diff options
| author | jsing <> | 2014-04-19 17:56:49 +0000 |
|---|---|---|
| committer | jsing <> | 2014-04-19 17:56:49 +0000 |
| commit | e115d67f9ff183b6ac943cb7894a771e9baca34e (patch) | |
| tree | 8233345fe89b36f5ba3881ff06bfd6ec01f2b316 | |
| parent | 8136714a88005c680ff47c13dc1c7bbce1600e9e (diff) | |
| download | openbsd-e115d67f9ff183b6ac943cb7894a771e9baca34e.tar.gz openbsd-e115d67f9ff183b6ac943cb7894a771e9baca34e.tar.bz2 openbsd-e115d67f9ff183b6ac943cb7894a771e9baca34e.zip | |
More KNF.
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_meth.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_reneg.c | 82 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_srvr.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/t1_meth.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/t1_reneg.c | 82 | ||||
| -rw-r--r-- | src/lib/libssl/t1_srvr.c | 12 |
6 files changed, 122 insertions, 90 deletions
diff --git a/src/lib/libssl/src/ssl/t1_meth.c b/src/lib/libssl/src/ssl/t1_meth.c index cf62fe5c3d..49fe9624a2 100644 --- a/src/lib/libssl/src/ssl/t1_meth.c +++ b/src/lib/libssl/src/ssl/t1_meth.c | |||
| @@ -5,21 +5,21 @@ | |||
| 5 | * This package is an SSL implementation written | 5 | * This package is an SSL implementation written |
| 6 | * by Eric Young (eay@cryptsoft.com). | 6 | * by Eric Young (eay@cryptsoft.com). |
| 7 | * The implementation was written so as to conform with Netscapes SSL. | 7 | * The implementation was written so as to conform with Netscapes SSL. |
| 8 | * | 8 | * |
| 9 | * This library is free for commercial and non-commercial use as long as | 9 | * This library is free for commercial and non-commercial use as long as |
| 10 | * the following conditions are aheared to. The following conditions | 10 | * the following conditions are aheared to. The following conditions |
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | 11 | * apply to all code found in this distribution, be it the RC4, RSA, |
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
| 13 | * included with this distribution is covered by the same copyright terms | 13 | * included with this distribution is covered by the same copyright terms |
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
| 15 | * | 15 | * |
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | 16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
| 17 | * the code are not to be removed. | 17 | * the code are not to be removed. |
| 18 | * If this package is used in a product, Eric Young should be given attribution | 18 | * If this package is used in a product, Eric Young should be given attribution |
| 19 | * as the author of the parts of the library used. | 19 | * as the author of the parts of the library used. |
| 20 | * This can be in the form of a textual message at program startup or | 20 | * This can be in the form of a textual message at program startup or |
| 21 | * in documentation (online or textual) provided with the package. | 21 | * in documentation (online or textual) provided with the package. |
| 22 | * | 22 | * |
| 23 | * Redistribution and use in source and binary forms, with or without | 23 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 24 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 25 | * are met: |
| @@ -34,10 +34,10 @@ | |||
| 34 | * Eric Young (eay@cryptsoft.com)" | 34 | * Eric Young (eay@cryptsoft.com)" |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 35 | * The word 'cryptographic' can be left out if the rouines from the library |
| 36 | * being used are not cryptographic related :-). | 36 | * being used are not cryptographic related :-). |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 38 | * the apps directory (application code) you must include an acknowledgement: |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
| 40 | * | 40 | * |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| @@ -49,7 +49,7 @@ | |||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 51 | * SUCH DAMAGE. | 51 | * SUCH DAMAGE. |
| 52 | * | 52 | * |
| 53 | * The licence and distribution terms for any publically available version or | 53 | * The licence and distribution terms for any publically available version or |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
diff --git a/src/lib/libssl/src/ssl/t1_reneg.c b/src/lib/libssl/src/ssl/t1_reneg.c index 86e0e61ffb..e08e7fedc6 100644 --- a/src/lib/libssl/src/ssl/t1_reneg.c +++ b/src/lib/libssl/src/ssl/t1_reneg.c | |||
| @@ -5,21 +5,21 @@ | |||
| 5 | * This package is an SSL implementation written | 5 | * This package is an SSL implementation written |
| 6 | * by Eric Young (eay@cryptsoft.com). | 6 | * by Eric Young (eay@cryptsoft.com). |
| 7 | * The implementation was written so as to conform with Netscapes SSL. | 7 | * The implementation was written so as to conform with Netscapes SSL. |
| 8 | * | 8 | * |
| 9 | * This library is free for commercial and non-commercial use as long as | 9 | * This library is free for commercial and non-commercial use as long as |
| 10 | * the following conditions are aheared to. The following conditions | 10 | * the following conditions are aheared to. The following conditions |
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | 11 | * apply to all code found in this distribution, be it the RC4, RSA, |
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
| 13 | * included with this distribution is covered by the same copyright terms | 13 | * included with this distribution is covered by the same copyright terms |
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
| 15 | * | 15 | * |
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | 16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
| 17 | * the code are not to be removed. | 17 | * the code are not to be removed. |
| 18 | * If this package is used in a product, Eric Young should be given attribution | 18 | * If this package is used in a product, Eric Young should be given attribution |
| 19 | * as the author of the parts of the library used. | 19 | * as the author of the parts of the library used. |
| 20 | * This can be in the form of a textual message at program startup or | 20 | * This can be in the form of a textual message at program startup or |
| 21 | * in documentation (online or textual) provided with the package. | 21 | * in documentation (online or textual) provided with the package. |
| 22 | * | 22 | * |
| 23 | * Redistribution and use in source and binary forms, with or without | 23 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 24 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 25 | * are met: |
| @@ -34,10 +34,10 @@ | |||
| 34 | * Eric Young (eay@cryptsoft.com)" | 34 | * Eric Young (eay@cryptsoft.com)" |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 35 | * The word 'cryptographic' can be left out if the rouines from the library |
| 36 | * being used are not cryptographic related :-). | 36 | * being used are not cryptographic related :-). |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 38 | * the apps directory (application code) you must include an acknowledgement: |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
| 40 | * | 40 | * |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| @@ -49,7 +49,7 @@ | |||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 51 | * SUCH DAMAGE. | 51 | * SUCH DAMAGE. |
| 52 | * | 52 | * |
| 53 | * The licence and distribution terms for any publically available version or | 53 | * The licence and distribution terms for any publically available version or |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| @@ -63,7 +63,7 @@ | |||
| 63 | * are met: | 63 | * are met: |
| 64 | * | 64 | * |
| 65 | * 1. Redistributions of source code must retain the above copyright | 65 | * 1. Redistributions of source code must retain the above copyright |
| 66 | * notice, this list of conditions and the following disclaimer. | 66 | * notice, this list of conditions and the following disclaimer. |
| 67 | * | 67 | * |
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | 68 | * 2. Redistributions in binary form must reproduce the above copyright |
| 69 | * notice, this list of conditions and the following disclaimer in | 69 | * notice, this list of conditions and the following disclaimer in |
| @@ -119,7 +119,8 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | |||
| 119 | { | 119 | { |
| 120 | if (p) { | 120 | if (p) { |
| 121 | if ((s->s3->previous_client_finished_len + 1) > maxlen) { | 121 | if ((s->s3->previous_client_finished_len + 1) > maxlen) { |
| 122 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATE_EXT_TOO_LONG); | 122 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, |
| 123 | SSL_R_RENEGOTIATE_EXT_TOO_LONG); | ||
| 123 | return 0; | 124 | return 0; |
| 124 | } | 125 | } |
| 125 | 126 | ||
| @@ -128,10 +129,11 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | |||
| 128 | p++; | 129 | p++; |
| 129 | 130 | ||
| 130 | memcpy(p, s->s3->previous_client_finished, | 131 | memcpy(p, s->s3->previous_client_finished, |
| 131 | s->s3->previous_client_finished_len); | 132 | s->s3->previous_client_finished_len); |
| 133 | |||
| 132 | #ifdef OPENSSL_RI_DEBUG | 134 | #ifdef OPENSSL_RI_DEBUG |
| 133 | fprintf(stderr, "%s RI extension sent by client\n", | 135 | fprintf(stderr, "%s RI extension sent by client\n", |
| 134 | s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); | 136 | s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); |
| 135 | #endif | 137 | #endif |
| 136 | } | 138 | } |
| 137 | 139 | ||
| @@ -150,7 +152,8 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, | |||
| 150 | 152 | ||
| 151 | /* Parse the length byte */ | 153 | /* Parse the length byte */ |
| 152 | if (len < 1) { | 154 | if (len < 1) { |
| 153 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); | 155 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, |
| 156 | SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
| 154 | *al = SSL_AD_ILLEGAL_PARAMETER; | 157 | *al = SSL_AD_ILLEGAL_PARAMETER; |
| 155 | return 0; | 158 | return 0; |
| 156 | } | 159 | } |
| @@ -159,27 +162,31 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, | |||
| 159 | 162 | ||
| 160 | /* Consistency check */ | 163 | /* Consistency check */ |
| 161 | if ((ilen + 1) != len) { | 164 | if ((ilen + 1) != len) { |
| 162 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); | 165 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, |
| 166 | SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
| 163 | *al = SSL_AD_ILLEGAL_PARAMETER; | 167 | *al = SSL_AD_ILLEGAL_PARAMETER; |
| 164 | return 0; | 168 | return 0; |
| 165 | } | 169 | } |
| 166 | 170 | ||
| 167 | /* Check that the extension matches */ | 171 | /* Check that the extension matches */ |
| 168 | if (ilen != s->s3->previous_client_finished_len) { | 172 | if (ilen != s->s3->previous_client_finished_len) { |
| 169 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); | 173 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, |
| 174 | SSL_R_RENEGOTIATION_MISMATCH); | ||
| 170 | *al = SSL_AD_HANDSHAKE_FAILURE; | 175 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 171 | return 0; | 176 | return 0; |
| 172 | } | 177 | } |
| 173 | 178 | ||
| 174 | if (memcmp(d, s->s3->previous_client_finished, | 179 | if (memcmp(d, s->s3->previous_client_finished, |
| 175 | s->s3->previous_client_finished_len)) { | 180 | s->s3->previous_client_finished_len)) { |
| 176 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); | 181 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, |
| 182 | SSL_R_RENEGOTIATION_MISMATCH); | ||
| 177 | *al = SSL_AD_HANDSHAKE_FAILURE; | 183 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 178 | return 0; | 184 | return 0; |
| 179 | } | 185 | } |
| 186 | |||
| 180 | #ifdef OPENSSL_RI_DEBUG | 187 | #ifdef OPENSSL_RI_DEBUG |
| 181 | fprintf(stderr, "%s RI extension received by server\n", | 188 | fprintf(stderr, "%s RI extension received by server\n", |
| 182 | ilen ? "Non-empty" : "Empty"); | 189 | ilen ? "Non-empty" : "Empty"); |
| 183 | #endif | 190 | #endif |
| 184 | 191 | ||
| 185 | s->s3->send_connection_binding = 1; | 192 | s->s3->send_connection_binding = 1; |
| @@ -194,29 +201,32 @@ ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | |||
| 194 | { | 201 | { |
| 195 | if (p) { | 202 | if (p) { |
| 196 | if ((s->s3->previous_client_finished_len + | 203 | if ((s->s3->previous_client_finished_len + |
| 197 | s->s3->previous_server_finished_len + 1) > maxlen) { | 204 | s->s3->previous_server_finished_len + 1) > maxlen) { |
| 198 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATE_EXT_TOO_LONG); | 205 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, |
| 206 | SSL_R_RENEGOTIATE_EXT_TOO_LONG); | ||
| 199 | return 0; | 207 | return 0; |
| 200 | } | 208 | } |
| 201 | 209 | ||
| 202 | /* Length byte */ | 210 | /* Length byte */ |
| 203 | *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len; | 211 | *p = s->s3->previous_client_finished_len + |
| 212 | s->s3->previous_server_finished_len; | ||
| 204 | p++; | 213 | p++; |
| 205 | 214 | ||
| 206 | memcpy(p, s->s3->previous_client_finished, | 215 | memcpy(p, s->s3->previous_client_finished, |
| 207 | s->s3->previous_client_finished_len); | 216 | s->s3->previous_client_finished_len); |
| 208 | p += s->s3->previous_client_finished_len; | 217 | p += s->s3->previous_client_finished_len; |
| 209 | 218 | ||
| 210 | memcpy(p, s->s3->previous_server_finished, | 219 | memcpy(p, s->s3->previous_server_finished, |
| 211 | s->s3->previous_server_finished_len); | 220 | s->s3->previous_server_finished_len); |
| 221 | |||
| 212 | #ifdef OPENSSL_RI_DEBUG | 222 | #ifdef OPENSSL_RI_DEBUG |
| 213 | fprintf(stderr, "%s RI extension sent by server\n", | 223 | fprintf(stderr, "%s RI extension sent by server\n", |
| 214 | s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); | 224 | s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); |
| 215 | #endif | 225 | #endif |
| 216 | } | 226 | } |
| 217 | 227 | ||
| 218 | *len = s->s3->previous_client_finished_len | 228 | *len = s->s3->previous_client_finished_len + |
| 219 | + s->s3->previous_server_finished_len + 1; | 229 | s->s3->previous_server_finished_len + 1; |
| 220 | 230 | ||
| 221 | return 1; | 231 | return 1; |
| 222 | } | 232 | } |
| @@ -227,8 +237,8 @@ int | |||
| 227 | ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, | 237 | ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, |
| 228 | int *al) | 238 | int *al) |
| 229 | { | 239 | { |
| 230 | int expected_len = s->s3->previous_client_finished_len | 240 | int expected_len = s->s3->previous_client_finished_len + |
| 231 | + s->s3->previous_server_finished_len; | 241 | s->s3->previous_server_finished_len; |
| 232 | int ilen; | 242 | int ilen; |
| 233 | 243 | ||
| 234 | /* Check for logic errors */ | 244 | /* Check for logic errors */ |
| @@ -237,7 +247,8 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, | |||
| 237 | 247 | ||
| 238 | /* Parse the length byte */ | 248 | /* Parse the length byte */ |
| 239 | if (len < 1) { | 249 | if (len < 1) { |
| 240 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); | 250 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
| 251 | SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
| 241 | *al = SSL_AD_ILLEGAL_PARAMETER; | 252 | *al = SSL_AD_ILLEGAL_PARAMETER; |
| 242 | return 0; | 253 | return 0; |
| 243 | } | 254 | } |
| @@ -246,32 +257,37 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, | |||
| 246 | 257 | ||
| 247 | /* Consistency check */ | 258 | /* Consistency check */ |
| 248 | if (ilen + 1 != len) { | 259 | if (ilen + 1 != len) { |
| 249 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); | 260 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
| 261 | SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
| 250 | *al = SSL_AD_ILLEGAL_PARAMETER; | 262 | *al = SSL_AD_ILLEGAL_PARAMETER; |
| 251 | return 0; | 263 | return 0; |
| 252 | } | 264 | } |
| 253 | 265 | ||
| 254 | /* Check that the extension matches */ | 266 | /* Check that the extension matches */ |
| 255 | if (ilen != expected_len) { | 267 | if (ilen != expected_len) { |
| 256 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); | 268 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
| 269 | SSL_R_RENEGOTIATION_MISMATCH); | ||
| 257 | *al = SSL_AD_HANDSHAKE_FAILURE; | 270 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 258 | return 0; | 271 | return 0; |
| 259 | } | 272 | } |
| 260 | 273 | ||
| 261 | if (memcmp(d, s->s3->previous_client_finished, | 274 | if (memcmp(d, s->s3->previous_client_finished, |
| 262 | s->s3->previous_client_finished_len)) { | 275 | s->s3->previous_client_finished_len)) { |
| 263 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); | 276 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
| 277 | SSL_R_RENEGOTIATION_MISMATCH); | ||
| 264 | *al = SSL_AD_HANDSHAKE_FAILURE; | 278 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 265 | return 0; | 279 | return 0; |
| 266 | } | 280 | } |
| 267 | d += s->s3->previous_client_finished_len; | 281 | d += s->s3->previous_client_finished_len; |
| 268 | 282 | ||
| 269 | if (memcmp(d, s->s3->previous_server_finished, | 283 | if (memcmp(d, s->s3->previous_server_finished, |
| 270 | s->s3->previous_server_finished_len)) { | 284 | s->s3->previous_server_finished_len)) { |
| 271 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); | 285 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
| 286 | SSL_R_RENEGOTIATION_MISMATCH); | ||
| 272 | *al = SSL_AD_ILLEGAL_PARAMETER; | 287 | *al = SSL_AD_ILLEGAL_PARAMETER; |
| 273 | return 0; | 288 | return 0; |
| 274 | } | 289 | } |
| 290 | |||
| 275 | #ifdef OPENSSL_RI_DEBUG | 291 | #ifdef OPENSSL_RI_DEBUG |
| 276 | fprintf(stderr, "%s RI extension received by client\n", | 292 | fprintf(stderr, "%s RI extension received by client\n", |
| 277 | ilen ? "Non-empty" : "Empty"); | 293 | ilen ? "Non-empty" : "Empty"); |
diff --git a/src/lib/libssl/src/ssl/t1_srvr.c b/src/lib/libssl/src/ssl/t1_srvr.c index c0d186e425..01220072f1 100644 --- a/src/lib/libssl/src/ssl/t1_srvr.c +++ b/src/lib/libssl/src/ssl/t1_srvr.c | |||
| @@ -5,21 +5,21 @@ | |||
| 5 | * This package is an SSL implementation written | 5 | * This package is an SSL implementation written |
| 6 | * by Eric Young (eay@cryptsoft.com). | 6 | * by Eric Young (eay@cryptsoft.com). |
| 7 | * The implementation was written so as to conform with Netscapes SSL. | 7 | * The implementation was written so as to conform with Netscapes SSL. |
| 8 | * | 8 | * |
| 9 | * This library is free for commercial and non-commercial use as long as | 9 | * This library is free for commercial and non-commercial use as long as |
| 10 | * the following conditions are aheared to. The following conditions | 10 | * the following conditions are aheared to. The following conditions |
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | 11 | * apply to all code found in this distribution, be it the RC4, RSA, |
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
| 13 | * included with this distribution is covered by the same copyright terms | 13 | * included with this distribution is covered by the same copyright terms |
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
| 15 | * | 15 | * |
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | 16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
| 17 | * the code are not to be removed. | 17 | * the code are not to be removed. |
| 18 | * If this package is used in a product, Eric Young should be given attribution | 18 | * If this package is used in a product, Eric Young should be given attribution |
| 19 | * as the author of the parts of the library used. | 19 | * as the author of the parts of the library used. |
| 20 | * This can be in the form of a textual message at program startup or | 20 | * This can be in the form of a textual message at program startup or |
| 21 | * in documentation (online or textual) provided with the package. | 21 | * in documentation (online or textual) provided with the package. |
| 22 | * | 22 | * |
| 23 | * Redistribution and use in source and binary forms, with or without | 23 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 24 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 25 | * are met: |
| @@ -34,10 +34,10 @@ | |||
| 34 | * Eric Young (eay@cryptsoft.com)" | 34 | * Eric Young (eay@cryptsoft.com)" |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 35 | * The word 'cryptographic' can be left out if the rouines from the library |
| 36 | * being used are not cryptographic related :-). | 36 | * being used are not cryptographic related :-). |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 38 | * the apps directory (application code) you must include an acknowledgement: |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
| 40 | * | 40 | * |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| @@ -49,7 +49,7 @@ | |||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 51 | * SUCH DAMAGE. | 51 | * SUCH DAMAGE. |
| 52 | * | 52 | * |
| 53 | * The licence and distribution terms for any publically available version or | 53 | * The licence and distribution terms for any publically available version or |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c index cf62fe5c3d..49fe9624a2 100644 --- a/src/lib/libssl/t1_meth.c +++ b/src/lib/libssl/t1_meth.c | |||
| @@ -5,21 +5,21 @@ | |||
| 5 | * This package is an SSL implementation written | 5 | * This package is an SSL implementation written |
| 6 | * by Eric Young (eay@cryptsoft.com). | 6 | * by Eric Young (eay@cryptsoft.com). |
| 7 | * The implementation was written so as to conform with Netscapes SSL. | 7 | * The implementation was written so as to conform with Netscapes SSL. |
| 8 | * | 8 | * |
| 9 | * This library is free for commercial and non-commercial use as long as | 9 | * This library is free for commercial and non-commercial use as long as |
| 10 | * the following conditions are aheared to. The following conditions | 10 | * the following conditions are aheared to. The following conditions |
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | 11 | * apply to all code found in this distribution, be it the RC4, RSA, |
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
| 13 | * included with this distribution is covered by the same copyright terms | 13 | * included with this distribution is covered by the same copyright terms |
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
| 15 | * | 15 | * |
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | 16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
| 17 | * the code are not to be removed. | 17 | * the code are not to be removed. |
| 18 | * If this package is used in a product, Eric Young should be given attribution | 18 | * If this package is used in a product, Eric Young should be given attribution |
| 19 | * as the author of the parts of the library used. | 19 | * as the author of the parts of the library used. |
| 20 | * This can be in the form of a textual message at program startup or | 20 | * This can be in the form of a textual message at program startup or |
| 21 | * in documentation (online or textual) provided with the package. | 21 | * in documentation (online or textual) provided with the package. |
| 22 | * | 22 | * |
| 23 | * Redistribution and use in source and binary forms, with or without | 23 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 24 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 25 | * are met: |
| @@ -34,10 +34,10 @@ | |||
| 34 | * Eric Young (eay@cryptsoft.com)" | 34 | * Eric Young (eay@cryptsoft.com)" |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 35 | * The word 'cryptographic' can be left out if the rouines from the library |
| 36 | * being used are not cryptographic related :-). | 36 | * being used are not cryptographic related :-). |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 38 | * the apps directory (application code) you must include an acknowledgement: |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
| 40 | * | 40 | * |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| @@ -49,7 +49,7 @@ | |||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 51 | * SUCH DAMAGE. | 51 | * SUCH DAMAGE. |
| 52 | * | 52 | * |
| 53 | * The licence and distribution terms for any publically available version or | 53 | * The licence and distribution terms for any publically available version or |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c index 86e0e61ffb..e08e7fedc6 100644 --- a/src/lib/libssl/t1_reneg.c +++ b/src/lib/libssl/t1_reneg.c | |||
| @@ -5,21 +5,21 @@ | |||
| 5 | * This package is an SSL implementation written | 5 | * This package is an SSL implementation written |
| 6 | * by Eric Young (eay@cryptsoft.com). | 6 | * by Eric Young (eay@cryptsoft.com). |
| 7 | * The implementation was written so as to conform with Netscapes SSL. | 7 | * The implementation was written so as to conform with Netscapes SSL. |
| 8 | * | 8 | * |
| 9 | * This library is free for commercial and non-commercial use as long as | 9 | * This library is free for commercial and non-commercial use as long as |
| 10 | * the following conditions are aheared to. The following conditions | 10 | * the following conditions are aheared to. The following conditions |
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | 11 | * apply to all code found in this distribution, be it the RC4, RSA, |
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
| 13 | * included with this distribution is covered by the same copyright terms | 13 | * included with this distribution is covered by the same copyright terms |
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
| 15 | * | 15 | * |
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | 16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
| 17 | * the code are not to be removed. | 17 | * the code are not to be removed. |
| 18 | * If this package is used in a product, Eric Young should be given attribution | 18 | * If this package is used in a product, Eric Young should be given attribution |
| 19 | * as the author of the parts of the library used. | 19 | * as the author of the parts of the library used. |
| 20 | * This can be in the form of a textual message at program startup or | 20 | * This can be in the form of a textual message at program startup or |
| 21 | * in documentation (online or textual) provided with the package. | 21 | * in documentation (online or textual) provided with the package. |
| 22 | * | 22 | * |
| 23 | * Redistribution and use in source and binary forms, with or without | 23 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 24 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 25 | * are met: |
| @@ -34,10 +34,10 @@ | |||
| 34 | * Eric Young (eay@cryptsoft.com)" | 34 | * Eric Young (eay@cryptsoft.com)" |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 35 | * The word 'cryptographic' can be left out if the rouines from the library |
| 36 | * being used are not cryptographic related :-). | 36 | * being used are not cryptographic related :-). |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 38 | * the apps directory (application code) you must include an acknowledgement: |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
| 40 | * | 40 | * |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| @@ -49,7 +49,7 @@ | |||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 51 | * SUCH DAMAGE. | 51 | * SUCH DAMAGE. |
| 52 | * | 52 | * |
| 53 | * The licence and distribution terms for any publically available version or | 53 | * The licence and distribution terms for any publically available version or |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| @@ -63,7 +63,7 @@ | |||
| 63 | * are met: | 63 | * are met: |
| 64 | * | 64 | * |
| 65 | * 1. Redistributions of source code must retain the above copyright | 65 | * 1. Redistributions of source code must retain the above copyright |
| 66 | * notice, this list of conditions and the following disclaimer. | 66 | * notice, this list of conditions and the following disclaimer. |
| 67 | * | 67 | * |
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | 68 | * 2. Redistributions in binary form must reproduce the above copyright |
| 69 | * notice, this list of conditions and the following disclaimer in | 69 | * notice, this list of conditions and the following disclaimer in |
| @@ -119,7 +119,8 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | |||
| 119 | { | 119 | { |
| 120 | if (p) { | 120 | if (p) { |
| 121 | if ((s->s3->previous_client_finished_len + 1) > maxlen) { | 121 | if ((s->s3->previous_client_finished_len + 1) > maxlen) { |
| 122 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATE_EXT_TOO_LONG); | 122 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, |
| 123 | SSL_R_RENEGOTIATE_EXT_TOO_LONG); | ||
| 123 | return 0; | 124 | return 0; |
| 124 | } | 125 | } |
| 125 | 126 | ||
| @@ -128,10 +129,11 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | |||
| 128 | p++; | 129 | p++; |
| 129 | 130 | ||
| 130 | memcpy(p, s->s3->previous_client_finished, | 131 | memcpy(p, s->s3->previous_client_finished, |
| 131 | s->s3->previous_client_finished_len); | 132 | s->s3->previous_client_finished_len); |
| 133 | |||
| 132 | #ifdef OPENSSL_RI_DEBUG | 134 | #ifdef OPENSSL_RI_DEBUG |
| 133 | fprintf(stderr, "%s RI extension sent by client\n", | 135 | fprintf(stderr, "%s RI extension sent by client\n", |
| 134 | s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); | 136 | s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); |
| 135 | #endif | 137 | #endif |
| 136 | } | 138 | } |
| 137 | 139 | ||
| @@ -150,7 +152,8 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, | |||
| 150 | 152 | ||
| 151 | /* Parse the length byte */ | 153 | /* Parse the length byte */ |
| 152 | if (len < 1) { | 154 | if (len < 1) { |
| 153 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); | 155 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, |
| 156 | SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
| 154 | *al = SSL_AD_ILLEGAL_PARAMETER; | 157 | *al = SSL_AD_ILLEGAL_PARAMETER; |
| 155 | return 0; | 158 | return 0; |
| 156 | } | 159 | } |
| @@ -159,27 +162,31 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, | |||
| 159 | 162 | ||
| 160 | /* Consistency check */ | 163 | /* Consistency check */ |
| 161 | if ((ilen + 1) != len) { | 164 | if ((ilen + 1) != len) { |
| 162 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); | 165 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, |
| 166 | SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
| 163 | *al = SSL_AD_ILLEGAL_PARAMETER; | 167 | *al = SSL_AD_ILLEGAL_PARAMETER; |
| 164 | return 0; | 168 | return 0; |
| 165 | } | 169 | } |
| 166 | 170 | ||
| 167 | /* Check that the extension matches */ | 171 | /* Check that the extension matches */ |
| 168 | if (ilen != s->s3->previous_client_finished_len) { | 172 | if (ilen != s->s3->previous_client_finished_len) { |
| 169 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); | 173 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, |
| 174 | SSL_R_RENEGOTIATION_MISMATCH); | ||
| 170 | *al = SSL_AD_HANDSHAKE_FAILURE; | 175 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 171 | return 0; | 176 | return 0; |
| 172 | } | 177 | } |
| 173 | 178 | ||
| 174 | if (memcmp(d, s->s3->previous_client_finished, | 179 | if (memcmp(d, s->s3->previous_client_finished, |
| 175 | s->s3->previous_client_finished_len)) { | 180 | s->s3->previous_client_finished_len)) { |
| 176 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); | 181 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, |
| 182 | SSL_R_RENEGOTIATION_MISMATCH); | ||
| 177 | *al = SSL_AD_HANDSHAKE_FAILURE; | 183 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 178 | return 0; | 184 | return 0; |
| 179 | } | 185 | } |
| 186 | |||
| 180 | #ifdef OPENSSL_RI_DEBUG | 187 | #ifdef OPENSSL_RI_DEBUG |
| 181 | fprintf(stderr, "%s RI extension received by server\n", | 188 | fprintf(stderr, "%s RI extension received by server\n", |
| 182 | ilen ? "Non-empty" : "Empty"); | 189 | ilen ? "Non-empty" : "Empty"); |
| 183 | #endif | 190 | #endif |
| 184 | 191 | ||
| 185 | s->s3->send_connection_binding = 1; | 192 | s->s3->send_connection_binding = 1; |
| @@ -194,29 +201,32 @@ ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | |||
| 194 | { | 201 | { |
| 195 | if (p) { | 202 | if (p) { |
| 196 | if ((s->s3->previous_client_finished_len + | 203 | if ((s->s3->previous_client_finished_len + |
| 197 | s->s3->previous_server_finished_len + 1) > maxlen) { | 204 | s->s3->previous_server_finished_len + 1) > maxlen) { |
| 198 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATE_EXT_TOO_LONG); | 205 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, |
| 206 | SSL_R_RENEGOTIATE_EXT_TOO_LONG); | ||
| 199 | return 0; | 207 | return 0; |
| 200 | } | 208 | } |
| 201 | 209 | ||
| 202 | /* Length byte */ | 210 | /* Length byte */ |
| 203 | *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len; | 211 | *p = s->s3->previous_client_finished_len + |
| 212 | s->s3->previous_server_finished_len; | ||
| 204 | p++; | 213 | p++; |
| 205 | 214 | ||
| 206 | memcpy(p, s->s3->previous_client_finished, | 215 | memcpy(p, s->s3->previous_client_finished, |
| 207 | s->s3->previous_client_finished_len); | 216 | s->s3->previous_client_finished_len); |
| 208 | p += s->s3->previous_client_finished_len; | 217 | p += s->s3->previous_client_finished_len; |
| 209 | 218 | ||
| 210 | memcpy(p, s->s3->previous_server_finished, | 219 | memcpy(p, s->s3->previous_server_finished, |
| 211 | s->s3->previous_server_finished_len); | 220 | s->s3->previous_server_finished_len); |
| 221 | |||
| 212 | #ifdef OPENSSL_RI_DEBUG | 222 | #ifdef OPENSSL_RI_DEBUG |
| 213 | fprintf(stderr, "%s RI extension sent by server\n", | 223 | fprintf(stderr, "%s RI extension sent by server\n", |
| 214 | s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); | 224 | s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); |
| 215 | #endif | 225 | #endif |
| 216 | } | 226 | } |
| 217 | 227 | ||
| 218 | *len = s->s3->previous_client_finished_len | 228 | *len = s->s3->previous_client_finished_len + |
| 219 | + s->s3->previous_server_finished_len + 1; | 229 | s->s3->previous_server_finished_len + 1; |
| 220 | 230 | ||
| 221 | return 1; | 231 | return 1; |
| 222 | } | 232 | } |
| @@ -227,8 +237,8 @@ int | |||
| 227 | ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, | 237 | ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, |
| 228 | int *al) | 238 | int *al) |
| 229 | { | 239 | { |
| 230 | int expected_len = s->s3->previous_client_finished_len | 240 | int expected_len = s->s3->previous_client_finished_len + |
| 231 | + s->s3->previous_server_finished_len; | 241 | s->s3->previous_server_finished_len; |
| 232 | int ilen; | 242 | int ilen; |
| 233 | 243 | ||
| 234 | /* Check for logic errors */ | 244 | /* Check for logic errors */ |
| @@ -237,7 +247,8 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, | |||
| 237 | 247 | ||
| 238 | /* Parse the length byte */ | 248 | /* Parse the length byte */ |
| 239 | if (len < 1) { | 249 | if (len < 1) { |
| 240 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); | 250 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
| 251 | SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
| 241 | *al = SSL_AD_ILLEGAL_PARAMETER; | 252 | *al = SSL_AD_ILLEGAL_PARAMETER; |
| 242 | return 0; | 253 | return 0; |
| 243 | } | 254 | } |
| @@ -246,32 +257,37 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, | |||
| 246 | 257 | ||
| 247 | /* Consistency check */ | 258 | /* Consistency check */ |
| 248 | if (ilen + 1 != len) { | 259 | if (ilen + 1 != len) { |
| 249 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); | 260 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
| 261 | SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
| 250 | *al = SSL_AD_ILLEGAL_PARAMETER; | 262 | *al = SSL_AD_ILLEGAL_PARAMETER; |
| 251 | return 0; | 263 | return 0; |
| 252 | } | 264 | } |
| 253 | 265 | ||
| 254 | /* Check that the extension matches */ | 266 | /* Check that the extension matches */ |
| 255 | if (ilen != expected_len) { | 267 | if (ilen != expected_len) { |
| 256 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); | 268 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
| 269 | SSL_R_RENEGOTIATION_MISMATCH); | ||
| 257 | *al = SSL_AD_HANDSHAKE_FAILURE; | 270 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 258 | return 0; | 271 | return 0; |
| 259 | } | 272 | } |
| 260 | 273 | ||
| 261 | if (memcmp(d, s->s3->previous_client_finished, | 274 | if (memcmp(d, s->s3->previous_client_finished, |
| 262 | s->s3->previous_client_finished_len)) { | 275 | s->s3->previous_client_finished_len)) { |
| 263 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); | 276 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
| 277 | SSL_R_RENEGOTIATION_MISMATCH); | ||
| 264 | *al = SSL_AD_HANDSHAKE_FAILURE; | 278 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 265 | return 0; | 279 | return 0; |
| 266 | } | 280 | } |
| 267 | d += s->s3->previous_client_finished_len; | 281 | d += s->s3->previous_client_finished_len; |
| 268 | 282 | ||
| 269 | if (memcmp(d, s->s3->previous_server_finished, | 283 | if (memcmp(d, s->s3->previous_server_finished, |
| 270 | s->s3->previous_server_finished_len)) { | 284 | s->s3->previous_server_finished_len)) { |
| 271 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); | 285 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
| 286 | SSL_R_RENEGOTIATION_MISMATCH); | ||
| 272 | *al = SSL_AD_ILLEGAL_PARAMETER; | 287 | *al = SSL_AD_ILLEGAL_PARAMETER; |
| 273 | return 0; | 288 | return 0; |
| 274 | } | 289 | } |
| 290 | |||
| 275 | #ifdef OPENSSL_RI_DEBUG | 291 | #ifdef OPENSSL_RI_DEBUG |
| 276 | fprintf(stderr, "%s RI extension received by client\n", | 292 | fprintf(stderr, "%s RI extension received by client\n", |
| 277 | ilen ? "Non-empty" : "Empty"); | 293 | ilen ? "Non-empty" : "Empty"); |
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c index c0d186e425..01220072f1 100644 --- a/src/lib/libssl/t1_srvr.c +++ b/src/lib/libssl/t1_srvr.c | |||
| @@ -5,21 +5,21 @@ | |||
| 5 | * This package is an SSL implementation written | 5 | * This package is an SSL implementation written |
| 6 | * by Eric Young (eay@cryptsoft.com). | 6 | * by Eric Young (eay@cryptsoft.com). |
| 7 | * The implementation was written so as to conform with Netscapes SSL. | 7 | * The implementation was written so as to conform with Netscapes SSL. |
| 8 | * | 8 | * |
| 9 | * This library is free for commercial and non-commercial use as long as | 9 | * This library is free for commercial and non-commercial use as long as |
| 10 | * the following conditions are aheared to. The following conditions | 10 | * the following conditions are aheared to. The following conditions |
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | 11 | * apply to all code found in this distribution, be it the RC4, RSA, |
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
| 13 | * included with this distribution is covered by the same copyright terms | 13 | * included with this distribution is covered by the same copyright terms |
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
| 15 | * | 15 | * |
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | 16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
| 17 | * the code are not to be removed. | 17 | * the code are not to be removed. |
| 18 | * If this package is used in a product, Eric Young should be given attribution | 18 | * If this package is used in a product, Eric Young should be given attribution |
| 19 | * as the author of the parts of the library used. | 19 | * as the author of the parts of the library used. |
| 20 | * This can be in the form of a textual message at program startup or | 20 | * This can be in the form of a textual message at program startup or |
| 21 | * in documentation (online or textual) provided with the package. | 21 | * in documentation (online or textual) provided with the package. |
| 22 | * | 22 | * |
| 23 | * Redistribution and use in source and binary forms, with or without | 23 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 24 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 25 | * are met: |
| @@ -34,10 +34,10 @@ | |||
| 34 | * Eric Young (eay@cryptsoft.com)" | 34 | * Eric Young (eay@cryptsoft.com)" |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 35 | * The word 'cryptographic' can be left out if the rouines from the library |
| 36 | * being used are not cryptographic related :-). | 36 | * being used are not cryptographic related :-). |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 38 | * the apps directory (application code) you must include an acknowledgement: |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
| 40 | * | 40 | * |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| @@ -49,7 +49,7 @@ | |||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 51 | * SUCH DAMAGE. | 51 | * SUCH DAMAGE. |
| 52 | * | 52 | * |
| 53 | * The licence and distribution terms for any publically available version or | 53 | * The licence and distribution terms for any publically available version or |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |