diff options
| author | doug <> | 2015-07-14 05:26:32 +0000 |
|---|---|---|
| committer | doug <> | 2015-07-14 05:26:32 +0000 |
| commit | 4ddf7a1485b6ce7297b6461a6749d41375418cd0 (patch) | |
| tree | aa3aefca0ec7d37af1e2c29d3e06b620c8084472 | |
| parent | d540f55e58505fcc4309f9bc5129694f5a570ed4 (diff) | |
| download | openbsd-4ddf7a1485b6ce7297b6461a6749d41375418cd0.tar.gz openbsd-4ddf7a1485b6ce7297b6461a6749d41375418cd0.tar.bz2 openbsd-4ddf7a1485b6ce7297b6461a6749d41375418cd0.zip | |
Convert dtls1_get_hello_verify to CBS.
ok miod@ jsing@
| -rw-r--r-- | src/lib/libssl/d1_clnt.c | 40 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_clnt.c | 40 |
2 files changed, 46 insertions, 34 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index adde3cd39e..261e4e996f 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_clnt.c,v 1.45 2015/06/13 08:38:10 doug Exp $ */ | 1 | /* $OpenBSD: d1_clnt.c,v 1.46 2015/07/14 05:26:32 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -113,6 +113,7 @@ | |||
| 113 | * [including the GNU Public Licence.] | 113 | * [including the GNU Public Licence.] |
| 114 | */ | 114 | */ |
| 115 | 115 | ||
| 116 | #include <limits.h> | ||
| 116 | #include <stdio.h> | 117 | #include <stdio.h> |
| 117 | 118 | ||
| 118 | #include "ssl_locl.h" | 119 | #include "ssl_locl.h" |
| @@ -124,6 +125,8 @@ | |||
| 124 | #include <openssl/md5.h> | 125 | #include <openssl/md5.h> |
| 125 | #include <openssl/objects.h> | 126 | #include <openssl/objects.h> |
| 126 | 127 | ||
| 128 | #include "bytestring.h" | ||
| 129 | |||
| 127 | static const SSL_METHOD *dtls1_get_client_method(int ver); | 130 | static const SSL_METHOD *dtls1_get_client_method(int ver); |
| 128 | static int dtls1_get_hello_verify(SSL *s); | 131 | static int dtls1_get_hello_verify(SSL *s); |
| 129 | 132 | ||
| @@ -697,9 +700,11 @@ err: | |||
| 697 | static int | 700 | static int |
| 698 | dtls1_get_hello_verify(SSL *s) | 701 | dtls1_get_hello_verify(SSL *s) |
| 699 | { | 702 | { |
| 700 | int n, al, ok = 0; | 703 | long n; |
| 701 | unsigned char *data; | 704 | int al, ok = 0; |
| 702 | unsigned int cookie_len; | 705 | size_t cookie_len; |
| 706 | uint16_t ssl_version; | ||
| 707 | CBS hello_verify_request, cookie; | ||
| 703 | 708 | ||
| 704 | n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, | 709 | n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, |
| 705 | DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list, &ok); | 710 | DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list, &ok); |
| @@ -713,32 +718,33 @@ dtls1_get_hello_verify(SSL *s) | |||
| 713 | return (1); | 718 | return (1); |
| 714 | } | 719 | } |
| 715 | 720 | ||
| 716 | if (2 > n) | 721 | if (n < 0) |
| 717 | goto truncated; | 722 | goto truncated; |
| 718 | data = (unsigned char *)s->init_msg; | ||
| 719 | 723 | ||
| 720 | if ((data[0] != (s->version >> 8)) || (data[1] != (s->version&0xff))) { | 724 | CBS_init(&hello_verify_request, s->init_msg, n); |
| 725 | |||
| 726 | if (!CBS_get_u16(&hello_verify_request, &ssl_version)) | ||
| 727 | goto truncated; | ||
| 728 | |||
| 729 | if (ssl_version != s->version) { | ||
| 721 | SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION); | 730 | SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION); |
| 722 | s->version = (s->version & 0xff00) | data[1]; | 731 | s->version = (s->version & 0xff00) | (ssl_version & 0xff); |
| 723 | al = SSL_AD_PROTOCOL_VERSION; | 732 | al = SSL_AD_PROTOCOL_VERSION; |
| 724 | goto f_err; | 733 | goto f_err; |
| 725 | } | 734 | } |
| 726 | data += 2; | ||
| 727 | 735 | ||
| 728 | if (2 + 1 > n) | 736 | if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie)) |
| 729 | goto truncated; | ||
| 730 | cookie_len = *(data++); | ||
| 731 | if (2 + 1 + cookie_len > n) | ||
| 732 | goto truncated; | 737 | goto truncated; |
| 733 | if (cookie_len > sizeof(s->d1->cookie)) { | 738 | |
| 739 | if (!CBS_write_bytes(&cookie, s->d1->cookie, | ||
| 740 | sizeof(s->d1->cookie), &cookie_len)) { | ||
| 741 | s->d1->cookie_len = 0; | ||
| 734 | al = SSL_AD_ILLEGAL_PARAMETER; | 742 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 735 | goto f_err; | 743 | goto f_err; |
| 736 | } | 744 | } |
| 737 | |||
| 738 | memcpy(s->d1->cookie, data, cookie_len); | ||
| 739 | s->d1->cookie_len = cookie_len; | 745 | s->d1->cookie_len = cookie_len; |
| 740 | |||
| 741 | s->d1->send_cookie = 1; | 746 | s->d1->send_cookie = 1; |
| 747 | |||
| 742 | return 1; | 748 | return 1; |
| 743 | 749 | ||
| 744 | truncated: | 750 | truncated: |
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c index adde3cd39e..261e4e996f 100644 --- a/src/lib/libssl/src/ssl/d1_clnt.c +++ b/src/lib/libssl/src/ssl/d1_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_clnt.c,v 1.45 2015/06/13 08:38:10 doug Exp $ */ | 1 | /* $OpenBSD: d1_clnt.c,v 1.46 2015/07/14 05:26:32 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -113,6 +113,7 @@ | |||
| 113 | * [including the GNU Public Licence.] | 113 | * [including the GNU Public Licence.] |
| 114 | */ | 114 | */ |
| 115 | 115 | ||
| 116 | #include <limits.h> | ||
| 116 | #include <stdio.h> | 117 | #include <stdio.h> |
| 117 | 118 | ||
| 118 | #include "ssl_locl.h" | 119 | #include "ssl_locl.h" |
| @@ -124,6 +125,8 @@ | |||
| 124 | #include <openssl/md5.h> | 125 | #include <openssl/md5.h> |
| 125 | #include <openssl/objects.h> | 126 | #include <openssl/objects.h> |
| 126 | 127 | ||
| 128 | #include "bytestring.h" | ||
| 129 | |||
| 127 | static const SSL_METHOD *dtls1_get_client_method(int ver); | 130 | static const SSL_METHOD *dtls1_get_client_method(int ver); |
| 128 | static int dtls1_get_hello_verify(SSL *s); | 131 | static int dtls1_get_hello_verify(SSL *s); |
| 129 | 132 | ||
| @@ -697,9 +700,11 @@ err: | |||
| 697 | static int | 700 | static int |
| 698 | dtls1_get_hello_verify(SSL *s) | 701 | dtls1_get_hello_verify(SSL *s) |
| 699 | { | 702 | { |
| 700 | int n, al, ok = 0; | 703 | long n; |
| 701 | unsigned char *data; | 704 | int al, ok = 0; |
| 702 | unsigned int cookie_len; | 705 | size_t cookie_len; |
| 706 | uint16_t ssl_version; | ||
| 707 | CBS hello_verify_request, cookie; | ||
| 703 | 708 | ||
| 704 | n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, | 709 | n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, |
| 705 | DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list, &ok); | 710 | DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list, &ok); |
| @@ -713,32 +718,33 @@ dtls1_get_hello_verify(SSL *s) | |||
| 713 | return (1); | 718 | return (1); |
| 714 | } | 719 | } |
| 715 | 720 | ||
| 716 | if (2 > n) | 721 | if (n < 0) |
| 717 | goto truncated; | 722 | goto truncated; |
| 718 | data = (unsigned char *)s->init_msg; | ||
| 719 | 723 | ||
| 720 | if ((data[0] != (s->version >> 8)) || (data[1] != (s->version&0xff))) { | 724 | CBS_init(&hello_verify_request, s->init_msg, n); |
| 725 | |||
| 726 | if (!CBS_get_u16(&hello_verify_request, &ssl_version)) | ||
| 727 | goto truncated; | ||
| 728 | |||
| 729 | if (ssl_version != s->version) { | ||
| 721 | SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION); | 730 | SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION); |
| 722 | s->version = (s->version & 0xff00) | data[1]; | 731 | s->version = (s->version & 0xff00) | (ssl_version & 0xff); |
| 723 | al = SSL_AD_PROTOCOL_VERSION; | 732 | al = SSL_AD_PROTOCOL_VERSION; |
| 724 | goto f_err; | 733 | goto f_err; |
| 725 | } | 734 | } |
| 726 | data += 2; | ||
| 727 | 735 | ||
| 728 | if (2 + 1 > n) | 736 | if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie)) |
| 729 | goto truncated; | ||
| 730 | cookie_len = *(data++); | ||
| 731 | if (2 + 1 + cookie_len > n) | ||
| 732 | goto truncated; | 737 | goto truncated; |
| 733 | if (cookie_len > sizeof(s->d1->cookie)) { | 738 | |
| 739 | if (!CBS_write_bytes(&cookie, s->d1->cookie, | ||
| 740 | sizeof(s->d1->cookie), &cookie_len)) { | ||
| 741 | s->d1->cookie_len = 0; | ||
| 734 | al = SSL_AD_ILLEGAL_PARAMETER; | 742 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 735 | goto f_err; | 743 | goto f_err; |
| 736 | } | 744 | } |
| 737 | |||
| 738 | memcpy(s->d1->cookie, data, cookie_len); | ||
| 739 | s->d1->cookie_len = cookie_len; | 745 | s->d1->cookie_len = cookie_len; |
| 740 | |||
| 741 | s->d1->send_cookie = 1; | 746 | s->d1->send_cookie = 1; |
| 747 | |||
| 742 | return 1; | 748 | return 1; |
| 743 | 749 | ||
| 744 | truncated: | 750 | truncated: |