Revision aa3b4b4d deps/openssl/openssl/ssl/t1_lib.c
deps/openssl/openssl/ssl/t1_lib.c | ||
---|---|---|
352 | 352 |
return (int)slen; |
353 | 353 |
} |
354 | 354 |
|
355 |
unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
|
|
355 |
unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit)
|
|
356 | 356 |
{ |
357 | 357 |
int extdatalen=0; |
358 |
unsigned char *ret = p; |
|
358 |
unsigned char *orig = buf; |
|
359 |
unsigned char *ret = buf; |
|
359 | 360 |
|
360 | 361 |
/* don't add extensions for SSLv3 unless doing secure renegotiation */ |
361 | 362 |
if (s->client_version == SSL3_VERSION |
362 | 363 |
&& !s->s3->send_connection_binding) |
363 |
return p;
|
|
364 |
return orig;
|
|
364 | 365 |
|
365 | 366 |
ret+=2; |
366 | 367 |
|
... | ... | |
409 | 410 |
return NULL; |
410 | 411 |
} |
411 | 412 |
|
412 |
if((limit - p - 4 - el) < 0) return NULL;
|
|
413 |
if((limit - ret - 4 - el) < 0) return NULL;
|
|
413 | 414 |
|
414 | 415 |
s2n(TLSEXT_TYPE_renegotiate,ret); |
415 | 416 |
s2n(el,ret); |
... | ... | |
452 | 453 |
#endif |
453 | 454 |
|
454 | 455 |
#ifndef OPENSSL_NO_EC |
455 |
if (s->tlsext_ecpointformatlist != NULL && |
|
456 |
s->version != DTLS1_VERSION) |
|
456 |
if (s->tlsext_ecpointformatlist != NULL) |
|
457 | 457 |
{ |
458 | 458 |
/* Add TLS extension ECPointFormats to the ClientHello message */ |
459 | 459 |
long lenmax; |
... | ... | |
472 | 472 |
memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); |
473 | 473 |
ret+=s->tlsext_ecpointformatlist_length; |
474 | 474 |
} |
475 |
if (s->tlsext_ellipticcurvelist != NULL && |
|
476 |
s->version != DTLS1_VERSION) |
|
475 |
if (s->tlsext_ellipticcurvelist != NULL) |
|
477 | 476 |
{ |
478 | 477 |
/* Add TLS extension EllipticCurves to the ClientHello message */ |
479 | 478 |
long lenmax; |
... | ... | |
650 | 649 |
|
651 | 650 |
ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0); |
652 | 651 |
|
653 |
if((limit - p - 4 - el) < 0) return NULL;
|
|
652 |
if((limit - ret - 4 - el) < 0) return NULL;
|
|
654 | 653 |
|
655 | 654 |
s2n(TLSEXT_TYPE_use_srtp,ret); |
656 | 655 |
s2n(el,ret); |
... | ... | |
693 | 692 |
} |
694 | 693 |
} |
695 | 694 |
|
696 |
if ((extdatalen = ret-p-2)== 0)
|
|
697 |
return p;
|
|
695 |
if ((extdatalen = ret-orig-2)== 0)
|
|
696 |
return orig;
|
|
698 | 697 |
|
699 |
s2n(extdatalen,p);
|
|
698 |
s2n(extdatalen, orig);
|
|
700 | 699 |
return ret; |
701 | 700 |
} |
702 | 701 |
|
703 |
unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
|
|
702 |
unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit)
|
|
704 | 703 |
{ |
705 | 704 |
int extdatalen=0; |
706 |
unsigned char *ret = p; |
|
705 |
unsigned char *orig = buf; |
|
706 |
unsigned char *ret = buf; |
|
707 | 707 |
#ifndef OPENSSL_NO_NEXTPROTONEG |
708 | 708 |
int next_proto_neg_seen; |
709 | 709 |
#endif |
710 | 710 |
|
711 | 711 |
/* don't add extensions for SSLv3, unless doing secure renegotiation */ |
712 | 712 |
if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) |
713 |
return p;
|
|
713 |
return orig;
|
|
714 | 714 |
|
715 | 715 |
ret+=2; |
716 | 716 |
if (ret>=limit) return NULL; /* this really never occurs, but ... */ |
... | ... | |
733 | 733 |
return NULL; |
734 | 734 |
} |
735 | 735 |
|
736 |
if((limit - p - 4 - el) < 0) return NULL;
|
|
736 |
if((limit - ret - 4 - el) < 0) return NULL;
|
|
737 | 737 |
|
738 | 738 |
s2n(TLSEXT_TYPE_renegotiate,ret); |
739 | 739 |
s2n(el,ret); |
... | ... | |
748 | 748 |
} |
749 | 749 |
|
750 | 750 |
#ifndef OPENSSL_NO_EC |
751 |
if (s->tlsext_ecpointformatlist != NULL && |
|
752 |
s->version != DTLS1_VERSION) |
|
751 |
if (s->tlsext_ecpointformatlist != NULL) |
|
753 | 752 |
{ |
754 | 753 |
/* Add TLS extension ECPointFormats to the ServerHello message */ |
755 | 754 |
long lenmax; |
... | ... | |
813 | 812 |
|
814 | 813 |
ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0); |
815 | 814 |
|
816 |
if((limit - p - 4 - el) < 0) return NULL;
|
|
815 |
if((limit - ret - 4 - el) < 0) return NULL;
|
|
817 | 816 |
|
818 | 817 |
s2n(TLSEXT_TYPE_use_srtp,ret); |
819 | 818 |
s2n(el,ret); |
... | ... | |
884 | 883 |
} |
885 | 884 |
#endif |
886 | 885 |
|
887 |
if ((extdatalen = ret-p-2)== 0)
|
|
888 |
return p;
|
|
886 |
if ((extdatalen = ret-orig-2)== 0)
|
|
887 |
return orig;
|
|
889 | 888 |
|
890 |
s2n(extdatalen,p);
|
|
889 |
s2n(extdatalen, orig);
|
|
891 | 890 |
return ret; |
892 | 891 |
} |
893 | 892 |
|
... | ... | |
1152 | 1151 |
#endif |
1153 | 1152 |
|
1154 | 1153 |
#ifndef OPENSSL_NO_EC |
1155 |
else if (type == TLSEXT_TYPE_ec_point_formats && |
|
1156 |
s->version != DTLS1_VERSION) |
|
1154 |
else if (type == TLSEXT_TYPE_ec_point_formats) |
|
1157 | 1155 |
{ |
1158 | 1156 |
unsigned char *sdata = data; |
1159 | 1157 |
int ecpointformatlist_length = *(sdata++); |
... | ... | |
1187 | 1185 |
fprintf(stderr,"\n"); |
1188 | 1186 |
#endif |
1189 | 1187 |
} |
1190 |
else if (type == TLSEXT_TYPE_elliptic_curves && |
|
1191 |
s->version != DTLS1_VERSION) |
|
1188 |
else if (type == TLSEXT_TYPE_elliptic_curves) |
|
1192 | 1189 |
{ |
1193 | 1190 |
unsigned char *sdata = data; |
1194 | 1191 |
int ellipticcurvelist_length = (*(sdata++) << 8); |
... | ... | |
1547 | 1544 |
} |
1548 | 1545 |
|
1549 | 1546 |
#ifndef OPENSSL_NO_EC |
1550 |
else if (type == TLSEXT_TYPE_ec_point_formats && |
|
1551 |
s->version != DTLS1_VERSION) |
|
1547 |
else if (type == TLSEXT_TYPE_ec_point_formats) |
|
1552 | 1548 |
{ |
1553 | 1549 |
unsigned char *sdata = data; |
1554 | 1550 |
int ecpointformatlist_length = *(sdata++); |
... | ... | |
1559 | 1555 |
*al = TLS1_AD_DECODE_ERROR; |
1560 | 1556 |
return 0; |
1561 | 1557 |
} |
1562 |
s->session->tlsext_ecpointformatlist_length = 0; |
|
1563 |
if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); |
|
1564 |
if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) |
|
1558 |
if (!s->hit) |
|
1565 | 1559 |
{ |
1566 |
*al = TLS1_AD_INTERNAL_ERROR; |
|
1567 |
return 0; |
|
1560 |
s->session->tlsext_ecpointformatlist_length = 0; |
|
1561 |
if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); |
|
1562 |
if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) |
|
1563 |
{ |
|
1564 |
*al = TLS1_AD_INTERNAL_ERROR; |
|
1565 |
return 0; |
|
1566 |
} |
|
1567 |
s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; |
|
1568 |
memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); |
|
1568 | 1569 |
} |
1569 |
s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; |
|
1570 |
memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); |
|
1571 | 1570 |
#if 0 |
1572 | 1571 |
fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist "); |
1573 | 1572 |
sdata = s->session->tlsext_ecpointformatlist; |
... | ... | |
2361 | 2360 |
} |
2362 | 2361 |
EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); |
2363 | 2362 |
if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) |
2363 |
{ |
|
2364 |
EVP_CIPHER_CTX_cleanup(&ctx); |
|
2365 |
OPENSSL_free(sdec); |
|
2364 | 2366 |
return 2; |
2367 |
} |
|
2365 | 2368 |
slen += mlen; |
2366 | 2369 |
EVP_CIPHER_CTX_cleanup(&ctx); |
2367 | 2370 |
p = sdec; |
Also available in: Unified diff