LAYER_processed_read_pending(&s->rlayer)) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_NOT_ON_RECORD_BOUNDARY); + SSL_R_NOT_ON_RECORD_BOUNDARY); goto err; } /* This will set s->hit if we are resuming */ if (!tls_parse_extension(s, TLSEXT_IDX_psk, - SSL_EXT_TLS1_3_SERVER_HELLO, - extensions, NULL, 0)) { + SSL_EXT_TLS1_3_SERVER_HELLO, + extensions, NULL, 0)) { /* SSLfatal() already called */ goto err; } @@ -1629,7 +1627,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) * message to see if the server wants to resume. */ if (s->version >= TLS1_VERSION - && s->ext.session_secret_cb != NULL && s->session->ext.tick) { + && s->ext.session_secret_cb != NULL && s->session->ext.tick) { const SSL_CIPHER *pref_cipher = NULL; /* * s->session->master_key_length is a size_t, but this is an int for @@ -1639,13 +1637,12 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) master_key_length = sizeof(s->session->master_key); if (s->ext.session_secret_cb(ussl, s->session->master_key, - &master_key_length, - NULL, &pref_cipher, - s->ext.session_secret_cb_arg) - && master_key_length > 0) { + &master_key_length, + NULL, &pref_cipher, + s->ext.session_secret_cb_arg) + && master_key_length > 0) { s->session->master_key_length = master_key_length; - s->session->cipher = pref_cipher ? - pref_cipher : ssl_get_cipher_by_char(s, cipherchars, 0); + s->session->cipher = pref_cipher ? pref_cipher : ssl_get_cipher_by_char(s, cipherchars, 0); } else { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -1653,18 +1650,19 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) } if (session_id_len != 0 - && session_id_len == s->session->session_id_length - && memcmp(PACKET_data(&session_id), s->session->session_id, - session_id_len) == 0) + && session_id_len == s->session->session_id_length + && memcmp(PACKET_data(&session_id), s->session->session_id, + session_id_len) + == 0) s->hit = 1; } if (s->hit) { if (s->sid_ctx_length != s->session->sid_ctx_length - || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { + || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { /* actually a client application bug */ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto err; } } else { @@ -1695,14 +1693,14 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) /* session_id_len could be 0 */ if (session_id_len > 0) memcpy(s->session->session_id, PACKET_data(&session_id), - session_id_len); + session_id_len); } } /* Session version and negotiated protocol version should match */ if (s->version != s->session->ssl_version) { SSLfatal(s, SSL_AD_PROTOCOL_VERSION, - SSL_R_SSL_SESSION_VERSION_MISMATCH); + SSL_R_SSL_SESSION_VERSION_MISMATCH); goto err; } /* @@ -1720,7 +1718,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) #ifdef OPENSSL_NO_COMP if (compression != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); goto err; } /* @@ -1734,7 +1732,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) #else if (s->hit && compression != s->session->compress_meth) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); + SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); goto err; } if (compression == 0) @@ -1744,12 +1742,12 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) goto err; } else { comp = ssl3_comp_find(SSL_CONNECTION_GET_CTX(s)->comp_methods, - compression); + compression); } if (compression != 0 && comp == NULL) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); goto err; } else { s->s3.tmp.new_compression = comp; @@ -1772,7 +1770,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) * no SCTP used. */ memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, - sizeof(DTLS1_SCTP_AUTH_LABEL)); + sizeof(DTLS1_SCTP_AUTH_LABEL)); /* Don't include the terminating zero. */ labellen = sizeof(labelbuffer) - 1; @@ -1780,16 +1778,17 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) labellen += 1; if (SSL_export_keying_material(ssl, sctpauthkey, - sizeof(sctpauthkey), - labelbuffer, - labellen, NULL, 0, 0) <= 0) { + sizeof(sctpauthkey), + labelbuffer, + labellen, NULL, 0, 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } BIO_ctrl(SSL_get_wbio(ssl), - BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); + BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, + sizeof(sctpauthkey), sctpauthkey); } #endif @@ -1799,7 +1798,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) */ if (SSL_CONNECTION_IS_TLS13(s)) { if (!ssl->method->ssl3_enc->setup_key_block(s) - || !tls13_store_handshake_traffic_hash(s)) { + || !tls13_store_handshake_traffic_hash(s)) { /* SSLfatal() already called */ goto err; } @@ -1813,16 +1812,16 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) * compat this doesn't cause a problem. */ if (SSL_IS_QUIC_HANDSHAKE(s) - || (s->early_data_state == SSL_EARLY_DATA_NONE - && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0)) { + || (s->early_data_state == SSL_EARLY_DATA_NONE + && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0)) { if (!ssl->method->ssl3_enc->change_cipher_state(s, SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { /* SSLfatal() already called */ goto err; - } + } } if (!ssl->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_READ)) { + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_READ)) { /* SSLfatal() already called */ goto err; } @@ -1830,13 +1829,13 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) OPENSSL_free(extensions); return MSG_PROCESS_CONTINUE_READING; - err: +err: OPENSSL_free(extensions); return MSG_PROCESS_ERROR; } static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL_CONNECTION *s, - PACKET *extpkt) + PACKET *extpkt) { RAW_EXTENSION *extensions = NULL; @@ -1845,12 +1844,12 @@ static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL_CONNECTION *s, * the old wrlmethod. */ if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING - && !ssl_set_new_record_layer(s, - TLS_ANY_VERSION, - OSSL_RECORD_DIRECTION_WRITE, - OSSL_RECORD_PROTECTION_LEVEL_NONE, - NULL, 0, NULL, 0, NULL, 0, NULL, 0, - NULL, 0, NID_undef, NULL, NULL, NULL)) { + && !ssl_set_new_record_layer(s, + TLS_ANY_VERSION, + OSSL_RECORD_DIRECTION_WRITE, + OSSL_RECORD_PROTECTION_LEVEL_NONE, + NULL, 0, NULL, 0, NULL, 0, NULL, 0, + NULL, 0, NID_undef, NULL, NULL, NULL)) { /* SSLfatal already called */ goto err; } @@ -1858,9 +1857,9 @@ static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL_CONNECTION *s, s->rlayer.wrlmethod->set_protocol_version(s->rlayer.wrl, TLS1_3_VERSION); if (!tls_collect_extensions(s, extpkt, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, - &extensions, NULL, 1) - || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, - extensions, NULL, 0, 1)) { + &extensions, NULL, 1) + || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, + extensions, NULL, 0, 1)) { /* SSLfatal() already called */ goto err; } @@ -1893,13 +1892,13 @@ static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL_CONNECTION *s, * for HRR messages. */ if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, - s->init_num + SSL3_HM_HEADER_LENGTH)) { + s->init_num + SSL3_HM_HEADER_LENGTH)) { /* SSLfatal() already called */ goto err; } return MSG_PROCESS_FINISHED_READING; - err: +err: OPENSSL_free(extensions); return MSG_PROCESS_ERROR; } @@ -1925,7 +1924,7 @@ MSG_PROCESS_RETURN tls_process_server_rpk(SSL_CONNECTION *sc, PACKET *pkt) } static WORK_STATE tls_post_process_server_rpk(SSL_CONNECTION *sc, - WORK_STATE wst) + WORK_STATE wst) { size_t certidx; const SSL_CERT_LOOKUP *clu; @@ -1933,7 +1932,7 @@ static WORK_STATE tls_post_process_server_rpk(SSL_CONNECTION *sc, if (sc->session->peer_rpk == NULL) { SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INVALID_RAW_PUBLIC_KEY); + SSL_R_INVALID_RAW_PUBLIC_KEY); return WORK_ERROR; } @@ -1945,16 +1944,17 @@ static WORK_STATE tls_post_process_server_rpk(SSL_CONNECTION *sc, if (v_ok <= 0 && sc->verify_mode != SSL_VERIFY_NONE) { ERR_clear_last_mark(); SSLfatal(sc, ssl_x509err2alert(sc->verify_result), - SSL_R_CERTIFICATE_VERIFY_FAILED); + SSL_R_CERTIFICATE_VERIFY_FAILED); return WORK_ERROR; } - ERR_pop_to_mark(); /* but we keep s->verify_result */ + ERR_pop_to_mark(); /* but we keep s->verify_result */ if (v_ok > 0 && sc->rwstate == SSL_RETRY_VERIFY) { return WORK_MORE_A; } if ((clu = ssl_cert_lookup_by_pkey(sc->session->peer_rpk, &certidx, - SSL_CONNECTION_GET_CTX(sc))) == NULL) { + SSL_CONNECTION_GET_CTX(sc))) + == NULL) { SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_CERTIFICATE_TYPE); return WORK_ERROR; } @@ -1980,9 +1980,9 @@ static WORK_STATE tls_post_process_server_rpk(SSL_CONNECTION *sc, /* Save the current hash state for when we receive the CertificateVerify */ if (SSL_CONNECTION_IS_TLS13(sc) - && !ssl_handshake_hash(sc, sc->cert_verify_hash, - sizeof(sc->cert_verify_hash), - &sc->cert_verify_hash_len)) { + && !ssl_handshake_hash(sc, sc->cert_verify_hash, + sizeof(sc->cert_verify_hash), + &sc->cert_verify_hash_len)) { /* SSLfatal() already called */ return WORK_ERROR; } @@ -1992,7 +1992,7 @@ static WORK_STATE tls_post_process_server_rpk(SSL_CONNECTION *sc, /* prepare server cert verification by setting s->session->peer_chain from pkt */ MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, - PACKET *pkt) + PACKET *pkt) { unsigned long cert_list_len, cert_len; X509 *x = NULL; @@ -2005,7 +2005,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, return tls_process_server_rpk(s, pkt); if (s->ext.server_cert_type != TLSEXT_cert_type_x509) { SSLfatal(s, SSL_AD_UNSUPPORTED_CERTIFICATE, - SSL_R_UNKNOWN_CERTIFICATE_TYPE); + SSL_R_UNKNOWN_CERTIFICATE_TYPE); goto err; } @@ -2015,10 +2015,10 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, } if ((SSL_CONNECTION_IS_TLS13(s) && !PACKET_get_1(pkt, &context)) - || context != 0 - || !PACKET_get_net_3(pkt, &cert_list_len) - || PACKET_remaining(pkt) != cert_list_len - || PACKET_remaining(pkt) == 0) { + || context != 0 + || !PACKET_get_net_3(pkt, &cert_list_len) + || PACKET_remaining(pkt) != cert_list_len + || PACKET_remaining(pkt) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } @@ -2036,7 +2036,8 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, goto err; } if (d2i_X509(&x, (const unsigned char **)&certbytes, - cert_len) == NULL) { + cert_len) + == NULL) { SSLfatal(s, SSL_AD_BAD_CERTIFICATE, ERR_R_ASN1_LIB); goto err; } @@ -2055,11 +2056,11 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, goto err; } if (!tls_collect_extensions(s, &extensions, - SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, - NULL, chainidx == 0) + SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, + NULL, chainidx == 0) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE, - rawexts, x, chainidx, - PACKET_remaining(pkt) == 0)) { + rawexts, x, chainidx, + PACKET_remaining(pkt) == 0)) { OPENSSL_free(rawexts); /* SSLfatal already called */ goto err; @@ -2075,7 +2076,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, } return MSG_PROCESS_CONTINUE_PROCESSING; - err: +err: X509_free(x); OSSL_STACK_OF_X509_free(s->session->peer_chain); s->session->peer_chain = NULL; @@ -2088,7 +2089,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, * Else the peer certificate verification callback may request retry. */ WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s, - WORK_STATE wst) + WORK_STATE wst) { X509 *x; EVP_PKEY *pkey = NULL; @@ -2121,10 +2122,10 @@ WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s, if (i <= 0 && s->verify_mode != SSL_VERIFY_NONE) { ERR_clear_last_mark(); SSLfatal(s, ssl_x509err2alert(s->verify_result), - SSL_R_CERTIFICATE_VERIFY_FAILED); + SSL_R_CERTIFICATE_VERIFY_FAILED); return WORK_ERROR; } - ERR_pop_to_mark(); /* but we keep s->verify_result */ + ERR_pop_to_mark(); /* but we keep s->verify_result */ if (i > 0 && s->rwstate == SSL_RETRY_VERIFY) return WORK_MORE_A; @@ -2138,12 +2139,13 @@ WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s, if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); + SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); return WORK_ERROR; } if ((clu = ssl_cert_lookup_by_pkey(pkey, &certidx, - SSL_CONNECTION_GET_CTX(s))) == NULL) { + SSL_CONNECTION_GET_CTX(s))) + == NULL) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_CERTIFICATE_TYPE); return WORK_ERROR; } @@ -2173,9 +2175,9 @@ WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s, /* Save the current hash state for when we receive the CertificateVerify */ if (SSL_CONNECTION_IS_TLS13(s) - && !ssl_handshake_hash(s, s->cert_verify_hash, - sizeof(s->cert_verify_hash), - &s->cert_verify_hash_len)) { + && !ssl_handshake_hash(s, s->cert_verify_hash, + sizeof(s->cert_verify_hash), + &s->cert_verify_hash_len)) { /* SSLfatal() already called */; return WORK_ERROR; } @@ -2224,7 +2226,7 @@ static int tls_process_ske_psk_preamble(SSL_CONNECTION *s, PACKET *pkt) OPENSSL_free(s->session->psk_identity_hint); s->session->psk_identity_hint = NULL; } else if (!PACKET_strndup(&psk_identity_hint, - &s->session->psk_identity_hint)) { + &s->session->psk_identity_hint)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -2249,18 +2251,18 @@ static int tls_process_ske_srp(SSL_CONNECTION *s, PACKET *pkt, EVP_PKEY **pkey) return 0; } - if ((s->srp_ctx.N = - BN_bin2bn(PACKET_data(&prime), - (int)PACKET_remaining(&prime), NULL)) == NULL - || (s->srp_ctx.g = - BN_bin2bn(PACKET_data(&generator), - (int)PACKET_remaining(&generator), NULL)) == NULL - || (s->srp_ctx.s = - BN_bin2bn(PACKET_data(&salt), - (int)PACKET_remaining(&salt), NULL)) == NULL - || (s->srp_ctx.B = - BN_bin2bn(PACKET_data(&server_pub), - (int)PACKET_remaining(&server_pub), NULL)) == NULL) { + if ((s->srp_ctx.N = BN_bin2bn(PACKET_data(&prime), + (int)PACKET_remaining(&prime), NULL)) + == NULL + || (s->srp_ctx.g = BN_bin2bn(PACKET_data(&generator), + (int)PACKET_remaining(&generator), NULL)) + == NULL + || (s->srp_ctx.s = BN_bin2bn(PACKET_data(&salt), + (int)PACKET_remaining(&salt), NULL)) + == NULL + || (s->srp_ctx.B = BN_bin2bn(PACKET_data(&server_pub), + (int)PACKET_remaining(&server_pub), NULL)) + == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BN_LIB); return 0; } @@ -2301,9 +2303,9 @@ static int tls_process_ske_dhe(SSL_CONNECTION *s, PACKET *pkt, EVP_PKEY **pkey) p = BN_bin2bn(PACKET_data(&prime), (int)PACKET_remaining(&prime), NULL); g = BN_bin2bn(PACKET_data(&generator), (int)PACKET_remaining(&generator), - NULL); + NULL); bnpub_key = BN_bin2bn(PACKET_data(&pub_key), - (int)PACKET_remaining(&pub_key), NULL); + (int)PACKET_remaining(&pub_key), NULL); if (p == NULL || g == NULL || bnpub_key == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BN_LIB); goto err; @@ -2311,11 +2313,11 @@ static int tls_process_ske_dhe(SSL_CONNECTION *s, PACKET *pkt, EVP_PKEY **pkey) tmpl = OSSL_PARAM_BLD_new(); if (tmpl == NULL - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, - bnpub_key) - || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p) + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g) + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, + bnpub_key) + || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2326,7 +2328,7 @@ static int tls_process_ske_dhe(SSL_CONNECTION *s, PACKET *pkt, EVP_PKEY **pkey) goto err; } if (EVP_PKEY_fromdata_init(pctx) <= 0 - || EVP_PKEY_fromdata(pctx, &peer_tmp, EVP_PKEY_KEYPAIR, params) <= 0) { + || EVP_PKEY_fromdata(pctx, &peer_tmp, EVP_PKEY_KEYPAIR, params) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_DH_VALUE); goto err; } @@ -2334,21 +2336,21 @@ static int tls_process_ske_dhe(SSL_CONNECTION *s, PACKET *pkt, EVP_PKEY **pkey) EVP_PKEY_CTX_free(pctx); pctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, peer_tmp, sctx->propq); if (pctx == NULL - /* - * EVP_PKEY_param_check() will verify that the DH params are using - * a safe prime. In this context, because we're using ephemeral DH, - * we're ok with it not being a safe prime. - * EVP_PKEY_param_check_quick() skips the safe prime check. - */ - || EVP_PKEY_param_check_quick(pctx) != 1 - || EVP_PKEY_public_check(pctx) != 1) { + /* + * EVP_PKEY_param_check() will verify that the DH params are using + * a safe prime. In this context, because we're using ephemeral DH, + * we're ok with it not being a safe prime. + * EVP_PKEY_param_check_quick() skips the safe prime check. + */ + || EVP_PKEY_param_check_quick(pctx) != 1 + || EVP_PKEY_public_check(pctx) != 1) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_DH_VALUE); goto err; } if (!ssl_security(s, SSL_SECOP_TMP_DH, - EVP_PKEY_get_security_bits(peer_tmp), - 0, peer_tmp)) { + EVP_PKEY_get_security_bits(peer_tmp), + 0, peer_tmp)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_DH_KEY_TOO_SMALL); goto err; } @@ -2366,7 +2368,7 @@ static int tls_process_ske_dhe(SSL_CONNECTION *s, PACKET *pkt, EVP_PKEY **pkey) ret = 1; - err: +err: OSSL_PARAM_BLD_free(tmpl); OSSL_PARAM_free(params); EVP_PKEY_free(peer_tmp); @@ -2397,14 +2399,14 @@ static int tls_process_ske_ecdhe(SSL_CONNECTION *s, PACKET *pkt, EVP_PKEY **pkey * server has sent an invalid curve. */ if (curve_type != NAMED_CURVE_TYPE - || !tls1_check_group_id(s, curve_id, 1)) { + || !tls1_check_group_id(s, curve_id, 1)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_CURVE); return 0; } if ((s->s3.peer_tmp = ssl_generate_param_group(s, curve_id)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); + SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); return 0; } @@ -2414,8 +2416,9 @@ static int tls_process_ske_ecdhe(SSL_CONNECTION *s, PACKET *pkt, EVP_PKEY **pkey } if (EVP_PKEY_set1_encoded_public_key(s->s3.peer_tmp, - PACKET_data(&encoded_pt), - PACKET_remaining(&encoded_pt)) <= 0) { + PACKET_data(&encoded_pt), + PACKET_remaining(&encoded_pt)) + <= 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT); return 0; } @@ -2494,8 +2497,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s, PACKET *pkt) * equals the length of the parameters. */ if (!PACKET_get_sub_packet(&save_param_start, ¶ms, - PACKET_remaining(&save_param_start) - - PACKET_remaining(pkt))) { + PACKET_remaining(&save_param_start) - PACKET_remaining(pkt))) { SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2507,24 +2509,24 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s, PACKET *pkt) SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_TOO_SHORT); goto err; } - if (tls12_check_peer_sigalg(s, sigalg, pkey) <=0) { + if (tls12_check_peer_sigalg(s, sigalg, pkey) <= 0) { /* SSLfatal() already called */ goto err; } } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED); + SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED); goto err; } if (!tls1_lookup_md(sctx, s->s3.tmp.peer_sigalg, &md)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_NO_SUITABLE_DIGEST_ALGORITHM); + SSL_R_NO_SUITABLE_DIGEST_ALGORITHM); goto err; } if (SSL_USE_SIGALGS(s)) OSSL_TRACE1(TLS, "USING TLSv1.2 HASH %s\n", - md == NULL ? "n/a" : EVP_MD_get0_name(md)); + md == NULL ? "n/a" : EVP_MD_get0_name(md)); if (!PACKET_get_length_prefixed_2(pkt, &signature) || PACKET_remaining(pkt) != 0) { @@ -2539,29 +2541,31 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s, PACKET *pkt) } if (EVP_DigestVerifyInit_ex(md_ctx, &pctx, - md == NULL ? NULL : EVP_MD_get0_name(md), - sctx->libctx, sctx->propq, pkey, - NULL) <= 0) { + md == NULL ? NULL : EVP_MD_get0_name(md), + sctx->libctx, sctx->propq, pkey, + NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } if (SSL_USE_PSS(s)) { if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, - RSA_PSS_SALTLEN_DIGEST) <= 0) { + RSA_PSS_SALTLEN_DIGEST) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } } tbslen = construct_key_exchange_tbs(s, &tbs, PACKET_data(¶ms), - PACKET_remaining(¶ms)); + PACKET_remaining(¶ms)); if (tbslen == 0) { /* SSLfatal() already called */ goto err; } rv = EVP_DigestVerify(md_ctx, PACKET_data(&signature), - PACKET_remaining(&signature), tbs, tbslen); + PACKET_remaining(&signature), tbs, tbslen); OPENSSL_free(tbs); if (rv <= 0) { SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BAD_SIGNATURE); @@ -2588,13 +2592,13 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s, PACKET *pkt) } return MSG_PROCESS_CONTINUE_READING; - err: +err: EVP_MD_CTX_free(md_ctx); return MSG_PROCESS_ERROR; } MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s, - PACKET *pkt) + PACKET *pkt) { /* Clear certificate validity flags */ if (s->s3.tmp.valid_flags != NULL) @@ -2627,8 +2631,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s, s->pha_context = NULL; s->pha_context_len = 0; - if (!PACKET_get_length_prefixed_1(pkt, &reqctx) || - !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) { + if (!PACKET_get_length_prefixed_1(pkt, &reqctx) || !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); return MSG_PROCESS_ERROR; } @@ -2638,10 +2641,10 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s, return MSG_PROCESS_ERROR; } if (!tls_collect_extensions(s, &extensions, - SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, - &rawexts, NULL, 1) + SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, + &rawexts, NULL, 1) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, - rawexts, NULL, 0, 1)) { + rawexts, NULL, 0, 1)) { /* SSLfatal() already called */ OPENSSL_free(rawexts); return MSG_PROCESS_ERROR; @@ -2679,7 +2682,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s, */ if (!tls1_save_sigalgs(s, &sigalgs, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_SIGNATURE_ALGORITHMS_ERROR); + SSL_R_SIGNATURE_ALGORITHMS_ERROR); return MSG_PROCESS_ERROR; } if (!tls1_process_sigalgs(s)) { @@ -2719,7 +2722,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s, } MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s, - PACKET *pkt) + PACKET *pkt) { unsigned int ticklen; unsigned long ticket_lifetime_hint, age_add = 0; @@ -2737,7 +2740,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s, || !PACKET_get_length_prefixed_1(pkt, &nonce))) || !PACKET_get_net_2(pkt, &ticklen) || (SSL_CONNECTION_IS_TLS13(s) ? (ticklen == 0 - || PACKET_remaining(pkt) < ticklen) + || PACKET_remaining(pkt) < ticklen) : PACKET_remaining(pkt) != ticklen)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; @@ -2772,7 +2775,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s, } if ((s->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) != 0 - && !SSL_CONNECTION_IS_TLS13(s)) { + && !SSL_CONNECTION_IS_TLS13(s)) { /* * In TLSv1.2 and below the arrival of a new tickets signals that * any old ticket we were using is now out of date, so we remove the @@ -2810,17 +2813,17 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s, PACKET extpkt; if (!PACKET_as_length_prefixed_2(pkt, &extpkt) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } if (!tls_collect_extensions(s, &extpkt, - SSL_EXT_TLS1_3_NEW_SESSION_TICKET, &exts, - NULL, 1) - || !tls_parse_all_extensions(s, - SSL_EXT_TLS1_3_NEW_SESSION_TICKET, - exts, NULL, 0, 1)) { + SSL_EXT_TLS1_3_NEW_SESSION_TICKET, &exts, + NULL, 1) + || !tls_parse_all_extensions(s, + SSL_EXT_TLS1_3_NEW_SESSION_TICKET, + exts, NULL, 0, 1)) { /* SSLfatal() already called */ goto err; } @@ -2848,8 +2851,8 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s, * but s->session->session_id_length is a size_t */ if (!EVP_Digest(s->session->ext.tick, ticklen, - s->session->session_id, &sess_len, - sha256, NULL)) { + s->session->session_id, &sess_len, + sha256, NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -2863,7 +2866,9 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s, const EVP_MD *md = ssl_handshake_md(s); int hashleni = EVP_MD_get_size(md); size_t hashlen; - static const unsigned char nonce_label[] = "resumption"; + /* ASCII: "resumption", in hex for EBCDIC compatibility */ + static const unsigned char nonce_label[] = { 0x72, 0x65, 0x73, 0x75, 0x6D, + 0x70, 0x74, 0x69, 0x6F, 0x6E }; /* Ensure cast to size_t is safe */ if (!ossl_assert(hashleni > 0)) { @@ -2873,12 +2878,12 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s, hashlen = (size_t)hashleni; if (!tls13_hkdf_expand(s, md, s->resumption_master_secret, - nonce_label, - sizeof(nonce_label) - 1, - PACKET_data(&nonce), - PACKET_remaining(&nonce), - s->session->master_key, - hashlen, 1)) { + nonce_label, + sizeof(nonce_label), + PACKET_data(&nonce), + PACKET_remaining(&nonce), + s->session->master_key, + hashlen, 1)) { /* SSLfatal() already called */ goto err; } @@ -2890,7 +2895,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s, } return MSG_PROCESS_CONTINUE_READING; - err: +err: EVP_MD_free(sha256); OPENSSL_free(exts); return MSG_PROCESS_ERROR; @@ -2930,7 +2935,6 @@ int tls_process_cert_status_body(SSL_CONNECTION *s, PACKET *pkt) return 1; } - MSG_PROCESS_RETURN tls_process_cert_status(SSL_CONNECTION *s, PACKET *pkt) { if (!tls_process_cert_status_body(s, pkt)) { @@ -2966,18 +2970,18 @@ int tls_process_initial_server_flight(SSL_CONNECTION *s) * message, or NULL and -1 otherwise */ if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing - && sctx->ext.status_cb != NULL) { + && sctx->ext.status_cb != NULL) { int ret = sctx->ext.status_cb(SSL_CONNECTION_GET_USER_SSL(s), - sctx->ext.status_arg); + sctx->ext.status_arg); if (ret == 0) { SSLfatal(s, SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE, - SSL_R_INVALID_STATUS_RESPONSE); + SSL_R_INVALID_STATUS_RESPONSE); return 0; } if (ret < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_OCSP_CALLBACK_FAILURE); + SSL_R_OCSP_CALLBACK_FAILURE); return 0; } } @@ -3042,13 +3046,13 @@ static int tls_construct_cke_psk_preamble(SSL_CONNECTION *s, WPACKET *pkt) memset(identity, 0, sizeof(identity)); psklen = s->psk_client_callback(SSL_CONNECTION_GET_USER_SSL(s), - s->session->psk_identity_hint, - identity, sizeof(identity) - 1, - psk, sizeof(psk)); + s->session->psk_identity_hint, + identity, sizeof(identity) - 1, + psk, sizeof(psk)); if (psklen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_INTERNAL_ERROR); - psklen = PSK_MAX_PSK_LEN; /* Avoid overrunning the array on cleanse */ + psklen = PSK_MAX_PSK_LEN; /* Avoid overrunning the array on cleanse */ goto err; } else if (psklen == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_PSK_IDENTITY_NOT_FOUND); @@ -3076,14 +3080,14 @@ static int tls_construct_cke_psk_preamble(SSL_CONNECTION *s, WPACKET *pkt) s->session->psk_identity = tmpidentity; tmpidentity = NULL; - if (!WPACKET_sub_memcpy_u16(pkt, identity, identitylen)) { + if (!WPACKET_sub_memcpy_u16(pkt, identity, identitylen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } ret = 1; - err: +err: OPENSSL_cleanse(psk, psklen); OPENSSL_cleanse(identity, sizeof(identity)); OPENSSL_clear_free(tmppsk, psklen); @@ -3151,7 +3155,7 @@ static int tls_construct_cke_rsa(SSL_CONNECTION *s, WPACKET *pkt) goto err; } if (!WPACKET_allocate_bytes(pkt, enclen, &encdata) - || EVP_PKEY_encrypt(pctx, encdata, &enclen, pms, pmslen) <= 0) { + || EVP_PKEY_encrypt(pctx, encdata, &enclen, pms, pmslen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_RSA_ENCRYPT); goto err; } @@ -3174,7 +3178,7 @@ static int tls_construct_cke_rsa(SSL_CONNECTION *s, WPACKET *pkt) s->s3.tmp.pmslen = pmslen; return 1; - err: +err: OPENSSL_clear_free(pms, pmslen); EVP_PKEY_CTX_free(pctx); @@ -3238,7 +3242,7 @@ static int tls_construct_cke_dhe(SSL_CONNECTION *s, WPACKET *pkt) } ret = 1; - err: +err: OPENSSL_free(encoded_pub); EVP_PKEY_free(ckey); return ret; @@ -3282,7 +3286,7 @@ static int tls_construct_cke_ecdhe(SSL_CONNECTION *s, WPACKET *pkt) } ret = 1; - err: +err: OPENSSL_free(encodedPoint); EVP_PKEY_free(ckey); return ret; @@ -3311,13 +3315,13 @@ static int tls_construct_cke_gost(SSL_CONNECTION *s, WPACKET *pkt) */ if ((pkey = tls_get_peer_pkey(s)) == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); + SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); return 0; } pkey_ctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, - pkey, - sctx->propq); + pkey, + sctx->propq); if (pkey_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); return 0; @@ -3351,9 +3355,11 @@ static int tls_construct_cke_gost(SSL_CONNECTION *s, WPACKET *pkt) if (ukm_hash == NULL || EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0 || EVP_DigestUpdate(ukm_hash, s->s3.client_random, - SSL3_RANDOM_SIZE) <= 0 + SSL3_RANDOM_SIZE) + <= 0 || EVP_DigestUpdate(ukm_hash, s->s3.server_random, - SSL3_RANDOM_SIZE) <= 0 + SSL3_RANDOM_SIZE) + <= 0 || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -3361,7 +3367,8 @@ static int tls_construct_cke_gost(SSL_CONNECTION *s, WPACKET *pkt) EVP_MD_CTX_free(ukm_hash); ukm_hash = NULL; if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) <= 0) { + EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } @@ -3376,8 +3383,8 @@ static int tls_construct_cke_gost(SSL_CONNECTION *s, WPACKET *pkt) } if (!WPACKET_put_bytes_u8(pkt, V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) - || (msglen >= 0x80 && !WPACKET_put_bytes_u8(pkt, 0x81)) - || !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) { + || (msglen >= 0x80 && !WPACKET_put_bytes_u8(pkt, 0x81)) + || !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -3387,7 +3394,7 @@ static int tls_construct_cke_gost(SSL_CONNECTION *s, WPACKET *pkt) s->s3.tmp.pmslen = pmslen; return 1; - err: +err: EVP_PKEY_CTX_free(pkey_ctx); OPENSSL_clear_free(pms, pmslen); EVP_MD_CTX_free(ukm_hash); @@ -3415,7 +3422,7 @@ int ossl_gost_ukm(const SSL_CONNECTION *s, unsigned char *dgst_buf) unsigned int md_len; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); const EVP_MD *md = ssl_evp_md_fetch(sctx->libctx, NID_id_GostR3411_2012_256, - sctx->propq); + sctx->propq); if (md == NULL) return 0; @@ -3473,16 +3480,16 @@ static int tls_construct_cke_gost18(SSL_CONNECTION *s, WPACKET *pkt) goto err; } - /* Get server certificate PKEY and create ctx from it */ + /* Get server certificate PKEY and create ctx from it */ if ((pkey = tls_get_peer_pkey(s)) == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); + SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); goto err; } pkey_ctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, - pkey, - sctx->propq); + pkey, + sctx->propq); if (pkey_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; @@ -3495,13 +3502,15 @@ static int tls_construct_cke_gost18(SSL_CONNECTION *s, WPACKET *pkt) /* Reuse EVP_PKEY_CTRL_SET_IV, make choice in engine code */ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) <= 0) { + EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) <= 0) { + EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } @@ -3512,7 +3521,7 @@ static int tls_construct_cke_gost18(SSL_CONNECTION *s, WPACKET *pkt) } if (!WPACKET_allocate_bytes(pkt, msglen, &encdata) - || EVP_PKEY_encrypt(pkey_ctx, encdata, &msglen, pms, pmslen) <= 0) { + || EVP_PKEY_encrypt(pkey_ctx, encdata, &msglen, pms, pmslen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -3523,7 +3532,7 @@ static int tls_construct_cke_gost18(SSL_CONNECTION *s, WPACKET *pkt) s->s3.tmp.pmslen = pmslen; return 1; - err: +err: EVP_PKEY_CTX_free(pkey_ctx); OPENSSL_clear_free(pms, pmslen); return 0; @@ -3539,8 +3548,8 @@ static int tls_construct_cke_srp(SSL_CONNECTION *s, WPACKET *pkt) unsigned char *abytes = NULL; if (s->srp_ctx.A == NULL - || !WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(s->srp_ctx.A), - &abytes)) { + || !WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(s->srp_ctx.A), + &abytes)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -3561,7 +3570,7 @@ static int tls_construct_cke_srp(SSL_CONNECTION *s, WPACKET *pkt) } CON_FUNC_RETURN tls_construct_client_key_exchange(SSL_CONNECTION *s, - WPACKET *pkt) + WPACKET *pkt) { unsigned long alg_k; @@ -3599,7 +3608,7 @@ CON_FUNC_RETURN tls_construct_client_key_exchange(SSL_CONNECTION *s, } return CON_FUNC_SUCCESS; - err: +err: OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen); s->s3.tmp.pms = NULL; s->s3.tmp.pmslen = 0; @@ -3656,7 +3665,7 @@ int tls_client_key_exchange_post_work(SSL_CONNECTION *s) * used. */ memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, - sizeof(DTLS1_SCTP_AUTH_LABEL)); + sizeof(DTLS1_SCTP_AUTH_LABEL)); /* Don't include the terminating zero. */ labellen = sizeof(labelbuffer) - 1; @@ -3664,19 +3673,20 @@ int tls_client_key_exchange_post_work(SSL_CONNECTION *s) labellen += 1; if (SSL_export_keying_material(ssl, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - labellen, NULL, 0, 0) <= 0) { + sizeof(sctpauthkey), labelbuffer, + labellen, NULL, 0, 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); + sizeof(sctpauthkey), sctpauthkey); } #endif return 1; - err: +err: OPENSSL_clear_free(pms, pmslen); s->s3.tmp.pms = NULL; s->s3.tmp.pmslen = 0; @@ -3697,8 +3707,7 @@ static int ssl3_check_client_certificate(SSL_CONNECTION *s) * If strict mode check suitability of chain before using it. This also * adjusts suite B digest if necessary. */ - if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT && - !tls1_check_chain(s, NULL, NULL, NULL, -2)) + if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT && !tls1_check_chain(s, NULL, NULL, NULL, -2)) return 0; return 1; } @@ -3776,7 +3785,7 @@ WORK_STATE tls_prepare_client_certificate(SSL_CONNECTION *s, WORK_STATE wst) } if (!SSL_CONNECTION_IS_TLS13(s) - || (s->options & SSL_OP_NO_TX_CERTIFICATE_COMPRESSION) != 0) + || (s->options & SSL_OP_NO_TX_CERTIFICATE_COMPRESSION) != 0) s->ext.compress_certificate_from_peer[0] = TLSEXT_comp_cert_none; if (s->post_handshake_auth == SSL_PHA_REQUESTED) @@ -3790,7 +3799,7 @@ WORK_STATE tls_prepare_client_certificate(SSL_CONNECTION *s, WORK_STATE wst) } CON_FUNC_RETURN tls_construct_client_certificate(SSL_CONNECTION *s, - WPACKET *pkt) + WPACKET *pkt) { CERT_PKEY *cpk = NULL; SSL *ssl = SSL_CONNECTION_GET_SSL(s); @@ -3833,12 +3842,12 @@ CON_FUNC_RETURN tls_construct_client_certificate(SSL_CONNECTION *s, * moment. We need to do it now. */ if (SSL_CONNECTION_IS_TLS13(s) - && !SSL_IS_QUIC_HANDSHAKE(s) - && SSL_IS_FIRST_HANDSHAKE(s) - && (s->early_data_state != SSL_EARLY_DATA_NONE - || (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) - && (!ssl->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) { + && !SSL_IS_QUIC_HANDSHAKE(s) + && SSL_IS_FIRST_HANDSHAKE(s) + && (s->early_data_state != SSL_EARLY_DATA_NONE + || (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) + && (!ssl->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) { /* * This is a fatal error, which leaves enc_write_ctx in an inconsistent * state and thus ssl3_send_alert may crash. @@ -3852,7 +3861,7 @@ CON_FUNC_RETURN tls_construct_client_certificate(SSL_CONNECTION *s, #ifndef OPENSSL_NO_COMP_ALG CON_FUNC_RETURN tls_construct_client_compressed_certificate(SSL_CONNECTION *sc, - WPACKET *pkt) + WPACKET *pkt) { SSL *ssl = SSL_CONNECTION_GET_SSL(sc); WPACKET tmppkt; @@ -3885,8 +3894,8 @@ CON_FUNC_RETURN tls_construct_client_compressed_certificate(SSL_CONNECTION *sc, /* continue with the real |pkt| */ if (!WPACKET_put_bytes_u16(pkt, alg) - || !WPACKET_get_total_written(&tmppkt, &length) - || !WPACKET_put_bytes_u24(pkt, length)) + || !WPACKET_get_total_written(&tmppkt, &length) + || !WPACKET_put_bytes_u24(pkt, length)) goto err; switch (alg) { @@ -3905,17 +3914,17 @@ CON_FUNC_RETURN tls_construct_client_compressed_certificate(SSL_CONNECTION *sc, max_length = ossl_calculate_comp_expansion(alg, length); if ((comp = COMP_CTX_new(method)) == NULL - || !WPACKET_start_sub_packet_u24(pkt) - || !WPACKET_reserve_bytes(pkt, max_length, NULL)) + || !WPACKET_start_sub_packet_u24(pkt) + || !WPACKET_reserve_bytes(pkt, max_length, NULL)) goto err; comp_len = COMP_compress_block(comp, WPACKET_get_curr(pkt), max_length, - (unsigned char *)buf->data, length); + (unsigned char *)buf->data, length); if (comp_len <= 0) goto err; if (!WPACKET_allocate_bytes(pkt, comp_len, NULL) - || !WPACKET_close(pkt)) + || !WPACKET_close(pkt)) goto err; /* @@ -3924,11 +3933,11 @@ CON_FUNC_RETURN tls_construct_client_compressed_certificate(SSL_CONNECTION *sc, * moment. We need to do it now. */ if (SSL_IS_FIRST_HANDSHAKE(sc) - && !SSL_IS_QUIC_HANDSHAKE(sc) - && (sc->early_data_state != SSL_EARLY_DATA_NONE - || (sc->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) - && (!ssl->method->ssl3_enc->change_cipher_state(sc, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) { + && !SSL_IS_QUIC_HANDSHAKE(sc) + && (sc->early_data_state != SSL_EARLY_DATA_NONE + || (sc->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) + && (!ssl->method->ssl3_enc->change_cipher_state(sc, + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) { /* * This is a fatal error, which leaves sc->enc_write_ctx in an * inconsistent state and thus ssl3_send_alert may crash. @@ -3939,9 +3948,9 @@ CON_FUNC_RETURN tls_construct_client_compressed_certificate(SSL_CONNECTION *sc, ret = 1; goto out; - err: +err: SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - out: +out: if (buf != NULL) { /* If |buf| is NULL, then |tmppkt| could not have been initialized */ WPACKET_cleanup(&tmppkt); @@ -3978,7 +3987,7 @@ int ssl3_check_cert_and_algorithm(SSL_CONNECTION *s) if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && idx != SSL_PKEY_RSA) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_MISSING_RSA_ENCRYPTING_CERT); + SSL_R_MISSING_RSA_ENCRYPTING_CERT); return 0; } @@ -4011,7 +4020,7 @@ CON_FUNC_RETURN tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt) padding_len = 32 - ((len + 2) % 32); if (!WPACKET_sub_memcpy_u8(pkt, s->ext.npn, len) - || !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) { + || !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return CON_FUNC_ERROR; } @@ -4053,22 +4062,22 @@ MSG_PROCESS_RETURN tls_process_hello_req(SSL_CONNECTION *s, PACKET *pkt) } static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL_CONNECTION *s, - PACKET *pkt) + PACKET *pkt) { PACKET extensions; RAW_EXTENSION *rawexts = NULL; if (!PACKET_as_length_prefixed_2(pkt, &extensions) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } if (!tls_collect_extensions(s, &extensions, - SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, &rawexts, - NULL, 1) - || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, - rawexts, NULL, 0, 1)) { + SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, &rawexts, + NULL, 1) + || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + rawexts, NULL, 0, 1)) { /* SSLfatal() already called */ goto err; } @@ -4076,7 +4085,7 @@ static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL_CONNECTION *s, OPENSSL_free(rawexts); return MSG_PROCESS_CONTINUE_READING; - err: +err: OPENSSL_free(rawexts); return MSG_PROCESS_ERROR; } @@ -4099,14 +4108,14 @@ int ssl_do_client_cert_cb(SSL_CONNECTION *s, X509 **px509, EVP_PKEY **ppkey) } int ssl_cipher_list_to_bytes(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *sk, - WPACKET *pkt) + WPACKET *pkt) { int i; size_t totlen = 0, len, maxlen, maxverok = 0; int empty_reneg_info_scsv = !s->renegotiate - && !SSL_CONNECTION_IS_DTLS(s) - && ssl_security(s, SSL_SECOP_VERSION, 0, TLS1_VERSION, NULL) - && s->min_proto_version <= TLS1_VERSION; + && !SSL_CONNECTION_IS_DTLS(s) + && ssl_security(s, SSL_SECOP_VERSION, 0, TLS1_VERSION, NULL) + && s->min_proto_version <= TLS1_VERSION; SSL *ssl = SSL_CONNECTION_GET_SSL(s); /* Set disabled masks for this session */ @@ -4121,9 +4130,9 @@ int ssl_cipher_list_to_bytes(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *sk, } #ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH -# if OPENSSL_MAX_TLS1_2_CIPHER_LENGTH < 6 -# error Max cipher length too short -# endif +#if OPENSSL_MAX_TLS1_2_CIPHER_LENGTH < 6 +#error Max cipher length too short +#endif /* * Some servers hang if client hello > 256 bytes as hack workaround * chop number of supported ciphers to keep it well below this if we @@ -4160,7 +4169,7 @@ int ssl_cipher_list_to_bytes(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *sk, int maxproto = SSL_CONNECTION_IS_DTLS(s) ? c->max_dtls : c->max_tls; if (ssl_version_cmp(s, maxproto, s->s3.tmp.max_ver) >= 0 - && ssl_version_cmp(s, minproto, s->s3.tmp.max_ver) <= 0) + && ssl_version_cmp(s, minproto, s->s3.tmp.max_ver) <= 0) maxverok = 1; } @@ -4168,13 +4177,12 @@ int ssl_cipher_list_to_bytes(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *sk, } if (totlen == 0 || !maxverok) { - const char *maxvertext = - !maxverok + const char *maxvertext = !maxverok ? "No ciphers enabled for max supported SSL/TLS version" : NULL; SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_CIPHERS_AVAILABLE, - maxvertext); + maxvertext); return 0; } @@ -4205,7 +4213,7 @@ int ssl_cipher_list_to_bytes(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *sk, CON_FUNC_RETURN tls_construct_end_of_early_data(SSL_CONNECTION *s, WPACKET *pkt) { if (s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY - && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) { + && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return CON_FUNC_ERROR; } diff --git a/crypto/openssl/ssl/statem/statem_dtls.c b/crypto/openssl/ssl/statem/statem_dtls.c index 78baeed90319..f62b757721fc 100644 --- a/crypto/openssl/ssl/statem/statem_dtls.c +++ b/crypto/openssl/ssl/statem/statem_dtls.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,23 +19,34 @@ #define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) -#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \ - if ((end) - (start) <= 8) { \ - long ii; \ - for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ - } else { \ - long ii; \ - bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ - for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \ - bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ - } } - -#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \ - long ii; \ - is_complete = 1; \ - if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \ - if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ - if (bitmask[ii] != 0xff) { is_complete = 0; break; } } +#define RSMBLY_BITMASK_MARK(bitmask, start, end) \ + { \ + if ((end) - (start) <= 8) { \ + long ii; \ + for (ii = (start); ii < (end); ii++) \ + bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ + } else { \ + long ii; \ + bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ + for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) \ + bitmask[ii] = 0xff; \ + bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ + } \ + } + +#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) \ + { \ + long ii; \ + is_complete = 1; \ + if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) \ + is_complete = 0; \ + if (is_complete) \ + for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0; ii--) \ + if (bitmask[ii] != 0xff) { \ + is_complete = 0; \ + break; \ + } \ + } static const unsigned char bitmask_start_values[] = { 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 @@ -45,16 +56,16 @@ static const unsigned char bitmask_end_values[] = { }; static void dtls1_fix_message_header(SSL_CONNECTION *s, size_t frag_off, - size_t frag_len); + size_t frag_len); static unsigned char *dtls1_write_message_header(SSL_CONNECTION *s, - unsigned char *p); + unsigned char *p); static void dtls1_set_message_header_int(SSL_CONNECTION *s, unsigned char mt, - size_t len, - unsigned short seq_num, - size_t frag_off, - size_t frag_len); + size_t len, + unsigned short seq_num, + size_t frag_off, + size_t frag_len); static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, - size_t *len); + size_t *len); static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly) { @@ -123,8 +134,7 @@ int dtls1_do_write(SSL_CONNECTION *s, uint8_t type) return -1; if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) { - if (!ossl_assert(s->init_num == - s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH)) + if (!ossl_assert(s->init_num == s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH)) return -1; } @@ -223,19 +233,18 @@ int dtls1_do_write(SSL_CONNECTION *s, uint8_t type) */ if (s->msg_callback && s->init_off != 0) memcpy(saved_payload, &s->init_buf->data[s->init_off], - sizeof(saved_payload)); + sizeof(saved_payload)); dtls1_write_message_header(s, - (unsigned char *)&s->init_buf-> - data[s->init_off]); + (unsigned char *)&s->init_buf->data[s->init_off]); } ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len, - &written); + &written); if (type == SSL3_RT_HANDSHAKE && s->msg_callback && s->init_off != 0) memcpy(&s->init_buf->data[s->init_off], saved_payload, - sizeof(saved_payload)); + sizeof(saved_payload)); if (ret <= 0) { /* @@ -244,8 +253,7 @@ int dtls1_do_write(SSL_CONNECTION *s, uint8_t type) * retransmit anything. continue as if everything is fine and * wait for an alert to handle the retransmit */ - if (retry && BIO_ctrl(SSL_get_wbio(ssl), - BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) { + if (retry && BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) { if (!(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) { if (!dtls1_query_mtu(s)) return -1; @@ -273,15 +281,14 @@ int dtls1_do_write(SSL_CONNECTION *s, uint8_t type) * then the best thing to do is probably carry on regardless. */ assert(s->s3.tmp.new_compression != NULL - || BIO_wpending(s->wbio) <= (int)s->d1->mtu); + || BIO_wpending(s->wbio) <= (int)s->d1->mtu); if (type == SSL3_RT_HANDSHAKE && !s->d1->retransmitting) { /* * should not be done for 'Hello Request's, but in that case * we'll ignore the result anyway */ - unsigned char *p = - (unsigned char *)&s->init_buf->data[s->init_off]; + unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; size_t xlen; @@ -309,8 +316,8 @@ int dtls1_do_write(SSL_CONNECTION *s, uint8_t type) if (written == s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, - s->init_off + s->init_num, ussl, - s->msg_callback_arg); + s->init_off + s->init_num, ussl, + s->msg_callback_arg); s->init_off = 0; /* done writing this message */ s->init_num = 0; @@ -345,10 +352,10 @@ int dtls_get_message(SSL_CONNECTION *s, int *mt) msg_hdr = &s->d1->r_msg_hdr; memset(msg_hdr, 0, sizeof(*msg_hdr)); - again: +again: if (!dtls_get_reassembled_message(s, &errtype, &tmplen)) { if (errtype == DTLS1_HM_BAD_FRAGMENT - || errtype == DTLS1_HM_FRAGMENT_RETRY) { + || errtype == DTLS1_HM_FRAGMENT_RETRY) { /* bad fragment received */ goto again; } @@ -362,8 +369,8 @@ int dtls_get_message(SSL_CONNECTION *s, int *mt) if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) { if (s->msg_callback) { s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, - p, 1, SSL_CONNECTION_GET_USER_SSL(s), - s->msg_callback_arg); + p, 1, SSL_CONNECTION_GET_USER_SSL(s), + s->msg_callback_arg); } /* * This isn't a real handshake message so skip the processing below. @@ -422,10 +429,10 @@ int dtls_get_message_body(SSL_CONNECTION *s, size_t *len) if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - s->init_buf->data, s->init_num + DTLS1_HM_HEADER_LENGTH, - SSL_CONNECTION_GET_USER_SSL(s), s->msg_callback_arg); + s->init_buf->data, s->init_num + DTLS1_HM_HEADER_LENGTH, + SSL_CONNECTION_GET_USER_SSL(s), s->msg_callback_arg); - end: +end: *len = s->init_num; return 1; } @@ -444,7 +451,7 @@ static size_t dtls1_max_handshake_message_len(const SSL_CONNECTION *s) } static int dtls1_preprocess_fragment(SSL_CONNECTION *s, - struct hm_header_st *msg_hdr) + struct hm_header_st *msg_hdr) { size_t frag_off, frag_len, msg_len; @@ -454,7 +461,7 @@ static int dtls1_preprocess_fragment(SSL_CONNECTION *s, /* sanity checking */ if ((frag_off + frag_len) > msg_len - || msg_len > dtls1_max_handshake_message_len(s)) { + || msg_len > dtls1_max_handshake_message_len(s)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_EXCESSIVE_MESSAGE_SIZE); return 0; } @@ -517,9 +524,9 @@ static int dtls1_retrieve_buffered_fragment(SSL_CONNECTION *s, size_t *len) hm_fragment *nextfrag; if (!s->server - || frag->msg_header.seq != 0 - || s->d1->handshake_read_seq != 1 - || s->statem.hand_state != DTLS_ST_SW_HELLO_VERIFY_REQUEST) { + || frag->msg_header.seq != 0 + || s->d1->handshake_read_seq != 1 + || s->statem.hand_state != DTLS_ST_SW_HELLO_VERIFY_REQUEST) { /* * This is a stale message that has been buffered so clear it. * It is safe to pop this message from the queue even though @@ -542,9 +549,9 @@ static int dtls1_retrieve_buffered_fragment(SSL_CONNECTION *s, size_t *len) nextfrag = (hm_fragment *)next->data; if (nextfrag->msg_header.seq == s->d1->handshake_read_seq) { /* - * We have fragments for both a ClientHello without - * cookie and one with. Ditch the one without. - */ + * We have fragments for both a ClientHello without + * cookie and one with. Ditch the one without. + */ pqueue_pop(s->d1->buffered_messages); dtls1_hm_fragment_free(frag); pitem_free(item); @@ -572,10 +579,9 @@ static int dtls1_retrieve_buffered_fragment(SSL_CONNECTION *s, size_t *len) ret = dtls1_preprocess_fragment(s, &frag->msg_header); if (ret && frag->msg_header.frag_len > 0) { - unsigned char *p = - (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; memcpy(&p[frag->msg_header.frag_off], frag->fragment, - frag->msg_header.frag_len); + frag->msg_header.frag_len); } dtls1_hm_fragment_free(frag); @@ -605,7 +611,7 @@ static int dtls1_retrieve_buffered_fragment(SSL_CONNECTION *s, size_t *len) } static int dtls1_reassemble_fragment(SSL_CONNECTION *s, - const struct hm_header_st *msg_hdr) + const struct hm_header_st *msg_hdr) { hm_fragment *frag = NULL; pitem *item = NULL; @@ -615,8 +621,7 @@ static int dtls1_reassemble_fragment(SSL_CONNECTION *s, size_t readbytes; SSL *ssl = SSL_CONNECTION_GET_SSL(s); - if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || - msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) + if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) goto err; if (frag_len == 0) { @@ -655,10 +660,8 @@ static int dtls1_reassemble_fragment(SSL_CONNECTION *s, while (frag_len) { i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL, - devnull, - frag_len > - sizeof(devnull) ? sizeof(devnull) : - frag_len, 0, &readbytes); + devnull, + frag_len > sizeof(devnull) ? sizeof(devnull) : frag_len, 0, &readbytes); if (i <= 0) goto err; frag_len -= readbytes; @@ -668,20 +671,20 @@ static int dtls1_reassemble_fragment(SSL_CONNECTION *s, /* read the body of the fragment (header has already been read */ i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL, - frag->fragment + msg_hdr->frag_off, - frag_len, 0, &readbytes); + frag->fragment + msg_hdr->frag_off, + frag_len, 0, &readbytes); if (i <= 0 || readbytes != frag_len) i = -1; if (i <= 0) goto err; RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, - (long)(msg_hdr->frag_off + frag_len)); + (long)(msg_hdr->frag_off + frag_len)); if (!ossl_assert(msg_hdr->msg_len > 0)) goto err; RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, - is_complete); + is_complete); if (is_complete) { OPENSSL_free(frag->reassembly); @@ -708,14 +711,14 @@ static int dtls1_reassemble_fragment(SSL_CONNECTION *s, return DTLS1_HM_FRAGMENT_RETRY; - err: +err: if (item == NULL) dtls1_hm_fragment_free(frag); return -1; } static int dtls1_process_out_of_seq_message(SSL_CONNECTION *s, - const struct hm_header_st *msg_hdr) + const struct hm_header_st *msg_hdr) { int i = -1; hm_fragment *frag = NULL; @@ -746,17 +749,13 @@ static int dtls1_process_out_of_seq_message(SSL_CONNECTION *s, * in the future, already in the queue or if we received a FINISHED * before the SERVER_HELLO, which then must be a stale retransmit. */ - if (msg_hdr->seq <= s->d1->handshake_read_seq || - msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || - (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { + if (msg_hdr->seq <= s->d1->handshake_read_seq || msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { unsigned char devnull[256]; while (frag_len) { i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL, - devnull, - frag_len > - sizeof(devnull) ? sizeof(devnull) : - frag_len, 0, &readbytes); + devnull, + frag_len > sizeof(devnull) ? sizeof(devnull) : frag_len, 0, &readbytes); if (i <= 0) goto err; frag_len -= readbytes; @@ -780,9 +779,9 @@ static int dtls1_process_out_of_seq_message(SSL_CONNECTION *s, * read the body of the fragment (header has already been read */ i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL, - frag->fragment, frag_len, 0, - &readbytes); - if (i<=0 || readbytes != frag_len) + frag->fragment, frag_len, 0, + &readbytes); + if (i <= 0 || readbytes != frag_len) i = -1; if (i <= 0) goto err; @@ -807,14 +806,14 @@ static int dtls1_process_out_of_seq_message(SSL_CONNECTION *s, return DTLS1_HM_FRAGMENT_RETRY; - err: +err: if (item == NULL) dtls1_hm_fragment_free(frag); return 0; } static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, - size_t *len) + size_t *len) { size_t mlen, frag_off, frag_len; int i, ret; @@ -830,7 +829,7 @@ static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, p = (unsigned char *)s->init_buf->data; - redo: +redo: /* see if we have the required fragment already */ ret = dtls1_retrieve_buffered_fragment(s, &frag_len); if (ret < 0) { @@ -845,8 +844,8 @@ static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, /* read handshake message header */ i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, &recvd_type, p, - DTLS1_HM_HEADER_LENGTH, 0, &readbytes); - if (i <= 0) { /* nbio, or an error */ + DTLS1_HM_HEADER_LENGTH, 0, &readbytes); + if (i <= 0) { /* nbio, or an error */ s->rwstate = SSL_READING; *len = 0; return 0; @@ -854,7 +853,7 @@ static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) { if (p[0] != SSL3_MT_CCS) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_BAD_CHANGE_CIPHER_SPEC); + SSL_R_BAD_CHANGE_CIPHER_SPEC); goto f_err; } @@ -896,10 +895,10 @@ static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, */ if (msg_hdr.seq != s->d1->handshake_read_seq) { if (!s->server - || msg_hdr.seq != 0 - || s->d1->handshake_read_seq != 1 - || p[0] != SSL3_MT_CLIENT_HELLO - || s->statem.hand_state != DTLS_ST_SW_HELLO_VERIFY_REQUEST) { + || msg_hdr.seq != 0 + || s->d1->handshake_read_seq != 1 + || p[0] != SSL3_MT_CLIENT_HELLO + || s->statem.hand_state != DTLS_ST_SW_HELLO_VERIFY_REQUEST) { *errtype = dtls1_process_out_of_seq_message(s, &msg_hdr); return 0; } @@ -917,9 +916,9 @@ static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, } if (!s->server - && s->d1->r_msg_hdr.frag_off == 0 - && s->statem.hand_state != TLS_ST_OK - && p[0] == SSL3_MT_HELLO_REQUEST) { + && s->d1->r_msg_hdr.frag_off == 0 + && s->statem.hand_state != TLS_ST_OK + && p[0] == SSL3_MT_HELLO_REQUEST) { /* * The server may always send 'Hello Request' messages -- we are * doing a handshake anyway now, so ignore them if their format is @@ -928,12 +927,12 @@ static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, if (p[1] == 0 && p[2] == 0 && p[3] == 0) { if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - p, DTLS1_HM_HEADER_LENGTH, ussl, - s->msg_callback_arg); + p, DTLS1_HM_HEADER_LENGTH, ussl, + s->msg_callback_arg); s->init_num = 0; goto redo; - } else { /* Incorrectly formatted Hello request */ + } else { /* Incorrectly formatted Hello request */ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto f_err; @@ -946,10 +945,11 @@ static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, } if (frag_len > 0) { - p += DTLS1_HM_HEADER_LENGTH; + /* dtls1_preprocess_fragment() above could reallocate init_buf */ + p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL, - &p[frag_off], frag_len, 0, &readbytes); + &p[frag_off], frag_len, 0, &readbytes); /* * This shouldn't ever fail due to NBIO because we already checked @@ -993,7 +993,7 @@ static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, *len = s->init_num = frag_len; return 1; - f_err: +f_err: s->init_num = 0; *len = 0; return 0; @@ -1006,7 +1006,7 @@ static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, * ssl->session->read_hash assign */ CON_FUNC_RETURN dtls_construct_change_cipher_spec(SSL_CONNECTION *s, - WPACKET *pkt) + WPACKET *pkt) { if (s->version == DTLS1_BAD_VER) { s->d1->next_handshake_write_seq++; @@ -1113,10 +1113,7 @@ int dtls1_retransmit_buffered_messages(SSL_CONNECTION *s) for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) { frag = (hm_fragment *)item->data; - if (dtls1_retransmit_message(s, (unsigned short) - dtls1_get_queue_priority - (frag->msg_header.seq, - frag->msg_header.is_ccs), &found) <= 0) + if (dtls1_retransmit_message(s, (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs), &found) <= 0) return -1; } @@ -1144,16 +1141,13 @@ int dtls1_buffer_message(SSL_CONNECTION *s, int is_ccs) if (is_ccs) { /* For DTLS1_BAD_VER the header length is non-standard */ - if (!ossl_assert(s->d1->w_msg_hdr.msg_len + - ((s->version == - DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH) - == (unsigned int)s->init_num)) { + if (!ossl_assert(s->d1->w_msg_hdr.msg_len + ((s->version == DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH) + == (unsigned int)s->init_num)) { dtls1_hm_fragment_free(frag); return 0; } } else { - if (!ossl_assert(s->d1->w_msg_hdr.msg_len + - DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num)) { + if (!ossl_assert(s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num)) { dtls1_hm_fragment_free(frag); return 0; } @@ -1170,16 +1164,12 @@ int dtls1_buffer_message(SSL_CONNECTION *s, int is_ccs) frag->msg_header.saved_retransmit_state.wrlmethod = s->rlayer.wrlmethod; frag->msg_header.saved_retransmit_state.wrl = s->rlayer.wrl; - memset(seq64be, 0, sizeof(seq64be)); - seq64be[6] = - (unsigned - char)(dtls1_get_queue_priority(frag->msg_header.seq, - frag->msg_header.is_ccs) >> 8); - seq64be[7] = - (unsigned - char)(dtls1_get_queue_priority(frag->msg_header.seq, - frag->msg_header.is_ccs)); + seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, + frag->msg_header.is_ccs) + >> 8); + seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, + frag->msg_header.is_ccs)); item = pitem_new(seq64be, frag); if (item == NULL) { @@ -1187,7 +1177,11 @@ int dtls1_buffer_message(SSL_CONNECTION *s, int is_ccs) return 0; } - pqueue_insert(s->d1->sent_messages, item); + if (pqueue_insert(s->d1->sent_messages, item) == NULL) { + dtls1_hm_fragment_free(frag); + pitem_free(item); + return 0; + } return 1; } @@ -1222,13 +1216,13 @@ int dtls1_retransmit_message(SSL_CONNECTION *s, unsigned short seq, int *found) header_length = DTLS1_HM_HEADER_LENGTH; memcpy(s->init_buf->data, frag->fragment, - frag->msg_header.msg_len + header_length); + frag->msg_header.msg_len + header_length); s->init_num = frag->msg_header.msg_len + header_length; dtls1_set_message_header_int(s, frag->msg_header.type, - frag->msg_header.msg_len, - frag->msg_header.seq, 0, - frag->msg_header.frag_len); + frag->msg_header.msg_len, + frag->msg_header.seq, 0, + frag->msg_header.frag_len); /* save current state */ saved_state.wrlmethod = s->rlayer.wrlmethod; @@ -1246,8 +1240,7 @@ int dtls1_retransmit_message(SSL_CONNECTION *s, unsigned short seq, int *found) */ s->rlayer.wrlmethod->set1_bio(s->rlayer.wrl, s->wbio); - ret = dtls1_do_write(s, frag->msg_header.is_ccs ? - SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); + ret = dtls1_do_write(s, frag->msg_header.is_ccs ? SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); /* restore current state */ s->rlayer.wrlmethod = saved_state.wrlmethod; @@ -1260,8 +1253,8 @@ int dtls1_retransmit_message(SSL_CONNECTION *s, unsigned short seq, int *found) } void dtls1_set_message_header(SSL_CONNECTION *s, - unsigned char mt, size_t len, - size_t frag_off, size_t frag_len) + unsigned char mt, size_t len, + size_t frag_off, size_t frag_len) { if (frag_off == 0) { s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; @@ -1269,14 +1262,14 @@ void dtls1_set_message_header(SSL_CONNECTION *s, } dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, - frag_off, frag_len); + frag_off, frag_len); } /* don't actually do the writing, wait till the MTU has been retrieved */ static void dtls1_set_message_header_int(SSL_CONNECTION *s, unsigned char mt, - size_t len, unsigned short seq_num, - size_t frag_off, size_t frag_len) + size_t len, unsigned short seq_num, + size_t frag_off, size_t frag_len) { struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; @@ -1297,7 +1290,7 @@ dtls1_fix_message_header(SSL_CONNECTION *s, size_t frag_off, size_t frag_len) } static unsigned char *dtls1_write_message_header(SSL_CONNECTION *s, - unsigned char *p) + unsigned char *p) { struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; @@ -1311,8 +1304,7 @@ static unsigned char *dtls1_write_message_header(SSL_CONNECTION *s, return p; } -void dtls1_get_message_header(const unsigned char *data, struct - hm_header_st *msg_hdr) +void dtls1_get_message_header(const unsigned char *data, struct hm_header_st *msg_hdr) { memset(msg_hdr, 0, sizeof(*msg_hdr)); msg_hdr->type = *(data++); @@ -1330,7 +1322,7 @@ int dtls1_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype) if (htype == SSL3_MT_CHANGE_CIPHER_SPEC) { s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, - s->d1->handshake_write_seq, 0, 0); + s->d1->handshake_write_seq, 0, 0); if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) return 0; } else { @@ -1340,7 +1332,7 @@ int dtls1_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype) * filled in later */ if (!WPACKET_allocate_bytes(pkt, DTLS1_HM_HEADER_LENGTH, &header) - || !WPACKET_start_sub_packet(pkt)) + || !WPACKET_start_sub_packet(pkt)) return 0; } @@ -1352,8 +1344,8 @@ int dtls1_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype) size_t msglen; if ((htype != SSL3_MT_CHANGE_CIPHER_SPEC && !WPACKET_close(pkt)) - || !WPACKET_get_length(pkt, &msglen) - || msglen > INT_MAX) + || !WPACKET_get_length(pkt, &msglen) + || msglen > INT_MAX) return 0; if (htype != SSL3_MT_CHANGE_CIPHER_SPEC) { @@ -1365,8 +1357,7 @@ int dtls1_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype) if (htype != DTLS1_MT_HELLO_VERIFY_REQUEST) { /* Buffer the message to handle re-xmits */ - if (!dtls1_buffer_message(s, htype == SSL3_MT_CHANGE_CIPHER_SPEC - ? 1 : 0)) + if (!dtls1_buffer_message(s, htype == SSL3_MT_CHANGE_CIPHER_SPEC ? 1 : 0)) return 0; } diff --git a/crypto/openssl/ssl/statem/statem_lib.c b/crypto/openssl/ssl/statem/statem_lib.c index 1e11d077f9e0..aa9d196780eb 100644 --- a/crypto/openssl/ssl/statem/statem_lib.c +++ b/crypto/openssl/ssl/statem/statem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -39,9 +39,9 @@ const unsigned char hrrrandom[] = { }; int ossl_statem_set_mutator(SSL *s, - ossl_statem_mutate_handshake_cb mutate_handshake_cb, - ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb, - void *mutatearg) + ossl_statem_mutate_handshake_cb mutate_handshake_cb, + ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb, + void *mutatearg) { SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); @@ -71,19 +71,19 @@ int ssl3_do_write(SSL_CONNECTION *s, uint8_t type) * we've been asked to write. Does not happen in normal operation. */ if (s->statem.mutate_handshake_cb != NULL - && !s->statem.write_in_progress - && type == SSL3_RT_HANDSHAKE - && s->init_num >= SSL3_HM_HEADER_LENGTH) { + && !s->statem.write_in_progress + && type == SSL3_RT_HANDSHAKE + && s->init_num >= SSL3_HM_HEADER_LENGTH) { unsigned char *msg; size_t msglen; if (!s->statem.mutate_handshake_cb((unsigned char *)s->init_buf->data, - s->init_num, - &msg, &msglen, - s->statem.mutatearg)) + s->init_num, + &msg, &msglen, + s->statem.mutatearg)) return -1; if (msglen < SSL3_HM_HEADER_LENGTH - || !BUF_MEM_grow(s->init_buf, msglen)) + || !BUF_MEM_grow(s->init_buf, msglen)) return -1; memcpy(s->init_buf->data, msg, msglen); s->init_num = msglen; @@ -93,7 +93,7 @@ int ssl3_do_write(SSL_CONNECTION *s, uint8_t type) } ret = ssl3_write_bytes(ssl, type, &s->init_buf->data[s->init_off], - s->init_num, &written); + s->init_num, &written); if (ret <= 0) return -1; if (type == SSL3_RT_HANDSHAKE) @@ -104,18 +104,18 @@ int ssl3_do_write(SSL_CONNECTION *s, uint8_t type) */ if (!SSL_CONNECTION_IS_TLS13(s) || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET - && s->statem.hand_state != TLS_ST_CW_KEY_UPDATE - && s->statem.hand_state != TLS_ST_SW_KEY_UPDATE)) + && s->statem.hand_state != TLS_ST_CW_KEY_UPDATE + && s->statem.hand_state != TLS_ST_SW_KEY_UPDATE)) if (!ssl3_finish_mac(s, - (unsigned char *)&s->init_buf->data[s->init_off], - written)) + (unsigned char *)&s->init_buf->data[s->init_off], + written)) return -1; if (written == s->init_num) { s->statem.write_in_progress = 0; if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, - (size_t)(s->init_off + s->init_num), ussl, - s->msg_callback_arg); + (size_t)(s->init_off + s->init_num), ussl, + s->msg_callback_arg); return 1; } s->init_off += written; @@ -128,8 +128,8 @@ int tls_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype) size_t msglen; if ((htype != SSL3_MT_CHANGE_CIPHER_SPEC && !WPACKET_close(pkt)) - || !WPACKET_get_length(pkt, &msglen) - || msglen > INT_MAX) + || !WPACKET_get_length(pkt, &msglen) + || msglen > INT_MAX) return 0; s->init_num = (int)msglen; s->init_off = 0; @@ -160,26 +160,26 @@ int tls_setup_handshake(SSL_CONNECTION *s) if (sctx->ssl_digest_methods[SSL_MD_MD5_SHA1_IDX] == NULL) { int negotiated_minversion; int md5sha1_needed_maxversion = SSL_CONNECTION_IS_DTLS(s) - ? DTLS1_VERSION : TLS1_1_VERSION; + ? DTLS1_VERSION + : TLS1_1_VERSION; /* We don't have MD5-SHA1 - do we need it? */ if (ssl_version_cmp(s, ver_max, md5sha1_needed_maxversion) <= 0) { SSLfatal_data(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SUITABLE_DIGEST_ALGORITHM, - "The max supported SSL/TLS version needs the" - " MD5-SHA1 digest but it is not available" - " in the loaded providers. Use (D)TLSv1.2 or" - " above, or load different providers"); + SSL_R_NO_SUITABLE_DIGEST_ALGORITHM, + "The max supported SSL/TLS version needs the" + " MD5-SHA1 digest but it is not available" + " in the loaded providers. Use (D)TLSv1.2 or" + " above, or load different providers"); return 0; } ok = 1; /* Don't allow TLSv1.1 or below to be negotiated */ - negotiated_minversion = SSL_CONNECTION_IS_DTLS(s) ? - DTLS1_2_VERSION : TLS1_2_VERSION; + negotiated_minversion = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_2_VERSION : TLS1_2_VERSION; if (ssl_version_cmp(s, ver_min, negotiated_minversion) < 0) - ok = SSL_set_min_proto_version(ssl, negotiated_minversion); + ok = SSL_set_min_proto_version(ssl, negotiated_minversion); if (!ok) { /* Shouldn't happen */ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_INTERNAL_ERROR); @@ -200,21 +200,23 @@ int tls_setup_handshake(SSL_CONNECTION *s) for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i); int cipher_minprotover = SSL_CONNECTION_IS_DTLS(s) - ? c->min_dtls : c->min_tls; + ? c->min_dtls + : c->min_tls; int cipher_maxprotover = SSL_CONNECTION_IS_DTLS(s) - ? c->max_dtls : c->max_tls; + ? c->max_dtls + : c->max_tls; if (ssl_version_cmp(s, ver_max, cipher_minprotover) >= 0 - && ssl_version_cmp(s, ver_max, cipher_maxprotover) <= 0) { + && ssl_version_cmp(s, ver_max, cipher_maxprotover) <= 0) { ok = 1; break; } } if (!ok) { SSLfatal_data(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_CIPHERS_AVAILABLE, - "No ciphers enabled for max supported " - "SSL/TLS version"); + SSL_R_NO_CIPHERS_AVAILABLE, + "No ciphers enabled for max supported " + "SSL/TLS version"); return 0; } if (SSL_IS_FIRST_HANDSHAKE(s)) { @@ -231,7 +233,7 @@ int tls_setup_handshake(SSL_CONNECTION *s) ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_connect); else ssl_tsan_counter(s->session_ctx, - &s->session_ctx->stats.sess_connect_renegotiate); + &s->session_ctx->stats.sess_connect_renegotiate); /* mark client_random uninitialized */ memset(s->s3.client_random, 0, sizeof(s->s3.client_random)); @@ -250,18 +252,18 @@ int tls_setup_handshake(SSL_CONNECTION *s) * Size of the to-be-signed TLS13 data, without the hash size itself: * 64 bytes of value 32, 33 context bytes, 1 byte separator */ -#define TLS13_TBS_START_SIZE 64 -#define TLS13_TBS_PREAMBLE_SIZE (TLS13_TBS_START_SIZE + 33 + 1) +#define TLS13_TBS_START_SIZE 64 +#define TLS13_TBS_PREAMBLE_SIZE (TLS13_TBS_START_SIZE + 33 + 1) static int get_cert_verify_tbs_data(SSL_CONNECTION *s, unsigned char *tls13tbs, - void **hdata, size_t *hdatalen) + void **hdata, size_t *hdatalen) { /* ASCII: "TLS 1.3, server CertificateVerify", in hex for EBCDIC compatibility */ static const char servercontext[] = "\x54\x4c\x53\x20\x31\x2e\x33\x2c\x20\x73\x65\x72" - "\x76\x65\x72\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x56\x65\x72\x69\x66\x79"; + "\x76\x65\x72\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x56\x65\x72\x69\x66\x79"; /* ASCII: "TLS 1.3, client CertificateVerify", in hex for EBCDIC compatibility */ static const char clientcontext[] = "\x54\x4c\x53\x20\x31\x2e\x33\x2c\x20\x63\x6c\x69" - "\x65\x6e\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x56\x65\x72\x69\x66\x79"; + "\x65\x6e\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x56\x65\x72\x69\x66\x79"; if (SSL_CONNECTION_IS_TLS13(s)) { size_t hashlen; @@ -270,7 +272,7 @@ static int get_cert_verify_tbs_data(SSL_CONNECTION *s, unsigned char *tls13tbs, memset(tls13tbs, 32, TLS13_TBS_START_SIZE); /* This copies the 33 bytes of context plus the 0 separator byte */ if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY - || s->statem.hand_state == TLS_ST_SW_CERT_VRFY) + || s->statem.hand_state == TLS_ST_SW_CERT_VRFY) strcpy((char *)tls13tbs + TLS13_TBS_START_SIZE, servercontext); else strcpy((char *)tls13tbs + TLS13_TBS_START_SIZE, clientcontext); @@ -281,12 +283,12 @@ static int get_cert_verify_tbs_data(SSL_CONNECTION *s, unsigned char *tls13tbs, * that includes the CertVerify itself. */ if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY - || s->statem.hand_state == TLS_ST_SR_CERT_VRFY) { + || s->statem.hand_state == TLS_ST_SR_CERT_VRFY) { memcpy(tls13tbs + TLS13_TBS_PREAMBLE_SIZE, s->cert_verify_hash, - s->cert_verify_hash_len); + s->cert_verify_hash_len); hashlen = s->cert_verify_hash_len; } else if (!ssl_handshake_hash(s, tls13tbs + TLS13_TBS_PREAMBLE_SIZE, - EVP_MAX_MD_SIZE, &hashlen)) { + EVP_MAX_MD_SIZE, &hashlen)) { /* SSLfatal() already called */ return 0; } @@ -350,9 +352,10 @@ CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt) } if (EVP_DigestSignInit_ex(mctx, &pctx, - md == NULL ? NULL : EVP_MD_get0_name(md), - sctx->libctx, sctx->propq, pkey, - NULL) <= 0) { + md == NULL ? NULL : EVP_MD_get0_name(md), + sctx->libctx, sctx->propq, pkey, + NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -360,7 +363,8 @@ CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt) if (lu->sig == EVP_PKEY_RSA_PSS) { if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, - RSA_PSS_SALTLEN_DIGEST) <= 0) { + RSA_PSS_SALTLEN_DIGEST) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -372,8 +376,9 @@ CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt) */ if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0 || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, - (int)s->session->master_key_length, - s->session->master_key) <= 0 + (int)s->session->master_key_length, + s->session->master_key) + <= 0 || EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); @@ -381,7 +386,7 @@ CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt) } sig = OPENSSL_malloc(siglen); if (sig == NULL - || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) { + || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -396,7 +401,7 @@ CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt) } sig = OPENSSL_malloc(siglen); if (sig == NULL - || EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) { + || EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -427,7 +432,7 @@ CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt) OPENSSL_free(sig); EVP_MD_CTX_free(mctx); return CON_FUNC_SUCCESS; - err: +err: OPENSSL_free(sig); EVP_MD_CTX_free(mctx); return CON_FUNC_ERROR; @@ -464,7 +469,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt) if (ssl_cert_lookup_by_pkey(pkey, NULL, sctx) == NULL) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); + SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); goto err; } @@ -480,9 +485,9 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt) goto err; } } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED); - goto err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED); + goto err; } if (!tls1_lookup_md(sctx, s->s3.tmp.peer_sigalg, &md)) { @@ -492,7 +497,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt) if (SSL_USE_SIGALGS(s)) OSSL_TRACE1(TLS, "USING TLSv1.2 HASH %s\n", - md == NULL ? "n/a" : EVP_MD_get0_name(md)); + md == NULL ? "n/a" : EVP_MD_get0_name(md)); /* Check for broken implementations of GOST ciphersuites */ /* @@ -502,14 +507,14 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt) #ifndef OPENSSL_NO_GOST if (!SSL_USE_SIGALGS(s) && ((PACKET_remaining(pkt) == 64 - && (EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2001 - || EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_256)) + && (EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2001 + || EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_256)) || (PACKET_remaining(pkt) == 128 && EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_512))) { len = PACKET_remaining(pkt); } else #endif - if (!PACKET_get_net_2(pkt, &len)) { + if (!PACKET_get_net_2(pkt, &len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } @@ -529,12 +534,13 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt) } OSSL_TRACE1(TLS, "Using client verify alg %s\n", - md == NULL ? "n/a" : EVP_MD_get0_name(md)); + md == NULL ? "n/a" : EVP_MD_get0_name(md)); if (EVP_DigestVerifyInit_ex(mctx, &pctx, - md == NULL ? NULL : EVP_MD_get0_name(md), - sctx->libctx, sctx->propq, pkey, - NULL) <= 0) { + md == NULL ? NULL : EVP_MD_get0_name(md), + sctx->libctx, sctx->propq, pkey, + NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -555,16 +561,18 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt) if (SSL_USE_PSS(s)) { if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, - RSA_PSS_SALTLEN_DIGEST) <= 0) { + RSA_PSS_SALTLEN_DIGEST) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } } if (s->version == SSL3_VERSION) { if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0 - || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, - (int)s->session->master_key_length, - s->session->master_key) <= 0) { + || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, + (int)s->session->master_key_length, + s->session->master_key) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -597,7 +605,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt) ret = MSG_PROCESS_CONTINUE_PROCESSING; else ret = MSG_PROCESS_CONTINUE_READING; - err: +err: BIO_free(s->s3.handshake_buffer); s->s3.handshake_buffer = NULL; EVP_MD_CTX_free(mctx); @@ -625,13 +633,14 @@ CON_FUNC_RETURN tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt) * then we need to do it now. */ if (SSL_CONNECTION_IS_TLS13(s) - && !s->server - && !SSL_IS_QUIC_HANDSHAKE(s) - && (s->early_data_state != SSL_EARLY_DATA_NONE - || (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) - && s->s3.tmp.cert_req == 0 - && (!ssl->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {; + && !s->server + && !SSL_IS_QUIC_HANDSHAKE(s) + && (s->early_data_state != SSL_EARLY_DATA_NONE + || (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) + && s->s3.tmp.cert_req == 0 + && (!ssl->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) { + ; /* SSLfatal() already called */ return CON_FUNC_ERROR; } @@ -645,8 +654,8 @@ CON_FUNC_RETURN tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt) } finish_md_len = ssl->method->ssl3_enc->final_finish_mac(s, - sender, slen, - s->s3.tmp.finish_md); + sender, slen, + s->s3.tmp.finish_md); if (finish_md_len == 0) { /* SSLfatal() already called */ return CON_FUNC_ERROR; @@ -665,7 +674,7 @@ CON_FUNC_RETURN tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt) */ if (!SSL_CONNECTION_IS_TLS13(s) && !ssl_log_secret(s, MASTER_SECRET_LABEL, s->session->master_key, - s->session->master_key_length)) { + s->session->master_key_length)) { /* SSLfatal() already called */ return CON_FUNC_ERROR; } @@ -679,11 +688,11 @@ CON_FUNC_RETURN tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt) } if (!s->server) { memcpy(s->s3.previous_client_finished, s->s3.tmp.finish_md, - finish_md_len); + finish_md_len); s->s3.previous_client_finished_len = finish_md_len; } else { memcpy(s->s3.previous_server_finished, s->s3.tmp.finish_md, - finish_md_len); + finish_md_len); s->s3.previous_server_finished_len = finish_md_len; } @@ -715,7 +724,7 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s, PACKET *pkt) } if (!PACKET_get_1(pkt, &updatetype) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_KEY_UPDATE); return MSG_PROCESS_ERROR; } @@ -725,7 +734,7 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s, PACKET *pkt) * didn't recognise. */ if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED - && updatetype != SSL_KEY_UPDATE_REQUESTED) { + && updatetype != SSL_KEY_UPDATE_REQUESTED) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_UPDATE); return MSG_PROCESS_ERROR; } @@ -764,9 +773,8 @@ int ssl3_take_mac(SSL_CONNECTION *s) slen = ssl->method->ssl3_enc->client_finished_label_len; } - s->s3.tmp.peer_finish_md_len = - ssl->method->ssl3_enc->final_finish_mac(s, sender, slen, - s->s3.tmp.peer_finish_md); + s->s3.tmp.peer_finish_md_len = ssl->method->ssl3_enc->final_finish_mac(s, sender, slen, + s->s3.tmp.peer_finish_md); if (s->s3.tmp.peer_finish_md_len == 0) { /* SSLfatal() already called */ @@ -777,7 +785,7 @@ int ssl3_take_mac(SSL_CONNECTION *s) } MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s, - PACKET *pkt) + PACKET *pkt) { size_t remain; @@ -789,7 +797,7 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s, */ if (SSL_CONNECTION_IS_DTLS(s)) { if ((s->version == DTLS1_BAD_VER - && remain != DTLS1_CCS_HEADER_LENGTH + 1) + && remain != DTLS1_CCS_HEADER_LENGTH + 1) || (s->version != DTLS1_BAD_VER && remain != DTLS1_CCS_HEADER_LENGTH - 1)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_CHANGE_CIPHER_SPEC); @@ -825,7 +833,7 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s, * SCTP is used */ BIO_ctrl(SSL_get_wbio(SSL_CONNECTION_GET_SSL(s)), - BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL); + BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL); #endif } @@ -839,22 +847,21 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) int was_first = SSL_IS_FIRST_HANDSHAKE(s); int ok; - /* This is a real handshake so make sure we clean it up at the end */ if (s->server) { /* - * To get this far we must have read encrypted data from the client. We - * no longer tolerate unencrypted alerts. This is ignored if less than - * TLSv1.3 - */ + * To get this far we must have read encrypted data from the client. We + * no longer tolerate unencrypted alerts. This is ignored if less than + * TLSv1.3 + */ if (s->rlayer.rrlmethod->set_plain_alerts != NULL) s->rlayer.rrlmethod->set_plain_alerts(s->rlayer.rrl, 0); if (s->post_handshake_auth != SSL_PHA_REQUESTED) s->statem.cleanuphand = 1; if (SSL_CONNECTION_IS_TLS13(s) && !tls13_save_handshake_digest_for_pha(s)) { - /* SSLfatal() already called */ - return MSG_PROCESS_ERROR; + /* SSLfatal() already called */ + return MSG_PROCESS_ERROR; } } @@ -883,7 +890,7 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) } ok = CRYPTO_memcmp(PACKET_data(pkt), s->s3.tmp.peer_finish_md, - md_len); + md_len); #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION if (ok != 0) { if ((PACKET_data(pkt)[0] ^ s->s3.tmp.peer_finish_md[0]) != 0xFF) { @@ -905,11 +912,11 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) } if (s->server) { memcpy(s->s3.previous_client_finished, s->s3.tmp.peer_finish_md, - md_len); + md_len); s->s3.previous_client_finished_len = md_len; } else { memcpy(s->s3.previous_server_finished, s->s3.tmp.peer_finish_md, - md_len); + md_len); s->s3.previous_server_finished_len = md_len; } @@ -919,9 +926,7 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) */ if (SSL_CONNECTION_IS_TLS13(s)) { if (s->server) { - if (s->post_handshake_auth != SSL_PHA_REQUESTED && - !ssl->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) { + if (s->post_handshake_auth != SSL_PHA_REQUESTED && !ssl->method->ssl3_enc->change_cipher_state(s, SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) { /* SSLfatal() already called */ return MSG_PROCESS_ERROR; } @@ -948,8 +953,8 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) * a message we have the correct keys in place to ack it) */ if (!SSL_IS_QUIC_HANDSHAKE(s) - && !ssl->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) { + && !ssl->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) { /* SSLfatal() already called */ return MSG_PROCESS_ERROR; } @@ -961,8 +966,8 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) } if (was_first - && !SSL_IS_FIRST_HANDSHAKE(s) - && s->rlayer.rrlmethod->set_first_handshake != NULL) + && !SSL_IS_FIRST_HANDSHAKE(s) + && s->rlayer.rrlmethod->set_first_handshake != NULL) s->rlayer.rrlmethod->set_first_handshake(s->rlayer.rrl, 0); return MSG_PROCESS_FINISHED_READING; @@ -980,7 +985,7 @@ CON_FUNC_RETURN tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt /* Add a certificate to the WPACKET */ static int ssl_add_cert_to_wpacket(SSL_CONNECTION *s, WPACKET *pkt, - X509 *x, int chain, int for_comp) + X509 *x, int chain, int for_comp) { int len; unsigned char *outbytes; @@ -996,14 +1001,14 @@ static int ssl_add_cert_to_wpacket(SSL_CONNECTION *s, WPACKET *pkt, return 0; } if (!WPACKET_sub_allocate_bytes_u24(pkt, len, &outbytes) - || i2d_X509(x, &outbytes) != len) { + || i2d_X509(x, &outbytes) != len) { if (!for_comp) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } if ((SSL_CONNECTION_IS_TLS13(s) || for_comp) - && !tls_construct_extensions(s, pkt, context, x, chain)) { + && !tls_construct_extensions(s, pkt, context, x, chain)) { /* SSLfatal() already called */ return 0; } @@ -1043,7 +1048,7 @@ static int ssl_add_cert_chain(SSL_CONNECTION *s, WPACKET *pkt, CERT_PKEY *cpk, i if (chain_store != NULL) { X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new_ex(sctx->libctx, - sctx->propq); + sctx->propq); if (xs_ctx == NULL) { if (!for_comp) @@ -1112,7 +1117,7 @@ static int ssl_add_cert_chain(SSL_CONNECTION *s, WPACKET *pkt, CERT_PKEY *cpk, i return 1; } -EVP_PKEY* tls_get_peer_pkey(const SSL_CONNECTION *sc) +EVP_PKEY *tls_get_peer_pkey(const SSL_CONNECTION *sc) { if (sc->session->peer_rpk != NULL) return sc->session->peer_rpk; @@ -1274,13 +1279,13 @@ int tls_process_rpk(SSL_CONNECTION *sc, PACKET *pkt, EVP_PKEY **peer_rpk) } spkistart = spki; if ((pkey = d2i_PUBKEY_ex(NULL, &spki, spki_len, sctx->libctx, sctx->propq)) == NULL - || spki != (spkistart + spki_len)) { + || spki != (spkistart + spki_len)) { SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } if (EVP_PKEY_missing_parameters(pkey)) { SSLfatal(sc, SSL_AD_INTERNAL_ERROR, - SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); + SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); goto err; } @@ -1291,18 +1296,18 @@ int tls_process_rpk(SSL_CONNECTION *sc, PACKET *pkt, EVP_PKEY **peer_rpk) goto err; } if (!PACKET_as_length_prefixed_2(pkt, &extensions) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } if (!tls_collect_extensions(sc, &extensions, SSL_EXT_TLS1_3_RAW_PUBLIC_KEY, - &rawexts, NULL, 1)) { + &rawexts, NULL, 1)) { /* SSLfatal already called */ goto err; } /* chain index is always zero and fin always 1 for RPK */ if (!tls_parse_all_extensions(sc, SSL_EXT_TLS1_3_RAW_PUBLIC_KEY, - rawexts, NULL, 0, 1)) { + rawexts, NULL, 0, 1)) { /* SSLfatal already called */ goto err; } @@ -1313,7 +1318,7 @@ int tls_process_rpk(SSL_CONNECTION *sc, PACKET *pkt, EVP_PKEY **peer_rpk) pkey = NULL; } - err: +err: OPENSSL_free(rawexts); EVP_PKEY_free(pkey); return ret; @@ -1381,7 +1386,7 @@ unsigned long tls_output_rpk(SSL_CONNECTION *sc, WPACKET *pkt, CERT_PKEY *cpk) * |x509| may be NULL, which raw public-key extensions need to handle. */ if (!tls_construct_extensions(sc, pkt, SSL_EXT_TLS1_3_RAW_PUBLIC_KEY, - x509, 0)) { + x509, 0)) { /* SSLfatal() already called */ goto err; } @@ -1392,13 +1397,13 @@ unsigned long tls_output_rpk(SSL_CONNECTION *sc, WPACKET *pkt, CERT_PKEY *cpk) } ret = 1; - err: +err: OPENSSL_free(pdata); return ret; } unsigned long ssl3_output_cert_chain(SSL_CONNECTION *s, WPACKET *pkt, - CERT_PKEY *cpk, int for_comp) + CERT_PKEY *cpk, int for_comp) { if (!WPACKET_start_sub_packet_u24(pkt)) { if (!for_comp) @@ -1424,9 +1429,9 @@ unsigned long ssl3_output_cert_chain(SSL_CONNECTION *s, WPACKET *pkt, * freed up as well. */ WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, ossl_unused WORK_STATE wst, - int clearbufs, int stop) + int clearbufs, int stop) { - void (*cb) (const SSL *ssl, int type, int val) = NULL; + void (*cb)(const SSL *ssl, int type, int val) = NULL; int cleanuphand = s->statem.cleanuphand; SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); @@ -1442,7 +1447,7 @@ WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, ossl_unused WORK_STATE wst, */ || BIO_dgram_is_sctp(SSL_get_wbio(SSL_CONNECTION_GET_SSL(s))) #endif - ) { + ) { /* * We don't do this in DTLS over UDP because we may still need the init_buf * in case there are any unexpected retransmits @@ -1459,7 +1464,7 @@ WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, ossl_unused WORK_STATE wst, } if (SSL_CONNECTION_IS_TLS13(s) && !s->server - && s->post_handshake_auth == SSL_PHA_REQUESTED) + && s->post_handshake_auth == SSL_PHA_REQUESTED) s->post_handshake_auth = SSL_PHA_EXT_SENT; /* @@ -1493,7 +1498,8 @@ WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, ossl_unused WORK_STATE wst, * so we remove this one from the cache. */ if ((s->session_ctx->session_cache_mode - & SSL_SESS_CACHE_CLIENT) != 0) + & SSL_SESS_CACHE_CLIENT) + != 0) SSL_CTX_remove_session(s->session_ctx, s->session); } else { /* @@ -1504,11 +1510,11 @@ WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, ossl_unused WORK_STATE wst, } if (s->hit) ssl_tsan_counter(s->session_ctx, - &s->session_ctx->stats.sess_hit); + &s->session_ctx->stats.sess_hit); s->handshake_func = ossl_statem_connect; ssl_tsan_counter(s->session_ctx, - &s->session_ctx->stats.sess_connect_good); + &s->session_ctx->stats.sess_connect_good); } if (SSL_CONNECTION_IS_DTLS(s)) { @@ -1530,8 +1536,8 @@ WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, ossl_unused WORK_STATE wst, if (cb != NULL) { if (cleanuphand - || !SSL_CONNECTION_IS_TLS13(s) - || SSL_IS_FIRST_HANDSHAKE(s)) + || !SSL_CONNECTION_IS_TLS13(s) + || SSL_IS_FIRST_HANDSHAKE(s)) cb(ssl, SSL_CB_HANDSHAKE_DONE, 1); } @@ -1559,9 +1565,9 @@ int tls_get_message_header(SSL_CONNECTION *s, int *mt) do { while (s->init_num < SSL3_HM_HEADER_LENGTH) { i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, &recvd_type, - &p[s->init_num], - SSL3_HM_HEADER_LENGTH - s->init_num, - 0, &readbytes); + &p[s->init_num], + SSL3_HM_HEADER_LENGTH - s->init_num, + 0, &readbytes); if (i <= 0) { s->rwstate = SSL_READING; return 0; @@ -1573,11 +1579,11 @@ int tls_get_message_header(SSL_CONNECTION *s, int *mt) */ if (s->init_num != 0 || readbytes != 1 || p[0] != SSL3_MT_CCS) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_BAD_CHANGE_CIPHER_SPEC); + SSL_R_BAD_CHANGE_CIPHER_SPEC); return 0; } if (s->statem.hand_state == TLS_ST_BEFORE - && (s->s3.flags & TLS1_FLAGS_STATELESS) != 0) { + && (s->s3.flags & TLS1_FLAGS_STATELESS) != 0) { /* * We are stateless and we received a CCS. Probably this is * from a client between the first and second ClientHellos. @@ -1594,7 +1600,7 @@ int tls_get_message_header(SSL_CONNECTION *s, int *mt) return 1; } else if (recvd_type != SSL3_RT_HANDSHAKE) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_R_CCS_RECEIVED_EARLY); + SSL_R_CCS_RECEIVED_EARLY); return 0; } s->init_num += readbytes; @@ -1603,7 +1609,7 @@ int tls_get_message_header(SSL_CONNECTION *s, int *mt) skip_message = 0; if (!s->server) if (s->statem.hand_state != TLS_ST_OK - && p[0] == SSL3_MT_HELLO_REQUEST) + && p[0] == SSL3_MT_HELLO_REQUEST) /* * The server may always send 'Hello Request' messages -- * we are doing a handshake anyway now, so ignore them if @@ -1616,8 +1622,8 @@ int tls_get_message_header(SSL_CONNECTION *s, int *mt) if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - p, SSL3_HM_HEADER_LENGTH, ussl, - s->msg_callback_arg); + p, SSL3_HM_HEADER_LENGTH, ussl, + s->msg_callback_arg); } } while (skip_message); /* s->init_num == SSL3_HM_HEADER_LENGTH */ @@ -1643,7 +1649,7 @@ int tls_get_message_header(SSL_CONNECTION *s, int *mt) /* BUF_MEM_grow takes an 'int' parameter */ if (l > (INT_MAX - SSL3_HM_HEADER_LENGTH)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_EXCESSIVE_MESSAGE_SIZE); + SSL_R_EXCESSIVE_MESSAGE_SIZE); return 0; } s->s3.tmp.message_size = l; @@ -1673,7 +1679,7 @@ int tls_get_message_body(SSL_CONNECTION *s, size_t *len) n = s->s3.tmp.message_size - s->init_num; while (n > 0) { i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL, - &p[s->init_num], n, 0, &readbytes); + &p[s->init_num], n, 0, &readbytes); if (i <= 0) { s->rwstate = SSL_READING; *len = 0; @@ -1696,14 +1702,14 @@ int tls_get_message_body(SSL_CONNECTION *s, size_t *len) /* Feed this message into MAC computation. */ if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) { if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, - s->init_num)) { + s->init_num)) { /* SSLfatal() already called */ *len = 0; return 0; } if (s->msg_callback) s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data, - (size_t)s->init_num, ussl, s->msg_callback_arg); + (size_t)s->init_num, ussl, s->msg_callback_arg); } else { /* * We defer feeding in the HRR until later. We'll do it as part of @@ -1711,18 +1717,19 @@ int tls_get_message_body(SSL_CONNECTION *s, size_t *len) * The TLsv1.3 handshake transcript stops at the ClientFinished * message. */ -#define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2) +#define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2) /* KeyUpdate and NewSessionTicket do not need to be added */ if (!SSL_CONNECTION_IS_TLS13(s) || (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET - && s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) { + && s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) { if (s->s3.tmp.message_type != SSL3_MT_SERVER_HELLO - || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE - || memcmp(hrrrandom, - s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET, - SSL3_RANDOM_SIZE) != 0) { + || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE + || memcmp(hrrrandom, + s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET, + SSL3_RANDOM_SIZE) + != 0) { if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, - s->init_num + SSL3_HM_HEADER_LENGTH)) { + s->init_num + SSL3_HM_HEADER_LENGTH)) { /* SSLfatal() already called */ *len = 0; return 0; @@ -1731,8 +1738,8 @@ int tls_get_message_body(SSL_CONNECTION *s, size_t *len) } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, - (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, ussl, - s->msg_callback_arg); + (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, ussl, + s->msg_callback_arg); } *len = s->init_num; @@ -1740,49 +1747,49 @@ int tls_get_message_body(SSL_CONNECTION *s, size_t *len) } static const X509ERR2ALERT x509table[] = { - {X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE}, - {X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_EC_KEY_EXPLICIT_PARAMS, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED}, - {X509_V_ERR_CERT_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CERT_REJECTED, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CERT_REVOKED, SSL_AD_CERTIFICATE_REVOKED}, - {X509_V_ERR_CERT_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR}, - {X509_V_ERR_CERT_UNTRUSTED, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CRL_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED}, - {X509_V_ERR_CRL_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_CRL_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR}, - {X509_V_ERR_DANE_NO_MATCH, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_EE_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_EMAIL_MISMATCH, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_HOSTNAME_MISMATCH, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_INVALID_CA, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_INVALID_CALL, SSL_AD_INTERNAL_ERROR}, - {X509_V_ERR_INVALID_PURPOSE, SSL_AD_UNSUPPORTED_CERTIFICATE}, - {X509_V_ERR_IP_ADDRESS_MISMATCH, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_OUT_OF_MEM, SSL_AD_INTERNAL_ERROR}, - {X509_V_ERR_PATH_LENGTH_EXCEEDED, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_STORE_LOOKUP, SSL_AD_INTERNAL_ERROR}, - {X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, SSL_AD_BAD_CERTIFICATE}, - {X509_V_ERR_UNABLE_TO_GET_CRL, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, SSL_AD_UNKNOWN_CA}, - {X509_V_ERR_UNSPECIFIED, SSL_AD_INTERNAL_ERROR}, + { X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE }, + { X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_EC_KEY_EXPLICIT_PARAMS, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED }, + { X509_V_ERR_CERT_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CERT_REJECTED, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CERT_REVOKED, SSL_AD_CERTIFICATE_REVOKED }, + { X509_V_ERR_CERT_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR }, + { X509_V_ERR_CERT_UNTRUSTED, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CRL_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED }, + { X509_V_ERR_CRL_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_CRL_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR }, + { X509_V_ERR_DANE_NO_MATCH, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_EE_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_EMAIL_MISMATCH, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_HOSTNAME_MISMATCH, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_INVALID_CA, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_INVALID_CALL, SSL_AD_INTERNAL_ERROR }, + { X509_V_ERR_INVALID_PURPOSE, SSL_AD_UNSUPPORTED_CERTIFICATE }, + { X509_V_ERR_IP_ADDRESS_MISMATCH, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_OUT_OF_MEM, SSL_AD_INTERNAL_ERROR }, + { X509_V_ERR_PATH_LENGTH_EXCEEDED, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_STORE_LOOKUP, SSL_AD_INTERNAL_ERROR }, + { X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, SSL_AD_BAD_CERTIFICATE }, + { X509_V_ERR_UNABLE_TO_GET_CRL, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, SSL_AD_UNKNOWN_CA }, + { X509_V_ERR_UNSPECIFIED, SSL_AD_INTERNAL_ERROR }, /* Last entry; return this if we don't find the value above. */ - {X509_V_OK, SSL_AD_CERTIFICATE_UNKNOWN} + { X509_V_OK, SSL_AD_CERTIFICATE_UNKNOWN } }; int ssl_x509err2alert(int x509err) @@ -1823,63 +1830,63 @@ int ssl_version_cmp(const SSL_CONNECTION *s, int versiona, int versionb) typedef struct { int version; - const SSL_METHOD *(*cmeth) (void); - const SSL_METHOD *(*smeth) (void); + const SSL_METHOD *(*cmeth)(void); + const SSL_METHOD *(*smeth)(void); } version_info; #if TLS_MAX_VERSION_INTERNAL != TLS1_3_VERSION -# error Code needs update for TLS_method() support beyond TLS1_3_VERSION. +#error Code needs update for TLS_method() support beyond TLS1_3_VERSION. #endif /* Must be in order high to low */ static const version_info tls_version_table[] = { #ifndef OPENSSL_NO_TLS1_3 - {TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method}, + { TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method }, #else - {TLS1_3_VERSION, NULL, NULL}, + { TLS1_3_VERSION, NULL, NULL }, #endif #ifndef OPENSSL_NO_TLS1_2 - {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method}, + { TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method }, #else - {TLS1_2_VERSION, NULL, NULL}, + { TLS1_2_VERSION, NULL, NULL }, #endif #ifndef OPENSSL_NO_TLS1_1 - {TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method}, + { TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method }, #else - {TLS1_1_VERSION, NULL, NULL}, + { TLS1_1_VERSION, NULL, NULL }, #endif #ifndef OPENSSL_NO_TLS1 - {TLS1_VERSION, tlsv1_client_method, tlsv1_server_method}, + { TLS1_VERSION, tlsv1_client_method, tlsv1_server_method }, #else - {TLS1_VERSION, NULL, NULL}, + { TLS1_VERSION, NULL, NULL }, #endif #ifndef OPENSSL_NO_SSL3 - {SSL3_VERSION, sslv3_client_method, sslv3_server_method}, + { SSL3_VERSION, sslv3_client_method, sslv3_server_method }, #else - {SSL3_VERSION, NULL, NULL}, + { SSL3_VERSION, NULL, NULL }, #endif - {0, NULL, NULL}, + { 0, NULL, NULL }, }; #if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION -# error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION. +#error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION. #endif /* Must be in order high to low */ static const version_info dtls_version_table[] = { #ifndef OPENSSL_NO_DTLS1_2 - {DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method}, + { DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method }, #else - {DTLS1_2_VERSION, NULL, NULL}, + { DTLS1_2_VERSION, NULL, NULL }, #endif #ifndef OPENSSL_NO_DTLS1 - {DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method}, - {DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL}, + { DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method }, + { DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL }, #else - {DTLS1_VERSION, NULL, NULL}, - {DTLS1_BAD_VER, NULL, NULL}, + { DTLS1_VERSION, NULL, NULL }, + { DTLS1_BAD_VER, NULL, NULL }, #endif - {0, NULL, NULL}, + { 0, NULL, NULL }, }; /* @@ -1894,13 +1901,10 @@ static int ssl_method_error(const SSL_CONNECTION *s, const SSL_METHOD *method) { int version = method->version; - if ((s->min_proto_version != 0 && - ssl_version_cmp(s, version, s->min_proto_version) < 0) || - ssl_security(s, SSL_SECOP_VERSION, 0, version, NULL) == 0) + if ((s->min_proto_version != 0 && ssl_version_cmp(s, version, s->min_proto_version) < 0) || ssl_security(s, SSL_SECOP_VERSION, 0, version, NULL) == 0) return SSL_R_VERSION_TOO_LOW; - if (s->max_proto_version != 0 && - ssl_version_cmp(s, version, s->max_proto_version) > 0) + if (s->max_proto_version != 0 && ssl_version_cmp(s, version, s->max_proto_version) > 0) return SSL_R_VERSION_TOO_HIGH; if ((s->options & method->mask) != 0) @@ -1930,7 +1934,7 @@ static int is_tls13_capable(const SSL_CONNECTION *s) * cb is set then we just assume TLSv1.3 will be ok */ if (sctx->ext.servername_cb != NULL - || s->session_ctx->ext.servername_cb != NULL) + || s->session_ctx->ext.servername_cb != NULL) return 1; #ifndef OPENSSL_NO_PSK @@ -1980,7 +1984,7 @@ static int is_tls13_capable(const SSL_CONNECTION *s) * Returns 1 when supported, otherwise 0 */ int ssl_version_supported(const SSL_CONNECTION *s, int version, - const SSL_METHOD **meth) + const SSL_METHOD **meth) { const version_info *vent; const version_info *table; @@ -1998,17 +2002,17 @@ int ssl_version_supported(const SSL_CONNECTION *s, int version, } for (vent = table; - vent->version != 0 && ssl_version_cmp(s, version, vent->version) <= 0; - ++vent) { + vent->version != 0 && ssl_version_cmp(s, version, vent->version) <= 0; + ++vent) { const SSL_METHOD *(*thismeth)(void) = s->server ? vent->smeth : vent->cmeth; if (thismeth != NULL - && ssl_version_cmp(s, version, vent->version) == 0 - && ssl_method_error(s, thismeth()) == 0 - && (!s->server - || version != TLS1_3_VERSION - || is_tls13_capable(s))) { + && ssl_version_cmp(s, version, vent->version) == 0 + && ssl_method_error(s, thismeth()) == 0 + && (!s->server + || version != TLS1_3_VERSION + || is_tls13_capable(s))) { if (meth != NULL) *meth = thismeth(); return 1; @@ -2126,18 +2130,18 @@ int ssl_set_version_bound(int method_version, int version, int *bound) static void check_for_downgrade(SSL_CONNECTION *s, int vers, DOWNGRADE *dgrd) { if (vers == TLS1_2_VERSION - && ssl_version_supported(s, TLS1_3_VERSION, NULL)) { + && ssl_version_supported(s, TLS1_3_VERSION, NULL)) { *dgrd = DOWNGRADE_TO_1_2; } else if (!SSL_CONNECTION_IS_DTLS(s) - && vers < TLS1_2_VERSION - /* - * We need to ensure that a server that disables TLSv1.2 - * (creating a hole between TLSv1.3 and TLSv1.1) can still - * complete handshakes with clients that support TLSv1.2 and - * below. Therefore we do not enable the sentinel if TLSv1.3 is - * enabled and TLSv1.2 is not. - */ - && ssl_version_supported(s, TLS1_2_VERSION, NULL)) { + && vers < TLS1_2_VERSION + /* + * We need to ensure that a server that disables TLSv1.2 + * (creating a hole between TLSv1.3 and TLSv1.1) can still + * complete handshakes with clients that support TLSv1.2 and + * below. Therefore we do not enable the sentinel if TLSv1.3 is + * enabled and TLSv1.2 is not. + */ + && ssl_version_supported(s, TLS1_2_VERSION, NULL)) { *dgrd = DOWNGRADE_TO_1_1; } else { *dgrd = DOWNGRADE_NONE; @@ -2154,7 +2158,7 @@ static void check_for_downgrade(SSL_CONNECTION *s, int vers, DOWNGRADE *dgrd) * Returns 0 on success or an SSL error reason number on failure. */ int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello, - DOWNGRADE *dgrd) + DOWNGRADE *dgrd) { /*- * With version-flexible methods we have an initial state with: @@ -2280,8 +2284,7 @@ int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello, for (vent = table; vent->version != 0; ++vent) { const SSL_METHOD *method; - if (vent->smeth == NULL || - ssl_version_cmp(s, client_version, vent->version) < 0) + if (vent->smeth == NULL || ssl_version_cmp(s, client_version, vent->version) < 0) continue; method = vent->smeth(); if (ssl_method_error(s, method) == 0) { @@ -2310,7 +2313,7 @@ int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello, * Returns 1 on success or 0 on error. */ int ssl_choose_client_version(SSL_CONNECTION *s, int version, - RAW_EXTENSION *extensions) + RAW_EXTENSION *extensions) { const version_info *vent; const version_info *table; @@ -2322,15 +2325,16 @@ int ssl_choose_client_version(SSL_CONNECTION *s, int version, /* This will overwrite s->version if the extension is present */ if (!tls_parse_extension(s, TLSEXT_IDX_supported_versions, - SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_TLS1_3_SERVER_HELLO, extensions, - NULL, 0)) { + SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_SERVER_HELLO, + extensions, + NULL, 0)) { s->version = origv; return 0; } if (s->hello_retry_request != SSL_HRR_NONE - && s->version != TLS1_3_VERSION) { + && s->version != TLS1_3_VERSION) { s->version = origv; SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_WRONG_SSL_VERSION); return 0; @@ -2384,23 +2388,25 @@ int ssl_choose_client_version(SSL_CONNECTION *s, int version, if (!SSL_CONNECTION_IS_DTLS(s) && real_max > s->version) { /* Signal applies to all versions */ if (memcmp(tls11downgrade, - s->s3.server_random + SSL3_RANDOM_SIZE - - sizeof(tls11downgrade), - sizeof(tls11downgrade)) == 0) { + s->s3.server_random + SSL3_RANDOM_SIZE + - sizeof(tls11downgrade), + sizeof(tls11downgrade)) + == 0) { s->version = origv; SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INAPPROPRIATE_FALLBACK); + SSL_R_INAPPROPRIATE_FALLBACK); return 0; } /* Only when accepting TLS1.3 */ if (real_max == TLS1_3_VERSION && memcmp(tls12downgrade, - s->s3.server_random + SSL3_RANDOM_SIZE - - sizeof(tls12downgrade), - sizeof(tls12downgrade)) == 0) { + s->s3.server_random + SSL3_RANDOM_SIZE + - sizeof(tls12downgrade), + sizeof(tls12downgrade)) + == 0) { s->version = origv; SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INAPPROPRIATE_FALLBACK); + SSL_R_INAPPROPRIATE_FALLBACK); return 0; } } @@ -2445,7 +2451,7 @@ int ssl_choose_client_version(SSL_CONNECTION *s, int version, * min_version and max_version will also be set to 0. */ int ssl_get_min_max_version(const SSL_CONNECTION *s, int *min_version, - int *max_version, int *real_max) + int *max_version, int *real_max) { int version, tmp_real_max; int hole; @@ -2596,7 +2602,7 @@ int ssl_set_client_hello_version(SSL_CONNECTION *s) * where the group was found. */ int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups, - size_t num_groups, int checkallow, size_t *pos) + size_t num_groups, int checkallow, size_t *pos) { size_t i; @@ -2607,8 +2613,8 @@ int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups, uint16_t group = groups[i]; if (group_id == group - && (!checkallow - || tls_group_allowed(s, group, SSL_SECOP_CURVE_CHECK))) { + && (!checkallow + || tls_group_allowed(s, group, SSL_SECOP_CURVE_CHECK))) { if (pos != NULL) *pos = i; return 1; @@ -2620,9 +2626,9 @@ int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups, /* Replace ClientHello1 in the transcript hash with a synthetic message */ int create_synthetic_message_hash(SSL_CONNECTION *s, - const unsigned char *hashval, - size_t hashlen, const unsigned char *hrr, - size_t hrrlen) + const unsigned char *hashval, + size_t hashlen, const unsigned char *hrr, + size_t hrrlen) { unsigned char hashvaltmp[EVP_MAX_MD_SIZE]; unsigned char msghdr[SSL3_HM_HEADER_LENGTH]; @@ -2634,8 +2640,8 @@ int create_synthetic_message_hash(SSL_CONNECTION *s, hashlen = 0; /* Get the hash of the initial ClientHello */ if (!ssl3_digest_cached_records(s, 0) - || !ssl_handshake_hash(s, hashvaltmp, sizeof(hashvaltmp), - &hashlen)) { + || !ssl_handshake_hash(s, hashvaltmp, sizeof(hashvaltmp), + &hashlen)) { /* SSLfatal() already called */ return 0; } @@ -2651,7 +2657,7 @@ int create_synthetic_message_hash(SSL_CONNECTION *s, msghdr[0] = SSL3_MT_MESSAGE_HASH; msghdr[SSL3_HM_HEADER_LENGTH - 1] = (unsigned char)hashlen; if (!ssl3_finish_mac(s, msghdr, SSL3_HM_HEADER_LENGTH) - || !ssl3_finish_mac(s, hashval, hashlen)) { + || !ssl3_finish_mac(s, hashval, hashlen)) { /* SSLfatal() already called */ return 0; } @@ -2662,10 +2668,10 @@ int create_synthetic_message_hash(SSL_CONNECTION *s, * receiving a ClientHello2 with a cookie. */ if (hrr != NULL - && (!ssl3_finish_mac(s, hrr, hrrlen) - || !ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, - s->s3.tmp.message_size - + SSL3_HM_HEADER_LENGTH))) { + && (!ssl3_finish_mac(s, hrr, hrrlen) + || !ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, + s->s3.tmp.message_size + + SSL3_HM_HEADER_LENGTH))) { /* SSLfatal() already called */ return 0; } @@ -2726,7 +2732,7 @@ int parse_ca_names(SSL_CONNECTION *s, PACKET *pkt) return 1; - err: +err: sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); X509_NAME_free(xn); return 0; @@ -2750,7 +2756,7 @@ const STACK_OF(X509_NAME) *get_ca_names(SSL_CONNECTION *s) } int construct_ca_names(SSL_CONNECTION *s, const STACK_OF(X509_NAME) *ca_sk, - WPACKET *pkt) + WPACKET *pkt) { /* Start sub-packet for client CA list */ if (!WPACKET_start_sub_packet_u16(pkt)) { @@ -2767,10 +2773,10 @@ int construct_ca_names(SSL_CONNECTION *s, const STACK_OF(X509_NAME) *ca_sk, int namelen; if (name == NULL - || (namelen = i2d_X509_NAME(name, NULL)) < 0 - || !WPACKET_sub_allocate_bytes_u16(pkt, namelen, - &namebytes) - || i2d_X509_NAME(name, &namebytes) != namelen) { + || (namelen = i2d_X509_NAME(name, NULL)) < 0 + || !WPACKET_sub_allocate_bytes_u16(pkt, namelen, + &namebytes) + || i2d_X509_NAME(name, &namebytes) != namelen) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -2787,7 +2793,7 @@ int construct_ca_names(SSL_CONNECTION *s, const STACK_OF(X509_NAME) *ca_sk, /* Create a buffer containing data to be signed for server key exchange */ size_t construct_key_exchange_tbs(SSL_CONNECTION *s, unsigned char **ptbs, - const void *param, size_t paramlen) + const void *param, size_t paramlen) { size_t tbslen = 2 * SSL3_RANDOM_SIZE + paramlen; unsigned char *tbs = OPENSSL_malloc(tbslen); @@ -2822,7 +2828,7 @@ int tls13_save_handshake_digest_for_pha(SSL_CONNECTION *s) return 0; } if (!EVP_MD_CTX_copy_ex(s->pha_dgst, - s->s3.handshake_dgst)) { + s->s3.handshake_dgst)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); EVP_MD_CTX_free(s->pha_dgst); s->pha_dgst = NULL; @@ -2843,7 +2849,7 @@ int tls13_restore_handshake_digest_for_pha(SSL_CONNECTION *s) return 0; } if (!EVP_MD_CTX_copy_ex(s->s3.handshake_dgst, - s->pha_dgst)) { + s->pha_dgst)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -2852,9 +2858,9 @@ int tls13_restore_handshake_digest_for_pha(SSL_CONNECTION *s) #ifndef OPENSSL_NO_COMP_ALG MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc, - PACKET *pkt, - PACKET *tmppkt, - BUF_MEM *buf) + PACKET *pkt, + PACKET *tmppkt, + BUF_MEM *buf) { MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR; int comp_alg; @@ -2869,7 +2875,7 @@ MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc, SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } - if (!PACKET_get_net_2(pkt, (unsigned int*)&comp_alg)) { + if (!PACKET_get_net_2(pkt, (unsigned int *)&comp_alg)) { SSLfatal(sc, SSL_AD_BAD_CERTIFICATE, ERR_R_INTERNAL_ERROR); goto err; } @@ -2912,6 +2918,12 @@ MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc, goto err; } + /* Prevent excessive pre-decompression allocation */ + if (expected_length > sc->max_cert_list) { + SSLfatal(sc, SSL_AD_BAD_CERTIFICATE, SSL_R_EXCESSIVE_MESSAGE_SIZE); + goto err; + } + if (PACKET_remaining(pkt) != comp_length || comp_length == 0) { SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_DECOMPRESSION); goto err; @@ -2920,12 +2932,13 @@ MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc, if (!BUF_MEM_grow(buf, expected_length) || !PACKET_buf_init(tmppkt, (unsigned char *)buf->data, expected_length) || COMP_expand_block(comp, (unsigned char *)buf->data, expected_length, - (unsigned char*)PACKET_data(pkt), comp_length) != (int)expected_length) { + (unsigned char *)PACKET_data(pkt), comp_length) + != (int)expected_length) { SSLfatal(sc, SSL_AD_BAD_CERTIFICATE, SSL_R_BAD_DECOMPRESSION); goto err; } ret = MSG_PROCESS_CONTINUE_PROCESSING; - err: +err: COMP_CTX_free(comp); return ret; } diff --git a/crypto/openssl/ssl/statem/statem_local.h b/crypto/openssl/ssl/statem/statem_local.h index 352f9b8cec7a..e1d57eb8c646 100644 --- a/crypto/openssl/ssl/statem/statem_local.h +++ b/crypto/openssl/ssl/statem/statem_local.h @@ -18,31 +18,31 @@ /* The spec allows for a longer length than this, but we limit it */ #define HELLO_VERIFY_REQUEST_MAX_LENGTH 258 -#define END_OF_EARLY_DATA_MAX_LENGTH 0 -#define HELLO_RETRY_REQUEST_MAX_LENGTH 20000 +#define END_OF_EARLY_DATA_MAX_LENGTH 0 +#define HELLO_RETRY_REQUEST_MAX_LENGTH 20000 #define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000 #define SESSION_TICKET_MAX_LENGTH_TLS13 131338 #define SESSION_TICKET_MAX_LENGTH_TLS12 65541 -#define SERVER_KEY_EXCH_MAX_LENGTH 102400 -#define SERVER_HELLO_DONE_MAX_LENGTH 0 -#define KEY_UPDATE_MAX_LENGTH 1 -#define CCS_MAX_LENGTH 1 +#define SERVER_KEY_EXCH_MAX_LENGTH 102400 +#define SERVER_HELLO_DONE_MAX_LENGTH 0 +#define KEY_UPDATE_MAX_LENGTH 1 +#define CCS_MAX_LENGTH 1 /* Max ServerHello size permitted by RFC 8446 */ -#define SERVER_HELLO_MAX_LENGTH 65607 +#define SERVER_HELLO_MAX_LENGTH 65607 /* Max CertificateVerify size permitted by RFC 8446 */ -#define CERTIFICATE_VERIFY_MAX_LENGTH 65539 +#define CERTIFICATE_VERIFY_MAX_LENGTH 65539 /* Max should actually be 36 but we are generous */ -#define FINISHED_MAX_LENGTH 64 +#define FINISHED_MAX_LENGTH 64 /* Dummy message type */ -#define SSL3_MT_DUMMY -1 +#define SSL3_MT_DUMMY -1 /* Invalid extension ID for non-supported extensions */ -#define TLSEXT_TYPE_invalid 0x10000 -#define TLSEXT_TYPE_out_of_range 0x10001 +#define TLSEXT_TYPE_invalid 0x10000 +#define TLSEXT_TYPE_out_of_range 0x10001 unsigned int ossl_get_extension_type(size_t idx); extern const unsigned char hrrrandom[]; @@ -62,21 +62,21 @@ typedef enum { MSG_PROCESS_CONTINUE_READING } MSG_PROCESS_RETURN; -typedef CON_FUNC_RETURN (*confunc_f) (SSL_CONNECTION *s, WPACKET *pkt); +typedef CON_FUNC_RETURN (*confunc_f)(SSL_CONNECTION *s, WPACKET *pkt); int ssl3_take_mac(SSL_CONNECTION *s); int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups, - size_t num_groups, int checkallow, size_t *pos); + size_t num_groups, int checkallow, size_t *pos); int create_synthetic_message_hash(SSL_CONNECTION *s, - const unsigned char *hashval, - size_t hashlen, const unsigned char *hrr, - size_t hrrlen); + const unsigned char *hashval, + size_t hashlen, const unsigned char *hrr, + size_t hrrlen); int parse_ca_names(SSL_CONNECTION *s, PACKET *pkt); const STACK_OF(X509_NAME) *get_ca_names(SSL_CONNECTION *s); int construct_ca_names(SSL_CONNECTION *s, const STACK_OF(X509_NAME) *ca_sk, - WPACKET *pkt); + WPACKET *pkt); size_t construct_key_exchange_tbs(SSL_CONNECTION *s, unsigned char **ptbs, - const void *param, size_t paramlen); + const void *param, size_t paramlen); /* * TLS/DTLS client state machine functions @@ -86,12 +86,12 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL_CONNECTION *s); WORK_STATE ossl_statem_client_pre_work(SSL_CONNECTION *s, WORK_STATE wst); WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst); int ossl_statem_client_construct_message(SSL_CONNECTION *s, - confunc_f *confunc, int *mt); + confunc_f *confunc, int *mt); size_t ossl_statem_client_max_message_size(SSL_CONNECTION *s); MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); WORK_STATE ossl_statem_client_post_process_message(SSL_CONNECTION *s, - WORK_STATE wst); + WORK_STATE wst); /* * TLS/DTLS server state machine functions @@ -101,12 +101,12 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL_CONNECTION *s); WORK_STATE ossl_statem_server_pre_work(SSL_CONNECTION *s, WORK_STATE wst); WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst); int ossl_statem_server_construct_message(SSL_CONNECTION *s, - confunc_f *confunc,int *mt); + confunc_f *confunc, int *mt); size_t ossl_statem_server_max_message_size(SSL_CONNECTION *s); MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); WORK_STATE ossl_statem_server_post_process_message(SSL_CONNECTION *s, - WORK_STATE wst); + WORK_STATE wst); /* Functions for getting new message data */ __owur int tls_get_message_header(SSL_CONNECTION *s, int *mt); @@ -117,76 +117,76 @@ __owur int dtls_get_message_body(SSL_CONNECTION *s, size_t *len); /* Message construction and processing functions */ __owur int tls_process_initial_server_flight(SSL_CONNECTION *s); __owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt); -__owur CON_FUNC_RETURN tls_construct_change_cipher_spec(SSL_CONNECTION *s, - WPACKET *pkt); +__owur CON_FUNC_RETURN tls_construct_change_cipher_spec(SSL_CONNECTION *s, + WPACKET *pkt); __owur CON_FUNC_RETURN dtls_construct_change_cipher_spec(SSL_CONNECTION *s, - WPACKET *pkt); + WPACKET *pkt); __owur CON_FUNC_RETURN tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt); __owur CON_FUNC_RETURN tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); __owur WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, WORK_STATE wst, - int clearbufs, int stop); + int clearbufs, int stop); __owur WORK_STATE dtls_wait_for_dry(SSL_CONNECTION *s); #ifndef OPENSSL_NO_COMP_ALG __owur MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc, - PACKET *pkt, - PACKET *tmppkt, - BUF_MEM *buf); + PACKET *pkt, + PACKET *tmppkt, + BUF_MEM *buf); #endif /* some client-only functions */ __owur CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, - WPACKET *pkt); + WPACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); __owur int tls_process_cert_status_body(SSL_CONNECTION *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_cert_status(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_server_done(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); __owur CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s, - WPACKET *pkt); + WPACKET *pkt); __owur WORK_STATE tls_prepare_client_certificate(SSL_CONNECTION *s, - WORK_STATE wst); + WORK_STATE wst); __owur CON_FUNC_RETURN tls_construct_client_certificate(SSL_CONNECTION *s, - WPACKET *pkt); + WPACKET *pkt); #ifndef OPENSSL_NO_COMP_ALG __owur CON_FUNC_RETURN tls_construct_client_compressed_certificate(SSL_CONNECTION *sc, - WPACKET *pkt); + WPACKET *pkt); #endif __owur int ssl_do_client_cert_cb(SSL_CONNECTION *s, X509 **px509, - EVP_PKEY **ppkey); + EVP_PKEY **ppkey); __owur CON_FUNC_RETURN tls_construct_client_key_exchange(SSL_CONNECTION *s, - WPACKET *pkt); + WPACKET *pkt); __owur int tls_client_key_exchange_post_work(SSL_CONNECTION *s); __owur int tls_construct_cert_status_body(SSL_CONNECTION *s, WPACKET *pkt); __owur CON_FUNC_RETURN tls_construct_cert_status(SSL_CONNECTION *s, - WPACKET *pkt); + WPACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_server_rpk(SSL_CONNECTION *sc, - PACKET *pkt); + PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_client_rpk(SSL_CONNECTION *sc, - PACKET *pkt); + PACKET *pkt); __owur unsigned long tls_output_rpk(SSL_CONNECTION *sc, WPACKET *pkt, - CERT_PKEY *cpk); + CERT_PKEY *cpk); __owur int tls_process_rpk(SSL_CONNECTION *s, PACKET *pkt, EVP_PKEY **peer_rpk); __owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); __owur WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s, - WORK_STATE wst); + WORK_STATE wst); #ifndef OPENSSL_NO_COMP_ALG __owur MSG_PROCESS_RETURN tls_process_server_compressed_certificate(SSL_CONNECTION *sc, - PACKET *pkt); + PACKET *pkt); #endif __owur int ssl3_check_cert_and_algorithm(SSL_CONNECTION *s); #ifndef OPENSSL_NO_NEXTPROTONEG @@ -195,49 +195,49 @@ __owur CON_FUNC_RETURN tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt) __owur MSG_PROCESS_RETURN tls_process_hello_req(SSL_CONNECTION *s, PACKET *pkt); __owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL_CONNECTION *s, PACKET *pkt); __owur CON_FUNC_RETURN tls_construct_end_of_early_data(SSL_CONNECTION *s, - WPACKET *pkt); + WPACKET *pkt); /* some server-only functions */ __owur MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); __owur WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, - WORK_STATE wst); + WORK_STATE wst); __owur CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, - WPACKET *pkt); + WPACKET *pkt); __owur CON_FUNC_RETURN dtls_construct_hello_verify_request(SSL_CONNECTION *s, - WPACKET *pkt); + WPACKET *pkt); __owur CON_FUNC_RETURN tls_construct_server_certificate(SSL_CONNECTION *s, - WPACKET *pkt); + WPACKET *pkt); #ifndef OPENSSL_NO_COMP_ALG __owur CON_FUNC_RETURN tls_construct_server_compressed_certificate(SSL_CONNECTION *sc, - WPACKET *pkt); + WPACKET *pkt); #endif __owur CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s, - WPACKET *pkt); + WPACKET *pkt); __owur CON_FUNC_RETURN tls_construct_certificate_request(SSL_CONNECTION *s, - WPACKET *pkt); + WPACKET *pkt); __owur CON_FUNC_RETURN tls_construct_server_done(SSL_CONNECTION *s, - WPACKET *pkt); + WPACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); #ifndef OPENSSL_NO_COMP_ALG __owur MSG_PROCESS_RETURN tls_process_client_compressed_certificate(SSL_CONNECTION *sc, - PACKET *pkt); + PACKET *pkt); #endif __owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); __owur WORK_STATE tls_post_process_client_key_exchange(SSL_CONNECTION *s, - WORK_STATE wst); + WORK_STATE wst); __owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); #ifndef OPENSSL_NO_NEXTPROTONEG __owur MSG_PROCESS_RETURN tls_process_next_proto(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); #endif __owur CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, - WPACKET *pkt); + WPACKET *pkt); MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL_CONNECTION *s, - PACKET *pkt); + PACKET *pkt); #ifndef OPENSSL_NO_GOST /* These functions are used in GOST18 CKE, both for client and server */ @@ -254,319 +254,319 @@ typedef enum ext_return_en { } EXT_RETURN; __owur int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx, - RAW_EXTENSION *exts); + RAW_EXTENSION *exts); __owur int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx, - unsigned int thisctx); + unsigned int thisctx); __owur int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, - unsigned int context, - RAW_EXTENSION **res, size_t *len, int init); + unsigned int context, + RAW_EXTENSION **res, size_t *len, int init); __owur int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context, - RAW_EXTENSION *exts, X509 *x, size_t chainidx); + RAW_EXTENSION *exts, X509 *x, size_t chainidx); __owur int tls_parse_all_extensions(SSL_CONNECTION *s, int context, - RAW_EXTENSION *exts, - X509 *x, size_t chainidx, int fin); + RAW_EXTENSION *exts, + X509 *x, size_t chainidx, int fin); __owur int should_add_extension(SSL_CONNECTION *s, unsigned int extctx, - unsigned int thisctx, int max_version); + unsigned int thisctx, int max_version); __owur int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); __owur int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, - const unsigned char *msgstart, - size_t binderoffset, const unsigned char *binderin, - unsigned char *binderout, - SSL_SESSION *sess, int sign, int external); + const unsigned char *msgstart, + size_t binderoffset, const unsigned char *binderin, + unsigned char *binderout, + SSL_SESSION *sess, int sign, int external); /* Server Extension processing */ int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_ctos_server_name(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRP int tls_parse_ctos_srp(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #endif int tls_parse_ctos_early_data(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_ctos_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_ctos_supported_groups(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidxl); + unsigned int context, + X509 *x, size_t chainidxl); int tls_parse_ctos_session_ticket(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_ctos_sig_algs_cert(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_ctos_sig_algs(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, X509 *x, size_t chainidx); + unsigned int context, X509 *x, size_t chainidx); #ifndef OPENSSL_NO_OCSP int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); #endif #ifndef OPENSSL_NO_NEXTPROTONEG int tls_parse_ctos_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #endif int tls_parse_ctos_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRTP int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, X509 *x, size_t chainidx); + unsigned int context, X509 *x, size_t chainidx); #endif int tls_parse_ctos_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, X509 *x, size_t chainidx); + unsigned int context, X509 *x, size_t chainidx); int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_psk_kex_modes(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_ctos_post_handshake_auth(SSL_CONNECTION *, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); EXT_RETURN tls_construct_stoc_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_server_name(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_early_data(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #ifndef OPENSSL_NO_OCSP EXT_RETURN tls_construct_stoc_status_request(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #endif #ifndef OPENSSL_NO_NEXTPROTONEG EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #endif EXT_RETURN tls_construct_stoc_alpn(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRTP EXT_RETURN tls_construct_stoc_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); #endif EXT_RETURN tls_construct_stoc_etm(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); EXT_RETURN tls_construct_stoc_supported_versions(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); /* * Not in public headers as this is not an official extension. Only used when * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. */ -#define TLSEXT_TYPE_cryptopro_bug 0xfde8 +#define TLSEXT_TYPE_cryptopro_bug 0xfde8 EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_stoc_psk(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); /* Client Extension processing */ EXT_RETURN tls_construct_ctos_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_server_name(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRP EXT_RETURN tls_construct_ctos_srp(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #endif EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_sig_algs(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #ifndef OPENSSL_NO_OCSP EXT_RETURN tls_construct_ctos_status_request(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); #endif #ifndef OPENSSL_NO_NEXTPROTONEG EXT_RETURN tls_construct_ctos_npn(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); #endif EXT_RETURN tls_construct_ctos_alpn(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRTP EXT_RETURN tls_construct_ctos_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); #endif EXT_RETURN tls_construct_ctos_etm(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_CT EXT_RETURN tls_construct_ctos_sct(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); #endif EXT_RETURN tls_construct_ctos_ems(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_supported_versions(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_cookie(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); + unsigned int context, X509 *x, + size_t chainidx); EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_stoc_renegotiate(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_stoc_server_name(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_stoc_early_data(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_stoc_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_stoc_session_ticket(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_OCSP int tls_parse_stoc_status_request(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); #endif #ifndef OPENSSL_NO_CT int tls_parse_stoc_sct(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #endif #ifndef OPENSSL_NO_NEXTPROTONEG int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #endif int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); #ifndef OPENSSL_NO_SRTP int tls_parse_stoc_use_srtp(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, X509 *x, size_t chainidx); + unsigned int context, X509 *x, size_t chainidx); #endif int tls_parse_stoc_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, X509 *x, size_t chainidx); + unsigned int context, X509 *x, size_t chainidx); int tls_parse_stoc_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_parse_stoc_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); + X509 *x, size_t chainidx); int tls_handle_alpn(SSL_CONNECTION *s); int tls13_save_handshake_digest_for_pha(SSL_CONNECTION *s); int tls13_restore_handshake_digest_for_pha(SSL_CONNECTION *s); -__owur EVP_PKEY* tls_get_peer_pkey(const SSL_CONNECTION *sc); +__owur EVP_PKEY *tls_get_peer_pkey(const SSL_CONNECTION *sc); /* RFC7250 */ EXT_RETURN tls_construct_ctos_client_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); EXT_RETURN tls_construct_stoc_client_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_ctos_client_cert_type(SSL_CONNECTION *sc, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_stoc_client_cert_type(SSL_CONNECTION *sc, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_server_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); EXT_RETURN tls_construct_stoc_server_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_ctos_server_cert_type(SSL_CONNECTION *sc, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); int tls_parse_stoc_server_cert_type(SSL_CONNECTION *s, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); + unsigned int context, + X509 *x, size_t chainidx); diff --git a/crypto/openssl/ssl/statem/statem_srvr.c b/crypto/openssl/ssl/statem/statem_srvr.c index 43986121efd3..6079176f9988 100644 --- a/crypto/openssl/ssl/statem/statem_srvr.c +++ b/crypto/openssl/ssl/statem/statem_srvr.c @@ -32,24 +32,24 @@ #include <openssl/comp.h> #include "internal/comp.h" -#define TICKET_NONCE_SIZE 8 +#define TICKET_NONCE_SIZE 8 typedef struct { - ASN1_TYPE *kxBlob; - ASN1_TYPE *opaqueBlob; + ASN1_TYPE *kxBlob; + ASN1_TYPE *opaqueBlob; } GOST_KX_MESSAGE; DECLARE_ASN1_FUNCTIONS(GOST_KX_MESSAGE) ASN1_SEQUENCE(GOST_KX_MESSAGE) = { - ASN1_SIMPLE(GOST_KX_MESSAGE, kxBlob, ASN1_ANY), - ASN1_OPT(GOST_KX_MESSAGE, opaqueBlob, ASN1_ANY), + ASN1_SIMPLE(GOST_KX_MESSAGE, kxBlob, ASN1_ANY), + ASN1_OPT(GOST_KX_MESSAGE, opaqueBlob, ASN1_ANY), } ASN1_SEQUENCE_END(GOST_KX_MESSAGE) IMPLEMENT_ASN1_FUNCTIONS(GOST_KX_MESSAGE) static CON_FUNC_RETURN tls_construct_encrypted_extensions(SSL_CONNECTION *s, - WPACKET *pkt); + WPACKET *pkt); static ossl_inline int received_client_cert(const SSL_CONNECTION *sc) { @@ -86,7 +86,7 @@ static int ossl_statem_server13_read_transition(SSL_CONNECTION *s, int mt) } break; } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED - && !SSL_NO_EOED(s)) { + && !SSL_NO_EOED(s)) { if (mt == SSL3_MT_END_OF_EARLY_DATA) { st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA; return 1; @@ -104,7 +104,7 @@ static int ossl_statem_server13_read_transition(SSL_CONNECTION *s, int mt) } #ifndef OPENSSL_NO_COMP_ALG if (mt == SSL3_MT_COMPRESSED_CERTIFICATE - && s->ext.compress_certificate_sent) { + && s->ext.compress_certificate_sent) { st->hand_state = TLS_ST_SR_COMP_CERT; return 1; } @@ -154,7 +154,7 @@ static int ossl_statem_server13_read_transition(SSL_CONNECTION *s, int mt) } #ifndef OPENSSL_NO_COMP_ALG if (mt == SSL3_MT_COMPRESSED_CERTIFICATE - && s->ext.compress_certificate_sent) { + && s->ext.compress_certificate_sent) { st->hand_state = TLS_ST_SR_COMP_CERT; return 1; } @@ -226,7 +226,7 @@ int ossl_statem_server_read_transition(SSL_CONNECTION *s, int mt) * cert. */ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); + SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); return 0; } st->hand_state = TLS_ST_SR_KEY_EXCH; @@ -321,7 +321,7 @@ int ossl_statem_server_read_transition(SSL_CONNECTION *s, int mt) break; } - err: +err: /* No valid transition found */ if (SSL_CONNECTION_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { BIO *rbio; @@ -361,10 +361,10 @@ static int send_server_key_exchange(SSL_CONNECTION *s) * key exchange. */ if (alg_k & (SSL_kDHE | SSL_kECDHE) - /* - * PSK: send ServerKeyExchange if PSK identity hint if - * provided - */ + /* + * PSK: send ServerKeyExchange if PSK identity hint if + * provided + */ #ifndef OPENSSL_NO_PSK /* Only send SKE if we have identity hint for plain PSK */ || ((alg_k & (SSL_kPSK | SSL_kRSAPSK)) @@ -376,7 +376,7 @@ static int send_server_key_exchange(SSL_CONNECTION *s) /* SRP: send ServerKeyExchange */ || (alg_k & SSL_kSRP) #endif - ) { + ) { return 1; } @@ -414,40 +414,39 @@ static int get_compressed_certificate_alg(SSL_CONNECTION *sc) int send_certificate_request(SSL_CONNECTION *s) { if ( - /* don't request cert unless asked for it: */ - s->verify_mode & SSL_VERIFY_PEER - /* - * don't request if post-handshake-only unless doing - * post-handshake in TLSv1.3: - */ - && (!SSL_CONNECTION_IS_TLS13(s) - || !(s->verify_mode & SSL_VERIFY_POST_HANDSHAKE) - || s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) - /* - * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert - * a second time: - */ - && (s->certreqs_sent < 1 || - !(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) - /* - * never request cert in anonymous ciphersuites (see - * section "Certificate request" in SSL 3 drafts and in - * RFC 2246): - */ - && (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL) - /* - * ... except when the application insists on - * verification (against the specs, but statem_clnt.c accepts - * this for SSL 3) - */ - || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) - /* don't request certificate for SRP auth */ - && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aSRP) - /* - * With normal PSK Certificates and Certificate Requests - * are omitted - */ - && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aPSK)) { + /* don't request cert unless asked for it: */ + s->verify_mode & SSL_VERIFY_PEER + /* + * don't request if post-handshake-only unless doing + * post-handshake in TLSv1.3: + */ + && (!SSL_CONNECTION_IS_TLS13(s) + || !(s->verify_mode & SSL_VERIFY_POST_HANDSHAKE) + || s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) + /* + * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert + * a second time: + */ + && (s->certreqs_sent < 1 || !(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) + /* + * never request cert in anonymous ciphersuites (see + * section "Certificate request" in SSL 3 drafts and in + * RFC 2246): + */ + && (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL) + /* + * ... except when the application insists on + * verification (against the specs, but statem_clnt.c accepts + * this for SSL 3) + */ + || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) + /* don't request certificate for SRP auth */ + && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aSRP) + /* + * With normal PSK Certificates and Certificate Requests + * are omitted + */ + && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aPSK)) { return 1; } @@ -503,7 +502,7 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL_CONNECTION *s) case TLS_ST_SW_SRVR_HELLO: if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 - && s->hello_retry_request != SSL_HRR_COMPLETE) + && s->hello_retry_request != SSL_HRR_COMPLETE) st->hand_state = TLS_ST_SW_CHANGE; else if (s->hello_retry_request == SSL_HRR_PENDING) st->hand_state = TLS_ST_EARLY_DATA; @@ -670,8 +669,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL_CONNECTION *s) } else { /* Check if it is anon DH or anon ECDH, */ /* normal PSK or SRP */ - if (!(s->s3.tmp.new_cipher->algorithm_auth & - (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { + if (!(s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { st->hand_state = TLS_ST_SW_CERT; } else if (send_server_key_exchange(s)) { st->hand_state = TLS_ST_SW_KEY_EXCH; @@ -791,7 +789,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL_CONNECTION *s, WORK_STATE wst) case TLS_ST_SW_SESSION_TICKET: if (SSL_CONNECTION_IS_TLS13(s) && s->sent_tickets == 0 - && s->ext.extra_tickets_expected == 0) { + && s->ext.extra_tickets_expected == 0) { /* * Actually this is the end of the handshake, but we're going * straight into writing the session ticket out. So we finish off @@ -837,7 +835,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL_CONNECTION *s, WORK_STATE wst) case TLS_ST_EARLY_DATA: if (s->early_data_state != SSL_EARLY_DATA_ACCEPTING - && (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) + && (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) return WORK_FINISHED_CONTINUE; /* @@ -847,8 +845,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL_CONNECTION *s, WORK_STATE wst) if (SSL_NO_EOED(s) && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED && s->early_data_state != SSL_EARLY_DATA_FINISHED_READING) { s->early_data_state = SSL_EARLY_DATA_FINISHED_READING; - if (!ssl->method->ssl3_enc->change_cipher_state(s, SSL3_CC_HANDSHAKE - | SSL3_CHANGE_CIPHER_SERVER_READ)) { + if (!ssl->method->ssl3_enc->change_cipher_state(s, SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return WORK_ERROR; } @@ -928,7 +925,7 @@ WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst) if (SSL_CONNECTION_IS_TLS13(s) && s->hello_retry_request == SSL_HRR_PENDING) { if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0 - && statem_flush(s) != 1) + && statem_flush(s) != 1) return WORK_MORE_A; break; } @@ -943,7 +940,7 @@ WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst) * SCTP used. */ memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, - sizeof(DTLS1_SCTP_AUTH_LABEL)); + sizeof(DTLS1_SCTP_AUTH_LABEL)); /* Don't include the terminating zero. */ labellen = sizeof(labelbuffer) - 1; @@ -951,20 +948,21 @@ WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst) labellen += 1; if (SSL_export_keying_material(ssl, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - labellen, NULL, 0, - 0) <= 0) { + sizeof(sctpauthkey), labelbuffer, + labellen, NULL, 0, + 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return WORK_ERROR; } BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); + sizeof(sctpauthkey), sctpauthkey); } #endif if (!SSL_CONNECTION_IS_TLS13(s) - || ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 - && s->hello_retry_request != SSL_HRR_COMPLETE)) + || ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 + && s->hello_retry_request != SSL_HRR_COMPLETE)) break; /* Fall through */ @@ -979,14 +977,14 @@ WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst) if (!ssl->method->ssl3_enc->setup_key_block(s) || !tls13_store_handshake_traffic_hash(s) || !ssl->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_WRITE)) { + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_WRITE)) { /* SSLfatal() already called */ return WORK_ERROR; } if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED && !ssl->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE |SSL3_CHANGE_CIPHER_SERVER_READ)) { + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) { /* SSLfatal() already called */ return WORK_ERROR; } @@ -1007,11 +1005,11 @@ WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst) * no SCTP used. */ BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, - 0, NULL); + 0, NULL); } #endif if (!ssl->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_SERVER_WRITE)) { + SSL3_CHANGE_CIPHER_SERVER_WRITE)) { /* SSLfatal() already called */ return WORK_ERROR; } @@ -1032,20 +1030,20 @@ WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst) * no SCTP used. */ BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, - 0, NULL); + 0, NULL); } #endif if (SSL_CONNECTION_IS_TLS13(s)) { /* TLS 1.3 gets the secret size from the handshake md */ size_t dummy; if (!ssl->method->ssl3_enc->generate_master_secret(s, - s->master_secret, s->handshake_secret, 0, - &dummy) + s->master_secret, s->handshake_secret, 0, + &dummy) || !tls13_store_server_finished_hash(s) || !ssl->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE)) - /* SSLfatal() already called */ - return WORK_ERROR; + SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE)) + /* SSLfatal() already called */ + return WORK_ERROR; } break; @@ -1055,7 +1053,7 @@ WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst) return WORK_MORE_A; } else { if (!SSL_CONNECTION_IS_TLS13(s) - || (s->options & SSL_OP_NO_TX_CERTIFICATE_COMPRESSION) != 0) + || (s->options & SSL_OP_NO_TX_CERTIFICATE_COMPRESSION) != 0) s->ext.compress_certificate_from_peer[0] = TLSEXT_comp_cert_none; } break; @@ -1063,7 +1061,7 @@ WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst) case TLS_ST_SW_ENCRYPTED_EXTENSIONS: if (!s->hit && !send_certificate_request(s)) { if (!SSL_CONNECTION_IS_TLS13(s) - || (s->options & SSL_OP_NO_TX_CERTIFICATE_COMPRESSION) != 0) + || (s->options & SSL_OP_NO_TX_CERTIFICATE_COMPRESSION) != 0) s->ext.compress_certificate_from_peer[0] = TLSEXT_comp_cert_none; } break; @@ -1081,7 +1079,7 @@ WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst) clear_sys_error(); if (SSL_CONNECTION_IS_TLS13(s) && statem_flush(s) != 1) { if (SSL_get_error(ssl, 0) == SSL_ERROR_SYSCALL - && conn_is_closed()) { + && conn_is_closed()) { /* * We ignore connection closed errors in TLSv1.3 when sending a * NewSessionTicket and behave as if we were successful. This is @@ -1110,7 +1108,7 @@ WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst) * 0: Error */ int ossl_statem_server_construct_message(SSL_CONNECTION *s, - confunc_f *confunc, int *mt) + confunc_f *confunc, int *mt) { OSSL_STATEM *st = &s->statem; @@ -1161,7 +1159,6 @@ int ossl_statem_server_construct_message(SSL_CONNECTION *s, *mt = SSL3_MT_CERTIFICATE_VERIFY; break; - case TLS_ST_SW_KEY_EXCH: *confunc = tls_construct_server_key_exchange; *mt = SSL3_MT_SERVER_KEY_EXCHANGE; @@ -1226,10 +1223,10 @@ int ossl_statem_server_construct_message(SSL_CONNECTION *s, * 2 + # length of extensions * 2^16-1 # maximum length of extensions */ -#define CLIENT_HELLO_MAX_LENGTH 131396 +#define CLIENT_HELLO_MAX_LENGTH 131396 -#define CLIENT_KEY_EXCH_MAX_LENGTH 2048 -#define NEXT_PROTO_MAX_LENGTH 514 +#define CLIENT_KEY_EXCH_MAX_LENGTH 2048 +#define NEXT_PROTO_MAX_LENGTH 514 /* * Returns the maximum allowed length for the current message that we are @@ -1280,7 +1277,7 @@ size_t ossl_statem_server_max_message_size(SSL_CONNECTION *s) * Process a message that the server has received from the client. */ MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL_CONNECTION *s, - PACKET *pkt) + PACKET *pkt) { OSSL_STATEM *st = &s->statem; @@ -1323,7 +1320,6 @@ MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL_CONNECTION *s, case TLS_ST_SR_KEY_UPDATE: return tls_process_key_update(s, pkt); - } } @@ -1332,7 +1328,7 @@ MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL_CONNECTION *s, * from the client */ WORK_STATE ossl_statem_server_post_process_message(SSL_CONNECTION *s, - WORK_STATE wst) + WORK_STATE wst) { OSSL_STATEM *st = &s->statem; @@ -1357,15 +1353,14 @@ static int ssl_check_srp_ext_ClientHello(SSL_CONNECTION *s) int ret; int al = SSL_AD_UNRECOGNIZED_NAME; - if ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_kSRP) && - (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) { + if ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_kSRP) && (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) { if (s->srp_ctx.login == NULL) { /* * RFC 5054 says SHOULD reject, we do so if There is no srp * login name */ SSLfatal(s, SSL_AD_UNKNOWN_PSK_IDENTITY, - SSL_R_PSK_IDENTITY_NOT_FOUND); + SSL_R_PSK_IDENTITY_NOT_FOUND); return -1; } else { ret = ssl_srp_server_param_with_username_intern(s, &al); @@ -1373,9 +1368,9 @@ static int ssl_check_srp_ext_ClientHello(SSL_CONNECTION *s) return 0; if (ret == SSL3_AL_FATAL) { SSLfatal(s, al, - al == SSL_AD_UNKNOWN_PSK_IDENTITY - ? SSL_R_PSK_IDENTITY_NOT_FOUND - : SSL_R_CLIENTHELLO_TLSEXT); + al == SSL_AD_UNKNOWN_PSK_IDENTITY + ? SSL_R_PSK_IDENTITY_NOT_FOUND + : SSL_R_CLIENTHELLO_TLSEXT); return -1; } } @@ -1385,25 +1380,26 @@ static int ssl_check_srp_ext_ClientHello(SSL_CONNECTION *s) #endif int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, - size_t cookie_len) + size_t cookie_len) { /* Always use DTLS 1.0 version: see RFC 6347 */ if (!WPACKET_put_bytes_u16(pkt, DTLS1_VERSION) - || !WPACKET_sub_memcpy_u8(pkt, cookie, cookie_len)) + || !WPACKET_sub_memcpy_u8(pkt, cookie, cookie_len)) return 0; return 1; } CON_FUNC_RETURN dtls_construct_hello_verify_request(SSL_CONNECTION *s, - WPACKET *pkt) + WPACKET *pkt) { unsigned int cookie_leni; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (sctx->app_gen_cookie_cb == NULL || sctx->app_gen_cookie_cb(SSL_CONNECTION_GET_USER_SSL(s), s->d1->cookie, - &cookie_leni) == 0 + &cookie_leni) + == 0 || cookie_leni > DTLS1_COOKIE_LENGTH) { SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); return CON_FUNC_ERROR; @@ -1411,7 +1407,7 @@ CON_FUNC_RETURN dtls_construct_hello_verify_request(SSL_CONNECTION *s, s->d1->cookie_len = cookie_leni; if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie, - s->d1->cookie_len)) { + s->d1->cookie_len)) { SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); return CON_FUNC_ERROR; } @@ -1434,29 +1430,45 @@ CON_FUNC_RETURN dtls_construct_hello_verify_request(SSL_CONNECTION *s, * 10.8..10.8.3 (which don't work). */ static void ssl_check_for_safari(SSL_CONNECTION *s, - const CLIENTHELLO_MSG *hello) + const CLIENTHELLO_MSG *hello) { static const unsigned char kSafariExtensionsBlock[] = { - 0x00, 0x0a, /* elliptic_curves extension */ - 0x00, 0x08, /* 8 bytes */ - 0x00, 0x06, /* 6 bytes of curve ids */ - 0x00, 0x17, /* P-256 */ - 0x00, 0x18, /* P-384 */ - 0x00, 0x19, /* P-521 */ - - 0x00, 0x0b, /* ec_point_formats */ - 0x00, 0x02, /* 2 bytes */ - 0x01, /* 1 point format */ - 0x00, /* uncompressed */ + 0x00, + 0x0a, /* elliptic_curves extension */ + 0x00, + 0x08, /* 8 bytes */ + 0x00, + 0x06, /* 6 bytes of curve ids */ + 0x00, + 0x17, /* P-256 */ + 0x00, + 0x18, /* P-384 */ + 0x00, + 0x19, /* P-521 */ + + 0x00, + 0x0b, /* ec_point_formats */ + 0x00, + 0x02, /* 2 bytes */ + 0x01, /* 1 point format */ + 0x00, /* uncompressed */ /* The following is only present in TLS 1.2 */ - 0x00, 0x0d, /* signature_algorithms */ - 0x00, 0x0c, /* 12 bytes */ - 0x00, 0x0a, /* 10 bytes */ - 0x05, 0x01, /* SHA-384/RSA */ - 0x04, 0x01, /* SHA-256/RSA */ - 0x02, 0x01, /* SHA-1/RSA */ - 0x04, 0x03, /* SHA-256/ECDSA */ - 0x02, 0x03, /* SHA-1/ECDSA */ + 0x00, + 0x0d, /* signature_algorithms */ + 0x00, + 0x0c, /* 12 bytes */ + 0x00, + 0x0a, /* 10 bytes */ + 0x05, + 0x01, /* SHA-384/RSA */ + 0x04, + 0x01, /* SHA-256/RSA */ + 0x02, + 0x01, /* SHA-1/RSA */ + 0x04, + 0x03, /* SHA-256/ECDSA */ + 0x02, + 0x03, /* SHA-1/ECDSA */ }; /* Length of the common prefix (first two extensions). */ static const size_t kSafariCommonExtensionsLength = 18; @@ -1476,16 +1488,18 @@ static void ssl_check_for_safari(SSL_CONNECTION *s, return; ext_len = TLS1_get_client_version( - SSL_CONNECTION_GET_SSL(s)) >= TLS1_2_VERSION ? - sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength; + SSL_CONNECTION_GET_SSL(s)) + >= TLS1_2_VERSION + ? sizeof(kSafariExtensionsBlock) + : kSafariCommonExtensionsLength; s->s3.is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock, - ext_len); + ext_len); } -#define RENEG_OPTIONS_OK(options) \ +#define RENEG_OPTIONS_OK(options) \ ((options & SSL_OP_NO_RENEGOTIATION) == 0 \ - && (options & SSL_OP_ALLOW_CLIENT_RENEGOTIATION) != 0) + && (options & SSL_OP_ALLOW_CLIENT_RENEGOTIATION) != 0) MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, PACKET *pkt) { @@ -1501,9 +1515,10 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, PACKET *pkt) goto err; } if (!RENEG_OPTIONS_OK(s->options) - || (!s->s3.send_connection_binding - && (s->options - & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)) { + || (!s->s3.send_connection_binding + && (s->options + & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) + == 0)) { ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); return MSG_PROCESS_FINISHED_READING; } @@ -1527,7 +1542,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, PACKET *pkt) unsigned int mt; if (!SSL_IS_FIRST_HANDSHAKE(s) - || s->hello_retry_request != SSL_HRR_NONE) { + || s->hello_retry_request != SSL_HRR_NONE) { SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto err; } @@ -1587,7 +1602,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, PACKET *pkt) } if (!PACKET_get_sub_packet(pkt, &clienthello->ciphersuites, - ciphersuite_len) + ciphersuite_len) || !PACKET_copy_bytes(pkt, clienthello->session_id, session_id_len) || !PACKET_get_sub_packet(pkt, &challenge, challenge_len) /* No extensions. */ @@ -1603,11 +1618,11 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, PACKET *pkt) * sizeof(clienthello->random) does. */ challenge_len = challenge_len > SSL3_RANDOM_SIZE - ? SSL3_RANDOM_SIZE : challenge_len; + ? SSL3_RANDOM_SIZE + : challenge_len; memset(clienthello->random, 0, SSL3_RANDOM_SIZE); if (!PACKET_copy_bytes(&challenge, - clienthello->random + SSL3_RANDOM_SIZE - - challenge_len, challenge_len) + clienthello->random + SSL3_RANDOM_SIZE - challenge_len, challenge_len) /* Advertise only null compression. */ || !PACKET_buf_init(&compression, &null_compression, 1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1620,8 +1635,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, PACKET *pkt) if (!PACKET_copy_bytes(pkt, clienthello->random, SSL3_RANDOM_SIZE) || !PACKET_get_length_prefixed_1(pkt, &session_id) || !PACKET_copy_all(&session_id, clienthello->session_id, - SSL_MAX_SSL_SESSION_ID_LENGTH, - &clienthello->session_id_len)) { + SSL_MAX_SSL_SESSION_ID_LENGTH, + &clienthello->session_id_len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } @@ -1632,8 +1647,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, PACKET *pkt) goto err; } if (!PACKET_copy_all(&cookie, clienthello->dtls_cookie, - DTLS1_COOKIE_LENGTH, - &clienthello->dtls_cookie_len)) { + DTLS1_COOKIE_LENGTH, + &clienthello->dtls_cookie_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1665,7 +1680,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, PACKET *pkt) PACKET_null_init(&clienthello->extensions); } else { if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } @@ -1673,8 +1688,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, PACKET *pkt) } if (!PACKET_copy_all(&compression, clienthello->compressions, - MAX_COMPRESSIONS_SIZE, - &clienthello->compressions_len)) { + MAX_COMPRESSIONS_SIZE, + &clienthello->compressions_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1682,8 +1697,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, PACKET *pkt) /* Preserve the raw extensions PACKET for later use */ extensions = clienthello->extensions; if (!tls_collect_extensions(s, &extensions, SSL_EXT_CLIENT_HELLO, - &clienthello->pre_proc_exts, - &clienthello->pre_proc_exts_len, 1)) { + &clienthello->pre_proc_exts, + &clienthello->pre_proc_exts_len, 1)) { /* SSLfatal already been called */ goto err; } @@ -1691,7 +1706,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, PACKET *pkt) return MSG_PROCESS_CONTINUE_PROCESSING; - err: +err: if (clienthello != NULL) OPENSSL_free(clienthello->pre_proc_exts); OPENSSL_free(clienthello); @@ -1741,8 +1756,8 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) if (clienthello->isv2) { if (clienthello->legacy_version == SSL2_VERSION - || (clienthello->legacy_version & 0xff00) - != (SSL3_VERSION_MAJOR << 8)) { + || (clienthello->legacy_version & 0xff00) + != (SSL3_VERSION_MAJOR << 8)) { /* * This is real SSLv2 or something completely unknown. We don't * support it. @@ -1778,16 +1793,18 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) if (SSL_get_options(ssl) & SSL_OP_COOKIE_EXCHANGE) { if (sctx->app_verify_cookie_cb != NULL) { if (sctx->app_verify_cookie_cb(ussl, clienthello->dtls_cookie, - clienthello->dtls_cookie_len) == 0) { + clienthello->dtls_cookie_len) + == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_COOKIE_MISMATCH); + SSL_R_COOKIE_MISMATCH); goto err; /* else cookie verification succeeded */ } /* default verification */ } else if (s->d1->cookie_len != clienthello->dtls_cookie_len - || memcmp(clienthello->dtls_cookie, s->d1->cookie, - s->d1->cookie_len) != 0) { + || memcmp(clienthello->dtls_cookie, s->d1->cookie, + s->d1->cookie_len) + != 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_COOKIE_MISMATCH); goto err; } @@ -1798,9 +1815,9 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) s->hit = 0; if (!ssl_cache_cipherlist(s, &clienthello->ciphersuites, - clienthello->isv2) || - !ossl_bytes_to_cipher_list(s, &clienthello->ciphersuites, &ciphers, - &scsvs, clienthello->isv2, 1)) { + clienthello->isv2) + || !ossl_bytes_to_cipher_list(s, &clienthello->ciphersuites, &ciphers, + &scsvs, clienthello->isv2, 1)) { /* SSLfatal() already called */ goto err; } @@ -1814,12 +1831,11 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) if (s->renegotiate) { /* SCSV is fatal if renegotiating */ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); + SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); goto err; } s->s3.send_connection_binding = 1; - } else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV && - !ssl_check_version_downgrade(s)) { + } else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV && !ssl_check_version_downgrade(s)) { /* * This SCSV indicates that the client previously tried * a higher version. We should fail if the current version @@ -1828,7 +1844,7 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) * an insecure downgrade. */ SSLfatal(s, SSL_AD_INAPPROPRIATE_FALLBACK, - SSL_R_INAPPROPRIATE_FALLBACK); + SSL_R_INAPPROPRIATE_FALLBACK); goto err; } } @@ -1836,16 +1852,15 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) /* For TLSv1.3 we must select the ciphersuite *before* session resumption */ if (SSL_CONNECTION_IS_TLS13(s)) { - const SSL_CIPHER *cipher = - ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(ssl)); + const SSL_CIPHER *cipher = ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(ssl)); if (cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_SHARED_CIPHER); goto err; } if (s->hello_retry_request == SSL_HRR_PENDING - && (s->s3.tmp.new_cipher == NULL - || s->s3.tmp.new_cipher->id != cipher->id)) { + && (s->s3.tmp.new_cipher == NULL + || s->s3.tmp.new_cipher->id != cipher->id)) { /* * A previous HRR picked a different ciphersuite to the one we * just selected. Something must have changed. @@ -1858,8 +1873,8 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) /* We need to do this before getting the session */ if (!tls_parse_extension(s, TLSEXT_IDX_extended_master_secret, - SSL_EXT_CLIENT_HELLO, - clienthello->pre_proc_exts, NULL, 0)) { + SSL_EXT_CLIENT_HELLO, + clienthello->pre_proc_exts, NULL, 0)) { /* SSLfatal() already called */ goto err; } @@ -1880,9 +1895,7 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be * ignored. */ - if (clienthello->isv2 || - (s->new_session && - (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { + if (clienthello->isv2 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { if (!ssl_get_new_session(s, 1)) { /* SSLfatal() already called */ goto err; @@ -1906,7 +1919,7 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) if (SSL_CONNECTION_IS_TLS13(s)) { memcpy(s->tmp_session_id, s->clienthello->session_id, - s->clienthello->session_id_len); + s->clienthello->session_id_len); s->tmp_session_id_len = s->clienthello->session_id_len; } @@ -1918,15 +1931,16 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) j = 0; id = s->session->cipher->id; - OSSL_TRACE_BEGIN(TLS_CIPHER) { + OSSL_TRACE_BEGIN(TLS_CIPHER) + { BIO_printf(trc_out, "client sent %d ciphers\n", - sk_SSL_CIPHER_num(ciphers)); + sk_SSL_CIPHER_num(ciphers)); } for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { c = sk_SSL_CIPHER_value(ciphers, i); if (trc_out != NULL) BIO_printf(trc_out, "client [%2d of %2d]:%s\n", i, - sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c)); + sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c)); if (c->id == id) { j = 1; break; @@ -1938,7 +1952,7 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) * to reuse it */ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_REQUIRED_CIPHER_MISSING); + SSL_R_REQUIRED_CIPHER_MISSING); OSSL_TRACE_CANCEL(TLS_CIPHER); goto err; } @@ -1952,9 +1966,10 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) } /* Make sure at least the null compression is supported. */ if (memchr(clienthello->compressions, 0, - clienthello->compressions_len) == NULL) { + clienthello->compressions_len) + == NULL) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING); + SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING); goto err; } @@ -1963,7 +1978,7 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) /* TLS extensions */ if (!tls_parse_all_extensions(s, SSL_EXT_CLIENT_HELLO, - clienthello->pre_proc_exts, NULL, 0, 1)) { + clienthello->pre_proc_exts, NULL, 0, 1)) { /* SSLfatal() already called */ goto err; } @@ -1989,10 +2004,10 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) } if (!s->hit - && s->version >= TLS1_VERSION - && !SSL_CONNECTION_IS_TLS13(s) - && !SSL_CONNECTION_IS_DTLS(s) - && s->ext.session_secret_cb != NULL) { + && s->version >= TLS1_VERSION + && !SSL_CONNECTION_IS_TLS13(s) + && !SSL_CONNECTION_IS_DTLS(s) + && s->ext.session_secret_cb != NULL) { const SSL_CIPHER *pref_cipher = NULL; /* * s->session->master_key_length is a size_t, but this is an int for @@ -2002,10 +2017,10 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) master_key_length = sizeof(s->session->master_key); if (s->ext.session_secret_cb(ussl, s->session->master_key, - &master_key_length, ciphers, - &pref_cipher, - s->ext.session_secret_cb_arg) - && master_key_length > 0) { + &master_key_length, ciphers, + &pref_cipher, + s->ext.session_secret_cb_arg) + && master_key_length > 0) { s->session->master_key_length = master_key_length; s->hit = 1; s->peer_ciphers = ciphers; @@ -2016,7 +2031,7 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) /* check if some cipher was preferred by call back */ if (pref_cipher == NULL) pref_cipher = ssl3_choose_cipher(s, s->peer_ciphers, - SSL_get_ciphers(ssl)); + SSL_get_ciphers(ssl)); if (pref_cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_SHARED_CIPHER); goto err; @@ -2044,7 +2059,7 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) */ if (clienthello->compressions_len != 1) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_INVALID_COMPRESSION_ALGORITHM); + SSL_R_INVALID_COMPRESSION_ALGORITHM); goto err; } } @@ -2057,7 +2072,7 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) /* Can't disable compression */ if (!ssl_allow_compression(s)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_INCONSISTENT_COMPRESSION); + SSL_R_INCONSISTENT_COMPRESSION); goto err; } /* Look for resumed compression method */ @@ -2070,7 +2085,7 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) } if (s->s3.tmp.new_compression == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_INVALID_COMPRESSION_ALGORITHM); + SSL_R_INVALID_COMPRESSION_ALGORITHM); goto err; } /* Look for resumed method in compression list */ @@ -2080,7 +2095,7 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) } if (k >= clienthello->compressions_len) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING); + SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING); goto err; } } else if (s->hit) { @@ -2147,7 +2162,7 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) OPENSSL_free(s->clienthello); s->clienthello = NULL; return 1; - err: +err: sk_SSL_CIPHER_free(ciphers); sk_SSL_CIPHER_free(scsvs); OPENSSL_free(clienthello->pre_proc_exts); @@ -2174,7 +2189,7 @@ static int tls_handle_status_request(SSL_CONNECTION *s) * influence which certificate is sent */ if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing && sctx != NULL - && sctx->ext.status_cb != NULL) { + && sctx->ext.status_cb != NULL) { int ret; /* If no certificate can't return certificate status */ @@ -2185,7 +2200,7 @@ static int tls_handle_status_request(SSL_CONNECTION *s) */ s->cert->key = s->s3.tmp.cert; ret = sctx->ext.status_cb(SSL_CONNECTION_GET_USER_SSL(s), - sctx->ext.status_arg); + sctx->ext.status_arg); switch (ret) { /* We don't want to send a status request response */ case SSL_TLSEXT_ERR_NOACK: @@ -2220,10 +2235,10 @@ int tls_handle_alpn(SSL_CONNECTION *s) if (sctx->ext.alpn_select_cb != NULL && s->s3.alpn_proposed != NULL) { int r = sctx->ext.alpn_select_cb(SSL_CONNECTION_GET_USER_SSL(s), - &selected, &selected_len, - s->s3.alpn_proposed, - (unsigned int)s->s3.alpn_proposed_len, - sctx->ext.alpn_select_cb_arg); + &selected, &selected_len, + s->s3.alpn_proposed, + (unsigned int)s->s3.alpn_proposed_len, + sctx->ext.alpn_select_cb_arg); if (r == SSL_TLSEXT_ERR_OK) { OPENSSL_free(s->s3.alpn_selected); @@ -2241,9 +2256,10 @@ int tls_handle_alpn(SSL_CONNECTION *s) /* Check ALPN is consistent with session */ if (s->session->ext.alpn_selected == NULL - || selected_len != s->session->ext.alpn_selected_len - || memcmp(selected, s->session->ext.alpn_selected, - selected_len) != 0) { + || selected_len != s->session->ext.alpn_selected_len + || memcmp(selected, s->session->ext.alpn_selected, + selected_len) + != 0) { /* Not consistent so can't be used for early_data */ s->ext.early_data_ok = 0; @@ -2255,14 +2271,14 @@ int tls_handle_alpn(SSL_CONNECTION *s) */ if (!ossl_assert(s->session->ext.alpn_selected == NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); return 0; } s->session->ext.alpn_selected = OPENSSL_memdup(selected, - selected_len); + selected_len); if (s->session->ext.alpn_selected == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); return 0; } s->session->ext.alpn_selected_len = selected_len; @@ -2272,7 +2288,7 @@ int tls_handle_alpn(SSL_CONNECTION *s) return 1; } else if (r != SSL_TLSEXT_ERR_NOACK) { SSLfatal(s, SSL_AD_NO_APPLICATION_PROTOCOL, - SSL_R_NO_APPLICATION_PROTOCOL); + SSL_R_NO_APPLICATION_PROTOCOL); return 0; } /* @@ -2325,13 +2341,12 @@ WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, WORK_STATE wst) /* In TLSv1.3 we selected the ciphersuite before resumption */ if (!SSL_CONNECTION_IS_TLS13(s)) { - cipher = - ssl3_choose_cipher(s, s->peer_ciphers, - SSL_get_ciphers(ssl)); + cipher = ssl3_choose_cipher(s, s->peer_ciphers, + SSL_get_ciphers(ssl)); if (cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SHARED_CIPHER); + SSL_R_NO_SHARED_CIPHER); goto err; } s->s3.tmp.new_cipher = cipher; @@ -2343,10 +2358,10 @@ WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, WORK_STATE wst) } /* check whether we should disable session resumption */ if (s->not_resumable_session_cb != NULL) - s->session->not_resumable = - s->not_resumable_session_cb(ussl, - ((s->s3.tmp.new_cipher->algorithm_mkey - & (SSL_kDHE | SSL_kECDHE)) != 0)); + s->session->not_resumable = s->not_resumable_session_cb(ussl, + ((s->s3.tmp.new_cipher->algorithm_mkey + & (SSL_kDHE | SSL_kECDHE)) + != 0)); if (s->session->not_resumable) /* do not send a session ticket */ s->ext.ticket_expected = 0; @@ -2407,7 +2422,7 @@ WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, WORK_STATE wst) #endif return WORK_FINISHED_STOP; - err: +err: return WORK_ERROR; } @@ -2418,18 +2433,19 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) int version; unsigned char *session_id; int usetls13 = SSL_CONNECTION_IS_TLS13(s) - || s->hello_retry_request == SSL_HRR_PENDING; + || s->hello_retry_request == SSL_HRR_PENDING; version = usetls13 ? TLS1_2_VERSION : s->version; if (!WPACKET_put_bytes_u16(pkt, version) - /* - * Random stuff. Filling of the server_random takes place in - * tls_process_client_hello() - */ - || !WPACKET_memcpy(pkt, - s->hello_retry_request == SSL_HRR_PENDING - ? hrrrandom : s->s3.server_random, - SSL3_RANDOM_SIZE)) { + /* + * Random stuff. Filling of the server_random takes place in + * tls_process_client_hello() + */ + || !WPACKET_memcpy(pkt, + s->hello_retry_request == SSL_HRR_PENDING + ? hrrrandom + : s->s3.server_random, + SSL3_RANDOM_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return CON_FUNC_ERROR; } @@ -2453,7 +2469,7 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) * to send back. */ if (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER) - && !s->hit) + && !s->hit) s->session->session_id_length = 0; if (usetls13) { @@ -2480,20 +2496,20 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) #endif if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl) - || !SSL_CONNECTION_GET_SSL(s)->method->put_cipher_by_char(s->s3.tmp.new_cipher, - pkt, &len) - || !WPACKET_put_bytes_u8(pkt, compm)) { + || !SSL_CONNECTION_GET_SSL(s)->method->put_cipher_by_char(s->s3.tmp.new_cipher, + pkt, &len) + || !WPACKET_put_bytes_u8(pkt, compm)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return CON_FUNC_ERROR; } if (!tls_construct_extensions(s, pkt, - s->hello_retry_request == SSL_HRR_PENDING - ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST - : (SSL_CONNECTION_IS_TLS13(s) - ? SSL_EXT_TLS1_3_SERVER_HELLO - : SSL_EXT_TLS1_2_SERVER_HELLO), - NULL, 0)) { + s->hello_retry_request == SSL_HRR_PENDING + ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST + : (SSL_CONNECTION_IS_TLS13(s) + ? SSL_EXT_TLS1_3_SERVER_HELLO + : SSL_EXT_TLS1_2_SERVER_HELLO), + NULL, 0)) { /* SSLfatal() already called */ return CON_FUNC_ERROR; } @@ -2513,7 +2529,7 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) return CON_FUNC_ERROR; } } else if (!(s->verify_mode & SSL_VERIFY_PEER) - && !ssl3_digest_cached_records(s, 0)) { + && !ssl3_digest_cached_records(s, 0)) { /* SSLfatal() already called */; return CON_FUNC_ERROR; } @@ -2533,7 +2549,7 @@ CON_FUNC_RETURN tls_construct_server_done(SSL_CONNECTION *s, WPACKET *pkt) } CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s, - WPACKET *pkt) + WPACKET *pkt) { EVP_PKEY *pkdh = NULL; unsigned char *encodedPoint = NULL; @@ -2567,124 +2583,122 @@ CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s, /* Plain PSK or RSAPSK nothing to do */ if (type & (SSL_kPSK | SSL_kRSAPSK)) { } else -#endif /* !OPENSSL_NO_PSK */ - if (type & (SSL_kDHE | SSL_kDHEPSK)) { - CERT *cert = s->cert; - EVP_PKEY *pkdhp = NULL; - - if (s->cert->dh_tmp_auto) { - pkdh = ssl_get_auto_dh(s); - if (pkdh == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; +#endif /* !OPENSSL_NO_PSK */ + if (type & (SSL_kDHE | SSL_kDHEPSK)) { + CERT *cert = s->cert; + EVP_PKEY *pkdhp = NULL; + + if (s->cert->dh_tmp_auto) { + pkdh = ssl_get_auto_dh(s); + if (pkdh == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } + pkdhp = pkdh; + } else { + pkdhp = cert->dh_tmp; } - pkdhp = pkdh; - } else { - pkdhp = cert->dh_tmp; - } #if !defined(OPENSSL_NO_DEPRECATED_3_0) - if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) { - pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(SSL_CONNECTION_GET_USER_SSL(s), - 0, 1024)); - if (pkdh == NULL) { + if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) { + pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(SSL_CONNECTION_GET_USER_SSL(s), + 0, 1024)); + if (pkdh == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } + pkdhp = pkdh; + } +#endif + if (pkdhp == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_TMP_DH_KEY); + goto err; + } + if (!ssl_security(s, SSL_SECOP_TMP_DH, + EVP_PKEY_get_security_bits(pkdhp), 0, pkdhp)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_DH_KEY_TOO_SMALL); + goto err; + } + if (s->s3.tmp.pkey != NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } - pkdhp = pkdh; - } -#endif - if (pkdhp == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_TMP_DH_KEY); - goto err; - } - if (!ssl_security(s, SSL_SECOP_TMP_DH, - EVP_PKEY_get_security_bits(pkdhp), 0, pkdhp)) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_DH_KEY_TOO_SMALL); - goto err; - } - if (s->s3.tmp.pkey != NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - s->s3.tmp.pkey = ssl_generate_pkey(s, pkdhp); - if (s->s3.tmp.pkey == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } + s->s3.tmp.pkey = ssl_generate_pkey(s, pkdhp); + if (s->s3.tmp.pkey == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } - EVP_PKEY_free(pkdh); - pkdh = NULL; + EVP_PKEY_free(pkdh); + pkdh = NULL; - /* These BIGNUMs need to be freed when we're finished */ - freer = 1; - if (!EVP_PKEY_get_bn_param(s->s3.tmp.pkey, OSSL_PKEY_PARAM_FFC_P, - &r[0]) + /* These BIGNUMs need to be freed when we're finished */ + freer = 1; + if (!EVP_PKEY_get_bn_param(s->s3.tmp.pkey, OSSL_PKEY_PARAM_FFC_P, + &r[0]) || !EVP_PKEY_get_bn_param(s->s3.tmp.pkey, OSSL_PKEY_PARAM_FFC_G, - &r[1]) + &r[1]) || !EVP_PKEY_get_bn_param(s->s3.tmp.pkey, - OSSL_PKEY_PARAM_PUB_KEY, &r[2])) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - } else if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { + OSSL_PKEY_PARAM_PUB_KEY, &r[2])) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } + } else if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { - if (s->s3.tmp.pkey != NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } + if (s->s3.tmp.pkey != NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } - /* Get NID of appropriate shared curve */ - curve_id = tls1_shared_group(s, -2); - if (curve_id == 0) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); - goto err; - } - /* Cache the group used in the SSL_SESSION */ - s->session->kex_group = curve_id; - /* Generate a new key for this curve */ - s->s3.tmp.pkey = ssl_generate_pkey_group(s, curve_id); - if (s->s3.tmp.pkey == NULL) { - /* SSLfatal() already called */ - goto err; - } + /* Get NID of appropriate shared curve */ + curve_id = tls1_shared_group(s, -2); + if (curve_id == 0) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); + goto err; + } + /* Cache the group used in the SSL_SESSION */ + s->session->kex_group = curve_id; + /* Generate a new key for this curve */ + s->s3.tmp.pkey = ssl_generate_pkey_group(s, curve_id); + if (s->s3.tmp.pkey == NULL) { + /* SSLfatal() already called */ + goto err; + } - /* Encode the public key. */ - encodedlen = EVP_PKEY_get1_encoded_public_key(s->s3.tmp.pkey, - &encodedPoint); - if (encodedlen == 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EC_LIB); - goto err; - } + /* Encode the public key. */ + encodedlen = EVP_PKEY_get1_encoded_public_key(s->s3.tmp.pkey, + &encodedPoint); + if (encodedlen == 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EC_LIB); + goto err; + } - /* - * We'll generate the serverKeyExchange message explicitly so we - * can set these to NULLs - */ - r[0] = NULL; - r[1] = NULL; - r[2] = NULL; - r[3] = NULL; - } else + /* + * We'll generate the serverKeyExchange message explicitly so we + * can set these to NULLs + */ + r[0] = NULL; + r[1] = NULL; + r[2] = NULL; + r[3] = NULL; + } else #ifndef OPENSSL_NO_SRP - if (type & SSL_kSRP) { - if ((s->srp_ctx.N == NULL) || - (s->srp_ctx.g == NULL) || - (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_SRP_PARAM); + if (type & SSL_kSRP) { + if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) || (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_SRP_PARAM); + goto err; + } + r[0] = s->srp_ctx.N; + r[1] = s->srp_ctx.g; + r[2] = s->srp_ctx.s; + r[3] = s->srp_ctx.B; + } else +#endif + { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); goto err; } - r[0] = s->srp_ctx.N; - r[1] = s->srp_ctx.g; - r[2] = s->srp_ctx.s; - r[3] = s->srp_ctx.B; - } else -#endif - { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); - goto err; - } if (((s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) != 0) || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK)) != 0) { @@ -2697,15 +2711,16 @@ CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s, #ifndef OPENSSL_NO_PSK if (type & SSL_PSK) { size_t len = (s->cert->psk_identity_hint == NULL) - ? 0 : strlen(s->cert->psk_identity_hint); + ? 0 + : strlen(s->cert->psk_identity_hint); /* * It should not happen that len > PSK_MAX_IDENTITY_LEN - we already * checked this when we set the identity hint - but just in case */ if (len > PSK_MAX_IDENTITY_LEN - || !WPACKET_sub_memcpy_u16(pkt, s->cert->psk_identity_hint, - len)) { + || !WPACKET_sub_memcpy_u16(pkt, s->cert->psk_identity_hint, + len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2746,7 +2761,7 @@ CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s, } if (!WPACKET_allocate_bytes(pkt, BN_num_bytes(r[i]), &binval) - || !WPACKET_close(pkt)) { + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2762,9 +2777,9 @@ CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s, * point itself */ if (!WPACKET_put_bytes_u8(pkt, NAMED_CURVE_TYPE) - || !WPACKET_put_bytes_u8(pkt, 0) - || !WPACKET_put_bytes_u8(pkt, curve_id) - || !WPACKET_sub_memcpy_u8(pkt, encodedPoint, encodedlen)) { + || !WPACKET_put_bytes_u8(pkt, 0) + || !WPACKET_put_bytes_u8(pkt, curve_id) + || !WPACKET_sub_memcpy_u8(pkt, encodedPoint, encodedlen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2796,9 +2811,10 @@ CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s, } if (EVP_DigestSignInit_ex(md_ctx, &pctx, - md == NULL ? NULL : EVP_MD_get0_name(md), - sctx->libctx, sctx->propq, pkey, - NULL) <= 0) { + md == NULL ? NULL : EVP_MD_get0_name(md), + sctx->libctx, sctx->propq, pkey, + NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -2810,18 +2826,18 @@ CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s, } } tbslen = construct_key_exchange_tbs(s, &tbs, - s->init_buf->data + paramoffset, - paramlen); + s->init_buf->data + paramoffset, + paramlen); if (tbslen == 0) { /* SSLfatal() already called */ goto err; } - if (EVP_DigestSign(md_ctx, NULL, &siglen, tbs, tbslen) <=0 - || !WPACKET_sub_reserve_bytes_u16(pkt, siglen, &sigbytes1) - || EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen) <= 0 - || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2) - || sigbytes1 != sigbytes2) { + if (EVP_DigestSign(md_ctx, NULL, &siglen, tbs, tbslen) <= 0 + || !WPACKET_sub_reserve_bytes_u16(pkt, siglen, &sigbytes1) + || EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen) <= 0 + || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2) + || sigbytes1 != sigbytes2) { OPENSSL_free(tbs); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -2830,7 +2846,7 @@ CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s, } ret = CON_FUNC_SUCCESS; - err: +err: EVP_PKEY_free(pkdh); OPENSSL_free(encodedPoint); EVP_MD_CTX_free(md_ctx); @@ -2844,7 +2860,7 @@ CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s, } CON_FUNC_RETURN tls_construct_certificate_request(SSL_CONNECTION *s, - WPACKET *pkt) + WPACKET *pkt) { if (SSL_CONNECTION_IS_TLS13(s)) { /* Send random context when doing post-handshake auth */ @@ -2857,9 +2873,10 @@ CON_FUNC_RETURN tls_construct_certificate_request(SSL_CONNECTION *s, return CON_FUNC_ERROR; } if (RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, - s->pha_context, s->pha_context_len, 0) <= 0 - || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, - s->pha_context_len)) { + s->pha_context, s->pha_context_len, 0) + <= 0 + || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, + s->pha_context_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return CON_FUNC_ERROR; } @@ -2876,8 +2893,8 @@ CON_FUNC_RETURN tls_construct_certificate_request(SSL_CONNECTION *s, } if (!tls_construct_extensions(s, pkt, - SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL, - 0)) { + SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL, + 0)) { /* SSLfatal() already called */ return CON_FUNC_ERROR; } @@ -2896,9 +2913,9 @@ CON_FUNC_RETURN tls_construct_certificate_request(SSL_CONNECTION *s, size_t nl = tls12_get_psigalgs(s, 1, &psigs); if (!WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH) - || !tls12_copy_sigalgs(s, pkt, psigs, nl) - || !WPACKET_close(pkt)) { + || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH) + || !tls12_copy_sigalgs(s, pkt, psigs, nl) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return CON_FUNC_ERROR; } @@ -2909,7 +2926,7 @@ CON_FUNC_RETURN tls_construct_certificate_request(SSL_CONNECTION *s, return CON_FUNC_ERROR; } - done: +done: s->certreqs_sent++; s->s3.tmp.cert_request = 1; return CON_FUNC_SUCCESS; @@ -2941,8 +2958,8 @@ static int tls_process_cke_psk_preamble(SSL_CONNECTION *s, PACKET *pkt) } psklen = s->psk_server_callback(SSL_CONNECTION_GET_USER_SSL(s), - s->session->psk_identity, - psk, sizeof(psk)); + s->session->psk_identity, + psk, sizeof(psk)); if (psklen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -3028,23 +3045,24 @@ static int tls_process_cke_rsa(SSL_CONNECTION *s, PACKET *pkt) * See https://tools.ietf.org/html/rfc5246#section-7.4.7.1 */ if (EVP_PKEY_decrypt_init(ctx) <= 0 - || EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_WITH_TLS_PADDING) <= 0) { + || EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_WITH_TLS_PADDING) <= 0) { SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_DECRYPTION_FAILED); goto err; } *p++ = OSSL_PARAM_construct_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, - (unsigned int *)&s->client_version); - if ((s->options & SSL_OP_TLS_ROLLBACK_BUG) != 0) + (unsigned int *)&s->client_version); + if ((s->options & SSL_OP_TLS_ROLLBACK_BUG) != 0) *p++ = OSSL_PARAM_construct_uint( OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, (unsigned int *)&s->version); *p++ = OSSL_PARAM_construct_end(); if (!EVP_PKEY_CTX_set_params(ctx, params) - || EVP_PKEY_decrypt(ctx, rsa_decrypt, &outlen, - PACKET_data(&enc_premaster), - PACKET_remaining(&enc_premaster)) <= 0) { + || EVP_PKEY_decrypt(ctx, rsa_decrypt, &outlen, + PACKET_data(&enc_premaster), + PACKET_remaining(&enc_premaster)) + <= 0) { SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_DECRYPTION_FAILED); goto err; } @@ -3066,7 +3084,7 @@ static int tls_process_cke_rsa(SSL_CONNECTION *s, PACKET *pkt) } ret = 1; - err: +err: OPENSSL_free(rsa_decrypt); EVP_PKEY_CTX_free(ctx); return ret; @@ -3118,7 +3136,7 @@ static int tls_process_cke_dhe(SSL_CONNECTION *s, PACKET *pkt) ret = 1; EVP_PKEY_free(s->s3.tmp.pkey); s->s3.tmp.pkey = NULL; - err: +err: EVP_PKEY_free(ckey); return ret; } @@ -3173,7 +3191,7 @@ static int tls_process_cke_ecdhe(SSL_CONNECTION *s, PACKET *pkt) ret = 1; EVP_PKEY_free(s->s3.tmp.pkey); s->s3.tmp.pkey = NULL; - err: +err: EVP_PKEY_free(ckey); return ret; @@ -3275,10 +3293,10 @@ static int tls_process_cke_gost(SSL_CONNECTION *s, PACKET *pkt) * We have nothing to do with this blob so we just skip it */ pKX = d2i_GOST_KX_MESSAGE(NULL, &ptr, PACKET_remaining(pkt)); if (pKX == NULL - || pKX->kxBlob == NULL - || ASN1_TYPE_get(pKX->kxBlob) != V_ASN1_SEQUENCE) { - SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_DECRYPTION_FAILED); - goto err; + || pKX->kxBlob == NULL + || ASN1_TYPE_get(pKX->kxBlob) != V_ASN1_SEQUENCE) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_DECRYPTION_FAILED); + goto err; } if (!PACKET_forward(pkt, ptr - PACKET_data(pkt))) { @@ -3295,7 +3313,8 @@ static int tls_process_cke_gost(SSL_CONNECTION *s, PACKET *pkt) start = pKX->kxBlob->value.sequence->data; if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start, - inlen) <= 0) { + inlen) + <= 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_DECRYPTION_FAILED); goto err; } @@ -3306,11 +3325,12 @@ static int tls_process_cke_gost(SSL_CONNECTION *s, PACKET *pkt) } /* Check if pubkey from client certificate was used */ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, - NULL) > 0) + NULL) + > 0) s->statem.no_cert_verify = 1; ret = 1; - err: +err: EVP_PKEY_CTX_free(pkey_ctx); GOST_KX_MESSAGE_free(pKX); return ret; @@ -3345,9 +3365,7 @@ static int tls_process_cke_gost18(SSL_CONNECTION *s, PACKET *pkt) } /* Get our certificate private key */ - pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey != NULL ? - s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey : - s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey; + pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey != NULL ? s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey : s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey; if (pk == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_STATE); goto err; @@ -3365,13 +3383,15 @@ static int tls_process_cke_gost18(SSL_CONNECTION *s, PACKET *pkt) /* Reuse EVP_PKEY_CTRL_SET_IV, make choice in engine code depending on size */ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_DECRYPT, - EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) <= 0) { + EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_DECRYPT, - EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) <= 0) { + EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } @@ -3384,12 +3404,12 @@ static int tls_process_cke_gost18(SSL_CONNECTION *s, PACKET *pkt) } /* Generate master secret */ if (!ssl_generate_master_secret(s, premaster_secret, outlen, 0)) { - /* SSLfatal() already called */ - goto err; + /* SSLfatal() already called */ + goto err; } ret = 1; - err: +err: EVP_PKEY_CTX_free(pkey_ctx); return ret; #else @@ -3400,7 +3420,7 @@ static int tls_process_cke_gost18(SSL_CONNECTION *s, PACKET *pkt) } MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL_CONNECTION *s, - PACKET *pkt) + PACKET *pkt) { unsigned long alg_k; @@ -3459,7 +3479,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL_CONNECTION *s, } return MSG_PROCESS_CONTINUE_PROCESSING; - err: +err: #ifndef OPENSSL_NO_PSK OPENSSL_clear_free(s->s3.tmp.psk, s->s3.tmp.psklen); s->s3.tmp.psk = NULL; @@ -3469,7 +3489,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL_CONNECTION *s, } WORK_STATE tls_post_process_client_key_exchange(SSL_CONNECTION *s, - WORK_STATE wst) + WORK_STATE wst) { #ifndef OPENSSL_NO_SCTP if (wst == WORK_MORE_A) { @@ -3482,7 +3502,7 @@ WORK_STATE tls_post_process_client_key_exchange(SSL_CONNECTION *s, * used. */ memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, - sizeof(DTLS1_SCTP_AUTH_LABEL)); + sizeof(DTLS1_SCTP_AUTH_LABEL)); /* Don't include the terminating zero. */ labellen = sizeof(labelbuffer) - 1; @@ -3490,16 +3510,17 @@ WORK_STATE tls_post_process_client_key_exchange(SSL_CONNECTION *s, labellen += 1; if (SSL_export_keying_material(SSL_CONNECTION_GET_SSL(s), - sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - labellen, NULL, 0, - 0) <= 0) { + sctpauthkey, + sizeof(sctpauthkey), labelbuffer, + labellen, NULL, 0, + 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return WORK_ERROR; } BIO_ctrl(s->wbio, BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, - sizeof(sctpauthkey), sctpauthkey); + sizeof(sctpauthkey), sctpauthkey); } } #endif @@ -3545,15 +3566,15 @@ MSG_PROCESS_RETURN tls_process_client_rpk(SSL_CONNECTION *sc, PACKET *pkt) if (peer_rpk == NULL) { if ((sc->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) - && (sc->verify_mode & SSL_VERIFY_PEER)) { + && (sc->verify_mode & SSL_VERIFY_PEER)) { SSLfatal(sc, SSL_AD_CERTIFICATE_REQUIRED, - SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); + SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); goto err; } } else { if (ssl_verify_rpk(sc, peer_rpk) <= 0) { SSLfatal(sc, ssl_x509err2alert(sc->verify_result), - SSL_R_CERTIFICATE_VERIFY_FAILED); + SSL_R_CERTIFICATE_VERIFY_FAILED); goto err; } } @@ -3600,8 +3621,8 @@ MSG_PROCESS_RETURN tls_process_client_rpk(SSL_CONNECTION *sc, PACKET *pkt) /* Save the current hash state for when we receive the CertificateVerify */ if (!ssl_handshake_hash(sc, sc->cert_verify_hash, - sizeof(sc->cert_verify_hash), - &sc->cert_verify_hash_len)) { + sizeof(sc->cert_verify_hash), + &sc->cert_verify_hash_len)) { /* SSLfatal() already called */; goto err; } @@ -3612,13 +3633,13 @@ MSG_PROCESS_RETURN tls_process_client_rpk(SSL_CONNECTION *sc, PACKET *pkt) ret = MSG_PROCESS_CONTINUE_READING; - err: +err: EVP_PKEY_free(peer_rpk); return ret; } MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, - PACKET *pkt) + PACKET *pkt) { int i; MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR; @@ -3643,7 +3664,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, if (s->ext.client_cert_type != TLSEXT_cert_type_x509) { SSLfatal(s, SSL_AD_UNSUPPORTED_CERTIFICATE, - SSL_R_UNKNOWN_CERTIFICATE_TYPE); + SSL_R_UNKNOWN_CERTIFICATE_TYPE); goto err; } @@ -3654,16 +3675,16 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, if (SSL_CONNECTION_IS_TLS13(s) && (!PACKET_get_length_prefixed_1(pkt, &context) - || (s->pha_context == NULL && PACKET_remaining(&context) != 0) - || (s->pha_context != NULL - && !PACKET_equal(&context, s->pha_context, - s->pha_context_len)))) { + || (s->pha_context == NULL && PACKET_remaining(&context) != 0) + || (s->pha_context != NULL + && !PACKET_equal(&context, s->pha_context, + s->pha_context_len)))) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_INVALID_CONTEXT); goto err; } if (!PACKET_get_length_prefixed_3(pkt, &spkt) - || PACKET_remaining(pkt) != 0) { + || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } @@ -3700,11 +3721,11 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, goto err; } if (!tls_collect_extensions(s, &extensions, - SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, - NULL, chainidx == 0) + SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, + NULL, chainidx == 0) || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE, - rawexts, x, chainidx, - PACKET_remaining(&spkt) == 0)) { + rawexts, x, chainidx, + PACKET_remaining(&spkt) == 0)) { OPENSSL_free(rawexts); goto err; } @@ -3722,14 +3743,13 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, /* TLS does not mind 0 certs returned */ if (s->version == SSL3_VERSION) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_CERTIFICATES_RETURNED); + SSL_R_NO_CERTIFICATES_RETURNED); goto err; } /* Fail for TLS only if we required a certificate */ - else if ((s->verify_mode & SSL_VERIFY_PEER) && - (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { + else if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { SSLfatal(s, SSL_AD_CERTIFICATE_REQUIRED, - SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); + SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); goto err; } /* No client certificate so digest cached records */ @@ -3742,13 +3762,13 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, i = ssl_verify_cert_chain(s, sk); if (i <= 0) { SSLfatal(s, ssl_x509err2alert(s->verify_result), - SSL_R_CERTIFICATE_VERIFY_FAILED); + SSL_R_CERTIFICATE_VERIFY_FAILED); goto err; } pkey = X509_get0_pubkey(sk_X509_value(sk, 0)); if (pkey == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_UNKNOWN_CERTIFICATE_TYPE); + SSL_R_UNKNOWN_CERTIFICATE_TYPE); goto err; } } @@ -3799,8 +3819,8 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, /* Save the current hash state for when we receive the CertificateVerify */ if (SSL_CONNECTION_IS_TLS13(s)) { if (!ssl_handshake_hash(s, s->cert_verify_hash, - sizeof(s->cert_verify_hash), - &s->cert_verify_hash_len)) { + sizeof(s->cert_verify_hash), + &s->cert_verify_hash_len)) { /* SSLfatal() already called */ goto err; } @@ -3811,7 +3831,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, ret = MSG_PROCESS_CONTINUE_READING; - err: +err: X509_free(x); OSSL_STACK_OF_X509_free(sk); return ret; @@ -3885,10 +3905,10 @@ CON_FUNC_RETURN tls_construct_server_compressed_certificate(SSL_CONNECTION *sc, * Use pre-compressed certificate */ if (!WPACKET_put_bytes_u16(pkt, alg) - || !WPACKET_put_bytes_u24(pkt, cc->orig_len) - || !WPACKET_start_sub_packet_u24(pkt) - || !WPACKET_memcpy(pkt, cc->data, cc->len) - || !WPACKET_close(pkt)) + || !WPACKET_put_bytes_u24(pkt, cc->orig_len) + || !WPACKET_start_sub_packet_u24(pkt) + || !WPACKET_memcpy(pkt, cc->data, cc->len) + || !WPACKET_close(pkt)) return 0; sc->s3.tmp.cert->cert_comp_used++; @@ -3897,7 +3917,7 @@ CON_FUNC_RETURN tls_construct_server_compressed_certificate(SSL_CONNECTION *sc, #endif static int create_ticket_prequel(SSL_CONNECTION *s, WPACKET *pkt, - uint32_t age_add, unsigned char *tick_nonce) + uint32_t age_add, unsigned char *tick_nonce) { uint32_t timeout = (uint32_t)ossl_time2seconds(s->session->timeout); @@ -3912,7 +3932,8 @@ static int create_ticket_prequel(SSL_CONNECTION *s, WPACKET *pkt, if (SSL_CONNECTION_IS_TLS13(s)) { if (ossl_time_compare(s->session->timeout, - ossl_seconds2time(ONE_WEEK_SEC)) > 0) + ossl_seconds2time(ONE_WEEK_SEC)) + > 0) timeout = ONE_WEEK_SEC; } else if (s->hit) timeout = 0; @@ -3924,7 +3945,7 @@ static int create_ticket_prequel(SSL_CONNECTION *s, WPACKET *pkt, if (SSL_CONNECTION_IS_TLS13(s)) { if (!WPACKET_put_bytes_u32(pkt, age_add) - || !WPACKET_sub_memcpy_u8(pkt, tick_nonce, TICKET_NONCE_SIZE)) { + || !WPACKET_sub_memcpy_u8(pkt, tick_nonce, TICKET_NONCE_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -3940,9 +3961,9 @@ static int create_ticket_prequel(SSL_CONNECTION *s, WPACKET *pkt, } static CON_FUNC_RETURN construct_stateless_ticket(SSL_CONNECTION *s, - WPACKET *pkt, - uint32_t age_add, - unsigned char *tick_nonce) + WPACKET *pkt, + uint32_t age_add, + unsigned char *tick_nonce) { unsigned char *senc = NULL; EVP_CIPHER_CTX *ctx = NULL; @@ -3999,7 +4020,7 @@ static CON_FUNC_RETURN construct_stateless_ticket(SSL_CONNECTION *s, */ const_p = senc; sess = d2i_SSL_SESSION_ex(NULL, &const_p, slen_full, sctx->libctx, - sctx->propq); + sctx->propq); if (sess == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -4034,13 +4055,13 @@ static CON_FUNC_RETURN construct_stateless_ticket(SSL_CONNECTION *s, if (tctx->ext.ticket_key_evp_cb != NULL) ret = tctx->ext.ticket_key_evp_cb(ssl, key_name, iv, ctx, - ssl_hmac_get0_EVP_MAC_CTX(hctx), - 1); + ssl_hmac_get0_EVP_MAC_CTX(hctx), + 1); #ifndef OPENSSL_NO_DEPRECATED_3_0 else if (tctx->ext.ticket_key_cb != NULL) /* if 0 is returned, write an empty ticket */ ret = tctx->ext.ticket_key_cb(ssl, key_name, iv, ctx, - ssl_hmac_get0_HMAC_CTX(hctx), 1); + ssl_hmac_get0_HMAC_CTX(hctx), 1); #endif if (ret == 0) { @@ -4055,7 +4076,7 @@ static CON_FUNC_RETURN construct_stateless_ticket(SSL_CONNECTION *s, } /* Put timeout and length */ if (!WPACKET_put_bytes_u32(pkt, 0) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -4075,7 +4096,7 @@ static CON_FUNC_RETURN construct_stateless_ticket(SSL_CONNECTION *s, } } else { EVP_CIPHER *cipher = EVP_CIPHER_fetch(sctx->libctx, "AES-256-CBC", - sctx->propq); + sctx->propq); if (cipher == NULL) { /* Error is already recorded */ @@ -4085,19 +4106,19 @@ static CON_FUNC_RETURN construct_stateless_ticket(SSL_CONNECTION *s, iv_len = EVP_CIPHER_get_iv_length(cipher); if (iv_len < 0 - || RAND_bytes_ex(sctx->libctx, iv, iv_len, 0) <= 0 - || !EVP_EncryptInit_ex(ctx, cipher, NULL, - tctx->ext.secure->tick_aes_key, iv) - || !ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, - sizeof(tctx->ext.secure->tick_hmac_key), - "SHA256")) { + || RAND_bytes_ex(sctx->libctx, iv, iv_len, 0) <= 0 + || !EVP_EncryptInit_ex(ctx, cipher, NULL, + tctx->ext.secure->tick_aes_key, iv) + || !ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, + sizeof(tctx->ext.secure->tick_hmac_key), + "SHA256")) { EVP_CIPHER_free(cipher); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } EVP_CIPHER_free(cipher); memcpy(key_name, tctx->ext.tick_key_name, - sizeof(tctx->ext.tick_key_name)); + sizeof(tctx->ext.tick_key_name)); } if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) { @@ -4106,29 +4127,29 @@ static CON_FUNC_RETURN construct_stateless_ticket(SSL_CONNECTION *s, } if (!WPACKET_get_total_written(pkt, &macoffset) - /* Output key name */ - || !WPACKET_memcpy(pkt, key_name, sizeof(key_name)) - /* output IV */ - || !WPACKET_memcpy(pkt, iv, iv_len) - || !WPACKET_reserve_bytes(pkt, slen + EVP_MAX_BLOCK_LENGTH, - &encdata1) - /* Encrypt session data */ - || !EVP_EncryptUpdate(ctx, encdata1, &len, senc, slen) - || !WPACKET_allocate_bytes(pkt, len, &encdata2) - || encdata1 != encdata2 - || !EVP_EncryptFinal(ctx, encdata1 + len, &lenfinal) - || !WPACKET_allocate_bytes(pkt, lenfinal, &encdata2) - || encdata1 + len != encdata2 - || len + lenfinal > slen + EVP_MAX_BLOCK_LENGTH - || !WPACKET_get_total_written(pkt, &macendoffset) - || !ssl_hmac_update(hctx, - (unsigned char *)s->init_buf->data + macoffset, - macendoffset - macoffset) - || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &macdata1) - || !ssl_hmac_final(hctx, macdata1, &hlen, EVP_MAX_MD_SIZE) - || hlen > EVP_MAX_MD_SIZE - || !WPACKET_allocate_bytes(pkt, hlen, &macdata2) - || macdata1 != macdata2) { + /* Output key name */ + || !WPACKET_memcpy(pkt, key_name, sizeof(key_name)) + /* output IV */ + || !WPACKET_memcpy(pkt, iv, iv_len) + || !WPACKET_reserve_bytes(pkt, slen + EVP_MAX_BLOCK_LENGTH, + &encdata1) + /* Encrypt session data */ + || !EVP_EncryptUpdate(ctx, encdata1, &len, senc, slen) + || !WPACKET_allocate_bytes(pkt, len, &encdata2) + || encdata1 != encdata2 + || !EVP_EncryptFinal(ctx, encdata1 + len, &lenfinal) + || !WPACKET_allocate_bytes(pkt, lenfinal, &encdata2) + || encdata1 + len != encdata2 + || len + lenfinal > slen + EVP_MAX_BLOCK_LENGTH + || !WPACKET_get_total_written(pkt, &macendoffset) + || !ssl_hmac_update(hctx, + (unsigned char *)s->init_buf->data + macoffset, + macendoffset - macoffset) + || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &macdata1) + || !ssl_hmac_final(hctx, macdata1, &hlen, EVP_MAX_MD_SIZE) + || hlen > EVP_MAX_MD_SIZE + || !WPACKET_allocate_bytes(pkt, hlen, &macdata2) + || macdata1 != macdata2) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -4140,7 +4161,7 @@ static CON_FUNC_RETURN construct_stateless_ticket(SSL_CONNECTION *s, } ok = CON_FUNC_SUCCESS; - err: +err: OPENSSL_free(senc); EVP_CIPHER_CTX_free(ctx); ssl_hmac_free(hctx); @@ -4148,8 +4169,8 @@ static CON_FUNC_RETURN construct_stateless_ticket(SSL_CONNECTION *s, } static int construct_stateful_ticket(SSL_CONNECTION *s, WPACKET *pkt, - uint32_t age_add, - unsigned char *tick_nonce) + uint32_t age_add, + unsigned char *tick_nonce) { if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) { /* SSLfatal() already called */ @@ -4157,8 +4178,8 @@ static int construct_stateful_ticket(SSL_CONNECTION *s, WPACKET *pkt, } if (!WPACKET_memcpy(pkt, s->session->session_id, - s->session->session_id_length) - || !WPACKET_close(pkt)) { + s->session->session_id_length) + || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -4195,7 +4216,9 @@ CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt if (SSL_CONNECTION_IS_TLS13(s)) { size_t i, hashlen; uint64_t nonce; - static const unsigned char nonce_label[] = "resumption"; + /* ASCII: "resumption", in hex for EBCDIC compatibility */ + static const unsigned char nonce_label[] = { 0x72, 0x65, 0x73, 0x75, 0x6D, + 0x70, 0x74, 0x69, 0x6F, 0x6E }; const EVP_MD *md = ssl_handshake_md(s); int hashleni = EVP_MD_get_size(md); @@ -4228,7 +4251,8 @@ CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt goto err; } if (RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, - age_add_u.age_add_c, sizeof(age_add_u), 0) <= 0) { + age_add_u.age_add_c, sizeof(age_add_u), 0) + <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -4241,12 +4265,12 @@ CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt } if (!tls13_hkdf_expand(s, md, s->resumption_master_secret, - nonce_label, - sizeof(nonce_label) - 1, - tick_nonce, - TICKET_NONCE_SIZE, - s->session->master_key, - hashlen, 1)) { + nonce_label, + sizeof(nonce_label), + tick_nonce, + TICKET_NONCE_SIZE, + s->session->master_key, + hashlen, 1)) { /* SSLfatal() already called */ goto err; } @@ -4256,8 +4280,7 @@ CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt ssl_session_calculate_timeout(s->session); if (s->s3.alpn_selected != NULL) { OPENSSL_free(s->session->ext.alpn_selected); - s->session->ext.alpn_selected = - OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); + s->session->ext.alpn_selected = OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { s->session->ext.alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); @@ -4268,9 +4291,7 @@ CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt s->session->ext.max_early_data = s->max_early_data; } - if (tctx->generate_ticket_cb != NULL && - tctx->generate_ticket_cb(SSL_CONNECTION_GET_USER_SSL(s), - tctx->ticket_cb_data) == 0) { + if (tctx->generate_ticket_cb != NULL && tctx->generate_ticket_cb(SSL_CONNECTION_GET_USER_SSL(s), tctx->ticket_cb_data) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -4280,9 +4301,9 @@ CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt * is no point in using full stateless tickets. */ if (SSL_CONNECTION_IS_TLS13(s) - && ((s->options & SSL_OP_NO_TICKET) != 0 - || (s->max_early_data > 0 - && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))) { + && ((s->options & SSL_OP_NO_TICKET) != 0 + || (s->max_early_data > 0 + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))) { if (!construct_stateful_ticket(s, pkt, age_add_u.age_add, tick_nonce)) { /* SSLfatal() already called */ goto err; @@ -4291,7 +4312,7 @@ CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt CON_FUNC_RETURN tmpret; tmpret = construct_stateless_ticket(s, pkt, age_add_u.age_add, - tick_nonce); + tick_nonce); if (tmpret != CON_FUNC_SUCCESS) { if (tmpret == CON_FUNC_DONT_SEND) { /* Non-fatal. Abort construction but continue */ @@ -4306,8 +4327,8 @@ CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt if (SSL_CONNECTION_IS_TLS13(s)) { if (!tls_construct_extensions(s, pkt, - SSL_EXT_TLS1_3_NEW_SESSION_TICKET, - NULL, 0)) { + SSL_EXT_TLS1_3_NEW_SESSION_TICKET, + NULL, 0)) { /* SSLfatal() already called */ goto err; } @@ -4316,7 +4337,7 @@ CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt } ret = CON_FUNC_SUCCESS; - err: +err: return ret; } @@ -4327,8 +4348,8 @@ CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt int tls_construct_cert_status_body(SSL_CONNECTION *s, WPACKET *pkt) { if (!WPACKET_put_bytes_u8(pkt, s->ext.status_type) - || !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp, - s->ext.ocsp.resp_len)) { + || !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp, + s->ext.ocsp.resp_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -4383,10 +4404,10 @@ MSG_PROCESS_RETURN tls_process_next_proto(SSL_CONNECTION *s, PACKET *pkt) #endif static CON_FUNC_RETURN tls_construct_encrypted_extensions(SSL_CONNECTION *s, - WPACKET *pkt) + WPACKET *pkt) { if (!tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, - NULL, 0)) { + NULL, 0)) { /* SSLfatal() already called */ return CON_FUNC_ERROR; } @@ -4402,7 +4423,7 @@ MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL_CONNECTION *s, PACKET *pkt) } if (s->early_data_state != SSL_EARLY_DATA_READING - && s->early_data_state != SSL_EARLY_DATA_READ_RETRY) { + && s->early_data_state != SSL_EARLY_DATA_READ_RETRY) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return MSG_PROCESS_ERROR; } @@ -4418,7 +4439,7 @@ MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL_CONNECTION *s, PACKET *pkt) s->early_data_state = SSL_EARLY_DATA_FINISHED_READING; if (!SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->change_cipher_state(s, - SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) { + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) { /* SSLfatal() already called */ return MSG_PROCESS_ERROR; } |