Convert ssl_parse_serverhello_renegotiate_ext to CBS.

ok miod@ jsing@
author: doug <> 2015-06-20 16:42:48 +0000
committer: doug <> 2015-06-20 16:42:48 +0000
commit: 5e186922723116ffddd8bb5e1c571b9fa2aa7c55 (patch)
tree: 6d49840f319a2d594793af65e7de87c5d9b56d29
parent: ab552fd24b77fd8885d1954a891b7db3d23c2568 (diff)
download: openbsd-5e186922723116ffddd8bb5e1c571b9fa2aa7c55.tar.gz
openbsd-5e186922723116ffddd8bb5e1c571b9fa2aa7c55.tar.bz2
openbsd-5e186922723116ffddd8bb5e1c571b9fa2aa7c55.zip
4 files changed, 42 insertions, 38 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index b55e8265af..43c6974268 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.92 2015/06/20 04:04:35 doug Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.93 2015/06/20 16:42:48 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -835,7 +835,7 @@ EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
 int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p,
    int *len, int maxlen);
-int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d,
+int ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d,
    int len, int *al);
 int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p,
    int *len, int maxlen);
diff --git a/src/lib/libssl/src/ssl/t1_reneg.c b/src/lib/libssl/src/ssl/t1_reneg.c
index 52d1754d94..294a632b8f 100644
--- a/src/lib/libssl/src/ssl/t1_reneg.c
+++ b/src/lib/libssl/src/ssl/t1_reneg.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_reneg.c,v 1.10 2015/06/20 04:04:36 doug Exp $ */
+/* $OpenBSD: t1_reneg.c,v 1.11 2015/06/20 16:42:48 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -224,29 +224,28 @@ ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
 /* Parse the server's renegotiation binding and abort if it's not
   right */
 int
-ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, int *al)
-    int *al)
 {
+        CBS cbs, reneg, previous_client, previous_server;
        int expected_len = s->s3->previous_client_finished_len +
            s->s3->previous_server_finished_len;
-        int ilen;
        /* Check for logic errors */
        OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
        OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
-        /* Parse the length byte */
+        if (len < 0) {
-        if (len < 1) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_ENCODING_ERR);
                *al = SSL_AD_ILLEGAL_PARAMETER;
                return 0;
        }
-        ilen = *d;
-        d++;
-        /* Consistency check */
+        CBS_init(&cbs, d, len);
-        if (ilen + 1 != len) {
+        if (!CBS_get_u8_length_prefixed(&cbs, &reneg) ||
+            /* Consistency check */
+            CBS_len(&cbs) != 0) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_ENCODING_ERR);
                *al = SSL_AD_ILLEGAL_PARAMETER;
@@ -254,24 +253,27 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
        }
        /* Check that the extension matches */
-        if (ilen != expected_len) {
+        if (CBS_len(&reneg) != expected_len ||
+            !CBS_get_bytes(&reneg, &previous_client,
+            s->s3->previous_client_finished_len) ||
+            !CBS_get_bytes(&reneg, &previous_server,
+            s->s3->previous_server_finished_len) ||
+            CBS_len(&reneg) != 0) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;
                return 0;
        }
-        if (timingsafe_memcmp(d, s->s3->previous_client_finished,
+        if (!CBS_mem_equal(&previous_client, s->s3->previous_client_finished,
-            s->s3->previous_client_finished_len) != 0) {
+            CBS_len(&previous_client))) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;
                return 0;
        }
-        d += s->s3->previous_client_finished_len;
+        if (!CBS_mem_equal(&previous_server, s->s3->previous_server_finished,
+            CBS_len(&previous_server))) {
-        if (timingsafe_memcmp(d, s->s3->previous_server_finished,
-            s->s3->previous_server_finished_len)) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_ILLEGAL_PARAMETER;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index b55e8265af..43c6974268 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.92 2015/06/20 04:04:35 doug Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.93 2015/06/20 16:42:48 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -835,7 +835,7 @@ EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
 int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p,
    int *len, int maxlen);
-int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d,
+int ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d,
    int len, int *al);
 int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p,
    int *len, int maxlen);
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
index 52d1754d94..294a632b8f 100644
--- a/src/lib/libssl/t1_reneg.c
+++ b/src/lib/libssl/t1_reneg.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_reneg.c,v 1.10 2015/06/20 04:04:36 doug Exp $ */
+/* $OpenBSD: t1_reneg.c,v 1.11 2015/06/20 16:42:48 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -224,29 +224,28 @@ ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
 /* Parse the server's renegotiation binding and abort if it's not
   right */
 int
-ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, int *al)
-    int *al)
 {
+        CBS cbs, reneg, previous_client, previous_server;
        int expected_len = s->s3->previous_client_finished_len +
            s->s3->previous_server_finished_len;
-        int ilen;
        /* Check for logic errors */
        OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
        OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
-        /* Parse the length byte */
+        if (len < 0) {
-        if (len < 1) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_ENCODING_ERR);
                *al = SSL_AD_ILLEGAL_PARAMETER;
                return 0;
        }
-        ilen = *d;
-        d++;
-        /* Consistency check */
+        CBS_init(&cbs, d, len);
-        if (ilen + 1 != len) {
+        if (!CBS_get_u8_length_prefixed(&cbs, &reneg) ||
+            /* Consistency check */
+            CBS_len(&cbs) != 0) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_ENCODING_ERR);
                *al = SSL_AD_ILLEGAL_PARAMETER;
@@ -254,24 +253,27 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
        }
        /* Check that the extension matches */
-        if (ilen != expected_len) {
+        if (CBS_len(&reneg) != expected_len ||
+            !CBS_get_bytes(&reneg, &previous_client,
+            s->s3->previous_client_finished_len) ||
+            !CBS_get_bytes(&reneg, &previous_server,
+            s->s3->previous_server_finished_len) ||
+            CBS_len(&reneg) != 0) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;
                return 0;
        }
-        if (timingsafe_memcmp(d, s->s3->previous_client_finished,
+        if (!CBS_mem_equal(&previous_client, s->s3->previous_client_finished,
-            s->s3->previous_client_finished_len) != 0) {
+            CBS_len(&previous_client))) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;
                return 0;
        }
-        d += s->s3->previous_client_finished_len;
+        if (!CBS_mem_equal(&previous_server, s->s3->previous_server_finished,
+            CBS_len(&previous_server))) {
-        if (timingsafe_memcmp(d, s->s3->previous_server_finished,
-            s->s3->previous_server_finished_len)) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_ILLEGAL_PARAMETER;
author	doug <>	2015-06-20 16:42:48 +0000
committer	doug <>	2015-06-20 16:42:48 +0000
commit	5e186922723116ffddd8bb5e1c571b9fa2aa7c55 (patch)
tree	6d49840f319a2d594793af65e7de87c5d9b56d29
parent	ab552fd24b77fd8885d1954a891b7db3d23c2568 (diff)
download	openbsd-5e186922723116ffddd8bb5e1c571b9fa2aa7c55.tar.gz openbsd-5e186922723116ffddd8bb5e1c571b9fa2aa7c55.tar.bz2 openbsd-5e186922723116ffddd8bb5e1c571b9fa2aa7c55.zip

diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index b55e8265af..43c6974268 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.92 2015/06/20 04:04:35 doug Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.93 2015/06/20 16:42:48 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -835,7 +835,7 @@ EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX *hash, const EVP_MD md);
835	void ssl_clear_hash_ctx(EVP_MD_CTX **hash);	835	void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
836	int ssl_add_serverhello_renegotiate_ext(SSL s, unsigned char p,	836	int ssl_add_serverhello_renegotiate_ext(SSL s, unsigned char p,
837	int *len, int maxlen);	837	int *len, int maxlen);
838	int ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d,	838	int ssl_parse_serverhello_renegotiate_ext(SSL s, const unsigned char d,
839	int len, int *al);	839	int len, int *al);
840	int ssl_add_clienthello_renegotiate_ext(SSL s, unsigned char p,	840	int ssl_add_clienthello_renegotiate_ext(SSL s, unsigned char p,
841	int *len, int maxlen);	841	int *len, int maxlen);


diff --git a/src/lib/libssl/src/ssl/t1_reneg.c b/src/lib/libssl/src/ssl/t1_reneg.c index 52d1754d94..294a632b8f 100644 --- a/src/lib/libssl/src/ssl/t1_reneg.c +++ b/src/lib/libssl/src/ssl/t1_reneg.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_reneg.c,v 1.10 2015/06/20 04:04:36 doug Exp $ */	1	/* $OpenBSD: t1_reneg.c,v 1.11 2015/06/20 16:42:48 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -224,29 +224,28 @@ ssl_add_serverhello_renegotiate_ext(SSL s, unsigned char p, int *len,
224	/* Parse the server's renegotiation binding and abort if it's not	224	/* Parse the server's renegotiation binding and abort if it's not
225	right */	225	right */
226	int	226	int
227	ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d, int len,	227	ssl_parse_serverhello_renegotiate_ext(SSL s, const unsigned char d, int len, int *al)
228	int *al)
229	{	228	{
		229	CBS cbs, reneg, previous_client, previous_server;
230	int expected_len = s->s3->previous_client_finished_len +	230	int expected_len = s->s3->previous_client_finished_len +
231	s->s3->previous_server_finished_len;	231	s->s3->previous_server_finished_len;
232	int ilen;
233		232
234	/* Check for logic errors */	233	/* Check for logic errors */
235	OPENSSL_assert(!expected_len \|\| s->s3->previous_client_finished_len);	234	OPENSSL_assert(!expected_len \|\| s->s3->previous_client_finished_len);
236	OPENSSL_assert(!expected_len \|\| s->s3->previous_server_finished_len);	235	OPENSSL_assert(!expected_len \|\| s->s3->previous_server_finished_len);
237		236
238	/* Parse the length byte */	237	if (len < 0) {
239	if (len < 1) {
240	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	238	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
241	SSL_R_RENEGOTIATION_ENCODING_ERR);	239	SSL_R_RENEGOTIATION_ENCODING_ERR);
242	*al = SSL_AD_ILLEGAL_PARAMETER;	240	*al = SSL_AD_ILLEGAL_PARAMETER;
243	return 0;	241	return 0;
244	}	242	}
245	ilen = *d;
246	d++;
247		243
248	/* Consistency check */	244	CBS_init(&cbs, d, len);
249	if (ilen + 1 != len) {	245
		246	if (!CBS_get_u8_length_prefixed(&cbs, &reneg) \|\|
		247	/* Consistency check */
		248	CBS_len(&cbs) != 0) {
250	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	249	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
251	SSL_R_RENEGOTIATION_ENCODING_ERR);	250	SSL_R_RENEGOTIATION_ENCODING_ERR);
252	*al = SSL_AD_ILLEGAL_PARAMETER;	251	*al = SSL_AD_ILLEGAL_PARAMETER;
@@ -254,24 +253,27 @@ ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d, int len,
254	}	253	}
255		254
256	/* Check that the extension matches */	255	/* Check that the extension matches */
257	if (ilen != expected_len) {	256	if (CBS_len(&reneg) != expected_len \|\|
		257	!CBS_get_bytes(&reneg, &previous_client,
		258	s->s3->previous_client_finished_len) \|\|
		259	!CBS_get_bytes(&reneg, &previous_server,
		260	s->s3->previous_server_finished_len) \|\|
		261	CBS_len(&reneg) != 0) {
258	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	262	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
259	SSL_R_RENEGOTIATION_MISMATCH);	263	SSL_R_RENEGOTIATION_MISMATCH);
260	*al = SSL_AD_HANDSHAKE_FAILURE;	264	*al = SSL_AD_HANDSHAKE_FAILURE;
261	return 0;	265	return 0;
262	}	266	}
263		267
264	if (timingsafe_memcmp(d, s->s3->previous_client_finished,	268	if (!CBS_mem_equal(&previous_client, s->s3->previous_client_finished,
265	s->s3->previous_client_finished_len) != 0) {	269	CBS_len(&previous_client))) {
266	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	270	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
267	SSL_R_RENEGOTIATION_MISMATCH);	271	SSL_R_RENEGOTIATION_MISMATCH);
268	*al = SSL_AD_HANDSHAKE_FAILURE;	272	*al = SSL_AD_HANDSHAKE_FAILURE;
269	return 0;	273	return 0;
270	}	274	}
271	d += s->s3->previous_client_finished_len;	275	if (!CBS_mem_equal(&previous_server, s->s3->previous_server_finished,
272		276	CBS_len(&previous_server))) {
273	if (timingsafe_memcmp(d, s->s3->previous_server_finished,
274	s->s3->previous_server_finished_len)) {
275	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	277	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
276	SSL_R_RENEGOTIATION_MISMATCH);	278	SSL_R_RENEGOTIATION_MISMATCH);
277	*al = SSL_AD_ILLEGAL_PARAMETER;	279	*al = SSL_AD_ILLEGAL_PARAMETER;


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index b55e8265af..43c6974268 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.92 2015/06/20 04:04:35 doug Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.93 2015/06/20 16:42:48 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -835,7 +835,7 @@ EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX *hash, const EVP_MD md);
835	void ssl_clear_hash_ctx(EVP_MD_CTX **hash);	835	void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
836	int ssl_add_serverhello_renegotiate_ext(SSL s, unsigned char p,	836	int ssl_add_serverhello_renegotiate_ext(SSL s, unsigned char p,
837	int *len, int maxlen);	837	int *len, int maxlen);
838	int ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d,	838	int ssl_parse_serverhello_renegotiate_ext(SSL s, const unsigned char d,
839	int len, int *al);	839	int len, int *al);
840	int ssl_add_clienthello_renegotiate_ext(SSL s, unsigned char p,	840	int ssl_add_clienthello_renegotiate_ext(SSL s, unsigned char p,
841	int *len, int maxlen);	841	int *len, int maxlen);


diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c index 52d1754d94..294a632b8f 100644 --- a/src/lib/libssl/t1_reneg.c +++ b/src/lib/libssl/t1_reneg.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_reneg.c,v 1.10 2015/06/20 04:04:36 doug Exp $ */	1	/* $OpenBSD: t1_reneg.c,v 1.11 2015/06/20 16:42:48 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -224,29 +224,28 @@ ssl_add_serverhello_renegotiate_ext(SSL s, unsigned char p, int *len,
224	/* Parse the server's renegotiation binding and abort if it's not	224	/* Parse the server's renegotiation binding and abort if it's not
225	right */	225	right */
226	int	226	int
227	ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d, int len,	227	ssl_parse_serverhello_renegotiate_ext(SSL s, const unsigned char d, int len, int *al)
228	int *al)
229	{	228	{
		229	CBS cbs, reneg, previous_client, previous_server;
230	int expected_len = s->s3->previous_client_finished_len +	230	int expected_len = s->s3->previous_client_finished_len +
231	s->s3->previous_server_finished_len;	231	s->s3->previous_server_finished_len;
232	int ilen;
233		232
234	/* Check for logic errors */	233	/* Check for logic errors */
235	OPENSSL_assert(!expected_len \|\| s->s3->previous_client_finished_len);	234	OPENSSL_assert(!expected_len \|\| s->s3->previous_client_finished_len);
236	OPENSSL_assert(!expected_len \|\| s->s3->previous_server_finished_len);	235	OPENSSL_assert(!expected_len \|\| s->s3->previous_server_finished_len);
237		236
238	/* Parse the length byte */	237	if (len < 0) {
239	if (len < 1) {
240	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	238	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
241	SSL_R_RENEGOTIATION_ENCODING_ERR);	239	SSL_R_RENEGOTIATION_ENCODING_ERR);
242	*al = SSL_AD_ILLEGAL_PARAMETER;	240	*al = SSL_AD_ILLEGAL_PARAMETER;
243	return 0;	241	return 0;
244	}	242	}
245	ilen = *d;
246	d++;
247		243
248	/* Consistency check */	244	CBS_init(&cbs, d, len);
249	if (ilen + 1 != len) {	245
		246	if (!CBS_get_u8_length_prefixed(&cbs, &reneg) \|\|
		247	/* Consistency check */
		248	CBS_len(&cbs) != 0) {
250	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	249	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
251	SSL_R_RENEGOTIATION_ENCODING_ERR);	250	SSL_R_RENEGOTIATION_ENCODING_ERR);
252	*al = SSL_AD_ILLEGAL_PARAMETER;	251	*al = SSL_AD_ILLEGAL_PARAMETER;
@@ -254,24 +253,27 @@ ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d, int len,
254	}	253	}
255		254
256	/* Check that the extension matches */	255	/* Check that the extension matches */
257	if (ilen != expected_len) {	256	if (CBS_len(&reneg) != expected_len \|\|
		257	!CBS_get_bytes(&reneg, &previous_client,
		258	s->s3->previous_client_finished_len) \|\|
		259	!CBS_get_bytes(&reneg, &previous_server,
		260	s->s3->previous_server_finished_len) \|\|
		261	CBS_len(&reneg) != 0) {
258	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	262	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
259	SSL_R_RENEGOTIATION_MISMATCH);	263	SSL_R_RENEGOTIATION_MISMATCH);
260	*al = SSL_AD_HANDSHAKE_FAILURE;	264	*al = SSL_AD_HANDSHAKE_FAILURE;
261	return 0;	265	return 0;
262	}	266	}
263		267
264	if (timingsafe_memcmp(d, s->s3->previous_client_finished,	268	if (!CBS_mem_equal(&previous_client, s->s3->previous_client_finished,
265	s->s3->previous_client_finished_len) != 0) {	269	CBS_len(&previous_client))) {
266	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	270	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
267	SSL_R_RENEGOTIATION_MISMATCH);	271	SSL_R_RENEGOTIATION_MISMATCH);
268	*al = SSL_AD_HANDSHAKE_FAILURE;	272	*al = SSL_AD_HANDSHAKE_FAILURE;
269	return 0;	273	return 0;
270	}	274	}
271	d += s->s3->previous_client_finished_len;	275	if (!CBS_mem_equal(&previous_server, s->s3->previous_server_finished,
272		276	CBS_len(&previous_server))) {
273	if (timingsafe_memcmp(d, s->s3->previous_server_finished,
274	s->s3->previous_server_finished_len)) {
275	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	277	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
276	SSL_R_RENEGOTIATION_MISMATCH);	278	SSL_R_RENEGOTIATION_MISMATCH);
277	*al = SSL_AD_ILLEGAL_PARAMETER;	279	*al = SSL_AD_ILLEGAL_PARAMETER;