diff options
| author | doug <> | 2015-06-20 17:04:07 +0000 |
|---|---|---|
| committer | doug <> | 2015-06-20 17:04:07 +0000 |
| commit | 1e278b53e5192b62f8a45a7ad46d153ea92e2938 (patch) | |
| tree | 682043f8e128f0baa00af8a8f9ae6042469efbbf | |
| parent | 5e186922723116ffddd8bb5e1c571b9fa2aa7c55 (diff) | |
| download | openbsd-1e278b53e5192b62f8a45a7ad46d153ea92e2938.tar.gz openbsd-1e278b53e5192b62f8a45a7ad46d153ea92e2938.tar.bz2 openbsd-1e278b53e5192b62f8a45a7ad46d153ea92e2938.zip | |
Convert ssl3_get_next_proto to CBS.
tweak + ok miod@ jsing@
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 33 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_srvr.c | 33 |
2 files changed, 38 insertions, 28 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index c595fa31cc..ab8e74e63a 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.108 2015/06/18 22:51:05 doug Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.109 2015/06/20 17:04:07 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -164,6 +164,8 @@ | |||
| 164 | #include <openssl/objects.h> | 164 | #include <openssl/objects.h> |
| 165 | #include <openssl/x509.h> | 165 | #include <openssl/x509.h> |
| 166 | 166 | ||
| 167 | #include "bytestring.h" | ||
| 168 | |||
| 167 | static const SSL_METHOD *ssl3_get_server_method(int ver); | 169 | static const SSL_METHOD *ssl3_get_server_method(int ver); |
| 168 | 170 | ||
| 169 | const SSL_METHOD SSLv3_server_method_data = { | 171 | const SSL_METHOD SSLv3_server_method_data = { |
| @@ -2702,10 +2704,10 @@ ssl3_send_cert_status(SSL *s) | |||
| 2702 | int | 2704 | int |
| 2703 | ssl3_get_next_proto(SSL *s) | 2705 | ssl3_get_next_proto(SSL *s) |
| 2704 | { | 2706 | { |
| 2707 | CBS cbs, proto, padding; | ||
| 2705 | int ok; | 2708 | int ok; |
| 2706 | int proto_len, padding_len; | ||
| 2707 | long n; | 2709 | long n; |
| 2708 | const unsigned char *p; | 2710 | size_t len; |
| 2709 | 2711 | ||
| 2710 | /* | 2712 | /* |
| 2711 | * Clients cannot send a NextProtocol message if we didn't see the | 2713 | * Clients cannot send a NextProtocol message if we didn't see the |
| @@ -2738,7 +2740,7 @@ ssl3_get_next_proto(SSL *s) | |||
| 2738 | return (0); | 2740 | return (0); |
| 2739 | /* The body must be > 1 bytes long */ | 2741 | /* The body must be > 1 bytes long */ |
| 2740 | 2742 | ||
| 2741 | p = (unsigned char *)s->init_msg; | 2743 | CBS_init(&cbs, s->init_msg, s->init_num); |
| 2742 | 2744 | ||
| 2743 | /* | 2745 | /* |
| 2744 | * The payload looks like: | 2746 | * The payload looks like: |
| @@ -2747,21 +2749,24 @@ ssl3_get_next_proto(SSL *s) | |||
| 2747 | * uint8 padding_len; | 2749 | * uint8 padding_len; |
| 2748 | * uint8 padding[padding_len]; | 2750 | * uint8 padding[padding_len]; |
| 2749 | */ | 2751 | */ |
| 2750 | proto_len = p[0]; | 2752 | if (!CBS_get_u8_length_prefixed(&cbs, &proto) || |
| 2751 | if (proto_len + 2 > s->init_num) | 2753 | !CBS_get_u8_length_prefixed(&cbs, &padding) || |
| 2752 | return (0); | 2754 | CBS_len(&cbs) != 0) |
| 2753 | padding_len = p[proto_len + 1]; | 2755 | return 0; |
| 2754 | if (proto_len + padding_len + 2 != s->init_num) | 2756 | |
| 2755 | return (0); | 2757 | /* |
| 2758 | * XXX We should not NULL it, but this matches old behavior of not | ||
| 2759 | * freeing before malloc. | ||
| 2760 | */ | ||
| 2761 | s->next_proto_negotiated = NULL; | ||
| 2762 | s->next_proto_negotiated_len = 0; | ||
| 2756 | 2763 | ||
| 2757 | s->next_proto_negotiated = malloc(proto_len); | 2764 | if (!CBS_stow(&proto, &s->next_proto_negotiated, &len)) { |
| 2758 | if (!s->next_proto_negotiated) { | ||
| 2759 | SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, | 2765 | SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, |
| 2760 | ERR_R_MALLOC_FAILURE); | 2766 | ERR_R_MALLOC_FAILURE); |
| 2761 | return (0); | 2767 | return (0); |
| 2762 | } | 2768 | } |
| 2763 | memcpy(s->next_proto_negotiated, p + 1, proto_len); | 2769 | s->next_proto_negotiated_len = (uint8_t)len; |
| 2764 | s->next_proto_negotiated_len = proto_len; | ||
| 2765 | 2770 | ||
| 2766 | return (1); | 2771 | return (1); |
| 2767 | } | 2772 | } |
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index c595fa31cc..ab8e74e63a 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.108 2015/06/18 22:51:05 doug Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.109 2015/06/20 17:04:07 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -164,6 +164,8 @@ | |||
| 164 | #include <openssl/objects.h> | 164 | #include <openssl/objects.h> |
| 165 | #include <openssl/x509.h> | 165 | #include <openssl/x509.h> |
| 166 | 166 | ||
| 167 | #include "bytestring.h" | ||
| 168 | |||
| 167 | static const SSL_METHOD *ssl3_get_server_method(int ver); | 169 | static const SSL_METHOD *ssl3_get_server_method(int ver); |
| 168 | 170 | ||
| 169 | const SSL_METHOD SSLv3_server_method_data = { | 171 | const SSL_METHOD SSLv3_server_method_data = { |
| @@ -2702,10 +2704,10 @@ ssl3_send_cert_status(SSL *s) | |||
| 2702 | int | 2704 | int |
| 2703 | ssl3_get_next_proto(SSL *s) | 2705 | ssl3_get_next_proto(SSL *s) |
| 2704 | { | 2706 | { |
| 2707 | CBS cbs, proto, padding; | ||
| 2705 | int ok; | 2708 | int ok; |
| 2706 | int proto_len, padding_len; | ||
| 2707 | long n; | 2709 | long n; |
| 2708 | const unsigned char *p; | 2710 | size_t len; |
| 2709 | 2711 | ||
| 2710 | /* | 2712 | /* |
| 2711 | * Clients cannot send a NextProtocol message if we didn't see the | 2713 | * Clients cannot send a NextProtocol message if we didn't see the |
| @@ -2738,7 +2740,7 @@ ssl3_get_next_proto(SSL *s) | |||
| 2738 | return (0); | 2740 | return (0); |
| 2739 | /* The body must be > 1 bytes long */ | 2741 | /* The body must be > 1 bytes long */ |
| 2740 | 2742 | ||
| 2741 | p = (unsigned char *)s->init_msg; | 2743 | CBS_init(&cbs, s->init_msg, s->init_num); |
| 2742 | 2744 | ||
| 2743 | /* | 2745 | /* |
| 2744 | * The payload looks like: | 2746 | * The payload looks like: |
| @@ -2747,21 +2749,24 @@ ssl3_get_next_proto(SSL *s) | |||
| 2747 | * uint8 padding_len; | 2749 | * uint8 padding_len; |
| 2748 | * uint8 padding[padding_len]; | 2750 | * uint8 padding[padding_len]; |
| 2749 | */ | 2751 | */ |
| 2750 | proto_len = p[0]; | 2752 | if (!CBS_get_u8_length_prefixed(&cbs, &proto) || |
| 2751 | if (proto_len + 2 > s->init_num) | 2753 | !CBS_get_u8_length_prefixed(&cbs, &padding) || |
| 2752 | return (0); | 2754 | CBS_len(&cbs) != 0) |
| 2753 | padding_len = p[proto_len + 1]; | 2755 | return 0; |
| 2754 | if (proto_len + padding_len + 2 != s->init_num) | 2756 | |
| 2755 | return (0); | 2757 | /* |
| 2758 | * XXX We should not NULL it, but this matches old behavior of not | ||
| 2759 | * freeing before malloc. | ||
| 2760 | */ | ||
| 2761 | s->next_proto_negotiated = NULL; | ||
| 2762 | s->next_proto_negotiated_len = 0; | ||
| 2756 | 2763 | ||
| 2757 | s->next_proto_negotiated = malloc(proto_len); | 2764 | if (!CBS_stow(&proto, &s->next_proto_negotiated, &len)) { |
| 2758 | if (!s->next_proto_negotiated) { | ||
| 2759 | SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, | 2765 | SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, |
| 2760 | ERR_R_MALLOC_FAILURE); | 2766 | ERR_R_MALLOC_FAILURE); |
| 2761 | return (0); | 2767 | return (0); |
| 2762 | } | 2768 | } |
| 2763 | memcpy(s->next_proto_negotiated, p + 1, proto_len); | 2769 | s->next_proto_negotiated_len = (uint8_t)len; |
| 2764 | s->next_proto_negotiated_len = proto_len; | ||
| 2765 | 2770 | ||
| 2766 | return (1); | 2771 | return (1); |
| 2767 | } | 2772 | } |