Revision aa3b4b4d deps/openssl/openssl/ssl/t1_lib.c
| deps/openssl/openssl/ssl/t1_lib.c | ||
|---|---|---|
| 352 | 352 |
return (int)slen; |
| 353 | 353 |
} |
| 354 | 354 |
|
| 355 |
unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
|
|
| 355 |
unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit)
|
|
| 356 | 356 |
{
|
| 357 | 357 |
int extdatalen=0; |
| 358 |
unsigned char *ret = p; |
|
| 358 |
unsigned char *orig = buf; |
|
| 359 |
unsigned char *ret = buf; |
|
| 359 | 360 |
|
| 360 | 361 |
/* don't add extensions for SSLv3 unless doing secure renegotiation */ |
| 361 | 362 |
if (s->client_version == SSL3_VERSION |
| 362 | 363 |
&& !s->s3->send_connection_binding) |
| 363 |
return p;
|
|
| 364 |
return orig;
|
|
| 364 | 365 |
|
| 365 | 366 |
ret+=2; |
| 366 | 367 |
|
| ... | ... | |
| 409 | 410 |
return NULL; |
| 410 | 411 |
} |
| 411 | 412 |
|
| 412 |
if((limit - p - 4 - el) < 0) return NULL;
|
|
| 413 |
if((limit - ret - 4 - el) < 0) return NULL;
|
|
| 413 | 414 |
|
| 414 | 415 |
s2n(TLSEXT_TYPE_renegotiate,ret); |
| 415 | 416 |
s2n(el,ret); |
| ... | ... | |
| 452 | 453 |
#endif |
| 453 | 454 |
|
| 454 | 455 |
#ifndef OPENSSL_NO_EC |
| 455 |
if (s->tlsext_ecpointformatlist != NULL && |
|
| 456 |
s->version != DTLS1_VERSION) |
|
| 456 |
if (s->tlsext_ecpointformatlist != NULL) |
|
| 457 | 457 |
{
|
| 458 | 458 |
/* Add TLS extension ECPointFormats to the ClientHello message */ |
| 459 | 459 |
long lenmax; |
| ... | ... | |
| 472 | 472 |
memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); |
| 473 | 473 |
ret+=s->tlsext_ecpointformatlist_length; |
| 474 | 474 |
} |
| 475 |
if (s->tlsext_ellipticcurvelist != NULL && |
|
| 476 |
s->version != DTLS1_VERSION) |
|
| 475 |
if (s->tlsext_ellipticcurvelist != NULL) |
|
| 477 | 476 |
{
|
| 478 | 477 |
/* Add TLS extension EllipticCurves to the ClientHello message */ |
| 479 | 478 |
long lenmax; |
| ... | ... | |
| 650 | 649 |
|
| 651 | 650 |
ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0); |
| 652 | 651 |
|
| 653 |
if((limit - p - 4 - el) < 0) return NULL;
|
|
| 652 |
if((limit - ret - 4 - el) < 0) return NULL;
|
|
| 654 | 653 |
|
| 655 | 654 |
s2n(TLSEXT_TYPE_use_srtp,ret); |
| 656 | 655 |
s2n(el,ret); |
| ... | ... | |
| 693 | 692 |
} |
| 694 | 693 |
} |
| 695 | 694 |
|
| 696 |
if ((extdatalen = ret-p-2)== 0)
|
|
| 697 |
return p;
|
|
| 695 |
if ((extdatalen = ret-orig-2)== 0)
|
|
| 696 |
return orig;
|
|
| 698 | 697 |
|
| 699 |
s2n(extdatalen,p);
|
|
| 698 |
s2n(extdatalen, orig);
|
|
| 700 | 699 |
return ret; |
| 701 | 700 |
} |
| 702 | 701 |
|
| 703 |
unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
|
|
| 702 |
unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit)
|
|
| 704 | 703 |
{
|
| 705 | 704 |
int extdatalen=0; |
| 706 |
unsigned char *ret = p; |
|
| 705 |
unsigned char *orig = buf; |
|
| 706 |
unsigned char *ret = buf; |
|
| 707 | 707 |
#ifndef OPENSSL_NO_NEXTPROTONEG |
| 708 | 708 |
int next_proto_neg_seen; |
| 709 | 709 |
#endif |
| 710 | 710 |
|
| 711 | 711 |
/* don't add extensions for SSLv3, unless doing secure renegotiation */ |
| 712 | 712 |
if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) |
| 713 |
return p;
|
|
| 713 |
return orig;
|
|
| 714 | 714 |
|
| 715 | 715 |
ret+=2; |
| 716 | 716 |
if (ret>=limit) return NULL; /* this really never occurs, but ... */ |
| ... | ... | |
| 733 | 733 |
return NULL; |
| 734 | 734 |
} |
| 735 | 735 |
|
| 736 |
if((limit - p - 4 - el) < 0) return NULL;
|
|
| 736 |
if((limit - ret - 4 - el) < 0) return NULL;
|
|
| 737 | 737 |
|
| 738 | 738 |
s2n(TLSEXT_TYPE_renegotiate,ret); |
| 739 | 739 |
s2n(el,ret); |
| ... | ... | |
| 748 | 748 |
} |
| 749 | 749 |
|
| 750 | 750 |
#ifndef OPENSSL_NO_EC |
| 751 |
if (s->tlsext_ecpointformatlist != NULL && |
|
| 752 |
s->version != DTLS1_VERSION) |
|
| 751 |
if (s->tlsext_ecpointformatlist != NULL) |
|
| 753 | 752 |
{
|
| 754 | 753 |
/* Add TLS extension ECPointFormats to the ServerHello message */ |
| 755 | 754 |
long lenmax; |
| ... | ... | |
| 813 | 812 |
|
| 814 | 813 |
ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0); |
| 815 | 814 |
|
| 816 |
if((limit - p - 4 - el) < 0) return NULL;
|
|
| 815 |
if((limit - ret - 4 - el) < 0) return NULL;
|
|
| 817 | 816 |
|
| 818 | 817 |
s2n(TLSEXT_TYPE_use_srtp,ret); |
| 819 | 818 |
s2n(el,ret); |
| ... | ... | |
| 884 | 883 |
} |
| 885 | 884 |
#endif |
| 886 | 885 |
|
| 887 |
if ((extdatalen = ret-p-2)== 0)
|
|
| 888 |
return p;
|
|
| 886 |
if ((extdatalen = ret-orig-2)== 0)
|
|
| 887 |
return orig;
|
|
| 889 | 888 |
|
| 890 |
s2n(extdatalen,p);
|
|
| 889 |
s2n(extdatalen, orig);
|
|
| 891 | 890 |
return ret; |
| 892 | 891 |
} |
| 893 | 892 |
|
| ... | ... | |
| 1152 | 1151 |
#endif |
| 1153 | 1152 |
|
| 1154 | 1153 |
#ifndef OPENSSL_NO_EC |
| 1155 |
else if (type == TLSEXT_TYPE_ec_point_formats && |
|
| 1156 |
s->version != DTLS1_VERSION) |
|
| 1154 |
else if (type == TLSEXT_TYPE_ec_point_formats) |
|
| 1157 | 1155 |
{
|
| 1158 | 1156 |
unsigned char *sdata = data; |
| 1159 | 1157 |
int ecpointformatlist_length = *(sdata++); |
| ... | ... | |
| 1187 | 1185 |
fprintf(stderr,"\n"); |
| 1188 | 1186 |
#endif |
| 1189 | 1187 |
} |
| 1190 |
else if (type == TLSEXT_TYPE_elliptic_curves && |
|
| 1191 |
s->version != DTLS1_VERSION) |
|
| 1188 |
else if (type == TLSEXT_TYPE_elliptic_curves) |
|
| 1192 | 1189 |
{
|
| 1193 | 1190 |
unsigned char *sdata = data; |
| 1194 | 1191 |
int ellipticcurvelist_length = (*(sdata++) << 8); |
| ... | ... | |
| 1547 | 1544 |
} |
| 1548 | 1545 |
|
| 1549 | 1546 |
#ifndef OPENSSL_NO_EC |
| 1550 |
else if (type == TLSEXT_TYPE_ec_point_formats && |
|
| 1551 |
s->version != DTLS1_VERSION) |
|
| 1547 |
else if (type == TLSEXT_TYPE_ec_point_formats) |
|
| 1552 | 1548 |
{
|
| 1553 | 1549 |
unsigned char *sdata = data; |
| 1554 | 1550 |
int ecpointformatlist_length = *(sdata++); |
| ... | ... | |
| 1559 | 1555 |
*al = TLS1_AD_DECODE_ERROR; |
| 1560 | 1556 |
return 0; |
| 1561 | 1557 |
} |
| 1562 |
s->session->tlsext_ecpointformatlist_length = 0; |
|
| 1563 |
if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); |
|
| 1564 |
if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) |
|
| 1558 |
if (!s->hit) |
|
| 1565 | 1559 |
{
|
| 1566 |
*al = TLS1_AD_INTERNAL_ERROR; |
|
| 1567 |
return 0; |
|
| 1560 |
s->session->tlsext_ecpointformatlist_length = 0; |
|
| 1561 |
if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); |
|
| 1562 |
if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) |
|
| 1563 |
{
|
|
| 1564 |
*al = TLS1_AD_INTERNAL_ERROR; |
|
| 1565 |
return 0; |
|
| 1566 |
} |
|
| 1567 |
s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; |
|
| 1568 |
memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); |
|
| 1568 | 1569 |
} |
| 1569 |
s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; |
|
| 1570 |
memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); |
|
| 1571 | 1570 |
#if 0 |
| 1572 | 1571 |
fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist "); |
| 1573 | 1572 |
sdata = s->session->tlsext_ecpointformatlist; |
| ... | ... | |
| 2361 | 2360 |
} |
| 2362 | 2361 |
EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); |
| 2363 | 2362 |
if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) |
| 2363 |
{
|
|
| 2364 |
EVP_CIPHER_CTX_cleanup(&ctx); |
|
| 2365 |
OPENSSL_free(sdec); |
|
| 2364 | 2366 |
return 2; |
| 2367 |
} |
|
| 2365 | 2368 |
slen += mlen; |
| 2366 | 2369 |
EVP_CIPHER_CTX_cleanup(&ctx); |
| 2367 | 2370 |
p = sdec; |
Also available in: Unified diff