diff options
| author | tb <> | 2022-07-24 10:52:51 +0000 |
|---|---|---|
| committer | tb <> | 2022-07-24 10:52:51 +0000 |
| commit | d7c47c20d5f183b9417a79c956e0563e69e243cc (patch) | |
| tree | 73663f72c63e0a16eb70a2ac904c21b062e2d6f1 /src | |
| parent | c6dd71252b6c9201b8a8d7cf63bdace12547b030 (diff) | |
| download | openbsd-d7c47c20d5f183b9417a79c956e0563e69e243cc.tar.gz openbsd-d7c47c20d5f183b9417a79c956e0563e69e243cc.tar.bz2 openbsd-d7c47c20d5f183b9417a79c956e0563e69e243cc.zip | |
Rely on tlsext_parse() to set a decode_error alert
Instead of setting the alert manually in various parse handlers, we can
make use of the fact that tlsext_parse() sets the alert to decode_error
by default. This simplifies the code quite a bit.
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 126 |
1 files changed, 47 insertions, 79 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index ab6450deab..033608e03e 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.126 2022/07/22 13:10:31 tb Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.127 2022/07/24 10:52:51 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -92,10 +92,10 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert) | |||
| 92 | int r; | 92 | int r; |
| 93 | 93 | ||
| 94 | if (!CBS_get_u16_length_prefixed(cbs, &alpn)) | 94 | if (!CBS_get_u16_length_prefixed(cbs, &alpn)) |
| 95 | goto err; | 95 | return 0; |
| 96 | 96 | ||
| 97 | if (!tlsext_alpn_check_format(&alpn)) | 97 | if (!tlsext_alpn_check_format(&alpn)) |
| 98 | goto err; | 98 | return 0; |
| 99 | 99 | ||
| 100 | if (s->ctx->internal->alpn_select_cb == NULL) | 100 | if (s->ctx->internal->alpn_select_cb == NULL) |
| 101 | return 1; | 101 | return 1; |
| @@ -132,10 +132,6 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert) | |||
| 132 | SSLerror(s, SSL_R_NO_APPLICATION_PROTOCOL); | 132 | SSLerror(s, SSL_R_NO_APPLICATION_PROTOCOL); |
| 133 | 133 | ||
| 134 | return 0; | 134 | return 0; |
| 135 | |||
| 136 | err: | ||
| 137 | *alert = SSL_AD_DECODE_ERROR; | ||
| 138 | return 0; | ||
| 139 | } | 135 | } |
| 140 | 136 | ||
| 141 | int | 137 | int |
| @@ -176,24 +172,20 @@ tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 176 | } | 172 | } |
| 177 | 173 | ||
| 178 | if (!CBS_get_u16_length_prefixed(cbs, &list)) | 174 | if (!CBS_get_u16_length_prefixed(cbs, &list)) |
| 179 | goto err; | 175 | return 0; |
| 180 | 176 | ||
| 181 | if (!CBS_get_u8_length_prefixed(&list, &proto)) | 177 | if (!CBS_get_u8_length_prefixed(&list, &proto)) |
| 182 | goto err; | 178 | return 0; |
| 183 | 179 | ||
| 184 | if (CBS_len(&list) != 0) | 180 | if (CBS_len(&list) != 0) |
| 185 | goto err; | 181 | return 0; |
| 186 | if (CBS_len(&proto) == 0) | 182 | if (CBS_len(&proto) == 0) |
| 187 | goto err; | 183 | return 0; |
| 188 | 184 | ||
| 189 | if (!CBS_stow(&proto, &s->s3->alpn_selected, &s->s3->alpn_selected_len)) | 185 | if (!CBS_stow(&proto, &s->s3->alpn_selected, &s->s3->alpn_selected_len)) |
| 190 | goto err; | 186 | return 0; |
| 191 | 187 | ||
| 192 | return 1; | 188 | return 1; |
| 193 | |||
| 194 | err: | ||
| 195 | *alert = SSL_AD_DECODE_ERROR; | ||
| 196 | return 0; | ||
| 197 | } | 189 | } |
| 198 | 190 | ||
| 199 | /* | 191 | /* |
| @@ -246,11 +238,11 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, | |||
| 246 | int i; | 238 | int i; |
| 247 | 239 | ||
| 248 | if (!CBS_get_u16_length_prefixed(cbs, &grouplist)) | 240 | if (!CBS_get_u16_length_prefixed(cbs, &grouplist)) |
| 249 | goto err; | 241 | return 0; |
| 250 | 242 | ||
| 251 | groups_len = CBS_len(&grouplist); | 243 | groups_len = CBS_len(&grouplist); |
| 252 | if (groups_len == 0 || groups_len % 2 != 0) | 244 | if (groups_len == 0 || groups_len % 2 != 0) |
| 253 | goto err; | 245 | return 0; |
| 254 | groups_len /= 2; | 246 | groups_len /= 2; |
| 255 | 247 | ||
| 256 | if (s->internal->hit) | 248 | if (s->internal->hit) |
| @@ -271,7 +263,7 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, | |||
| 271 | } | 263 | } |
| 272 | 264 | ||
| 273 | if (s->session->tlsext_supportedgroups != NULL) | 265 | if (s->session->tlsext_supportedgroups != NULL) |
| 274 | goto err; | 266 | return 0; /* XXX internal error? */ |
| 275 | 267 | ||
| 276 | if ((groups = reallocarray(NULL, groups_len, sizeof(uint16_t))) == NULL) { | 268 | if ((groups = reallocarray(NULL, groups_len, sizeof(uint16_t))) == NULL) { |
| 277 | *alert = SSL_AD_INTERNAL_ERROR; | 269 | *alert = SSL_AD_INTERNAL_ERROR; |
| @@ -281,23 +273,19 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, | |||
| 281 | for (i = 0; i < groups_len; i++) { | 273 | for (i = 0; i < groups_len; i++) { |
| 282 | if (!CBS_get_u16(&grouplist, &groups[i])) { | 274 | if (!CBS_get_u16(&grouplist, &groups[i])) { |
| 283 | free(groups); | 275 | free(groups); |
| 284 | goto err; | 276 | return 0; |
| 285 | } | 277 | } |
| 286 | } | 278 | } |
| 287 | 279 | ||
| 288 | if (CBS_len(&grouplist) != 0) { | 280 | if (CBS_len(&grouplist) != 0) { |
| 289 | free(groups); | 281 | free(groups); |
| 290 | goto err; | 282 | return 0; |
| 291 | } | 283 | } |
| 292 | 284 | ||
| 293 | s->session->tlsext_supportedgroups = groups; | 285 | s->session->tlsext_supportedgroups = groups; |
| 294 | s->session->tlsext_supportedgroups_length = groups_len; | 286 | s->session->tlsext_supportedgroups_length = groups_len; |
| 295 | 287 | ||
| 296 | return 1; | 288 | return 1; |
| 297 | |||
| 298 | err: | ||
| 299 | *alert = SSL_AD_DECODE_ERROR; | ||
| 300 | return 0; | ||
| 301 | } | 289 | } |
| 302 | 290 | ||
| 303 | /* This extension is never used by the server. */ | 291 | /* This extension is never used by the server. */ |
| @@ -456,8 +444,10 @@ tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 456 | { | 444 | { |
| 457 | CBS reneg; | 445 | CBS reneg; |
| 458 | 446 | ||
| 459 | if (!CBS_get_u8_length_prefixed(cbs, &reneg)) | 447 | if (!CBS_get_u8_length_prefixed(cbs, &reneg)) { |
| 460 | goto err; | 448 | SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); |
| 449 | return 0; | ||
| 450 | } | ||
| 461 | 451 | ||
| 462 | if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished, | 452 | if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished, |
| 463 | s->s3->previous_client_finished_len)) { | 453 | s->s3->previous_client_finished_len)) { |
| @@ -470,11 +460,6 @@ tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 470 | s->s3->send_connection_binding = 1; | 460 | s->s3->send_connection_binding = 1; |
| 471 | 461 | ||
| 472 | return 1; | 462 | return 1; |
| 473 | |||
| 474 | err: | ||
| 475 | SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
| 476 | *alert = SSL_AD_DECODE_ERROR; | ||
| 477 | return 0; | ||
| 478 | } | 463 | } |
| 479 | 464 | ||
| 480 | int | 465 | int |
| @@ -520,16 +505,24 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 520 | return 0; | 505 | return 0; |
| 521 | } | 506 | } |
| 522 | 507 | ||
| 523 | if (!CBS_get_u8_length_prefixed(cbs, &reneg)) | 508 | if (!CBS_get_u8_length_prefixed(cbs, &reneg)) { |
| 524 | goto err; | 509 | SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); |
| 510 | return 0; | ||
| 511 | } | ||
| 525 | if (!CBS_get_bytes(&reneg, &prev_client, | 512 | if (!CBS_get_bytes(&reneg, &prev_client, |
| 526 | s->s3->previous_client_finished_len)) | 513 | s->s3->previous_client_finished_len)) { |
| 527 | goto err; | 514 | SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); |
| 515 | return 0; | ||
| 516 | } | ||
| 528 | if (!CBS_get_bytes(&reneg, &prev_server, | 517 | if (!CBS_get_bytes(&reneg, &prev_server, |
| 529 | s->s3->previous_server_finished_len)) | 518 | s->s3->previous_server_finished_len)) { |
| 530 | goto err; | 519 | SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); |
| 531 | if (CBS_len(&reneg) != 0) | 520 | return 0; |
| 532 | goto err; | 521 | } |
| 522 | if (CBS_len(&reneg) != 0) { | ||
| 523 | SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
| 524 | return 0; | ||
| 525 | } | ||
| 533 | 526 | ||
| 534 | if (!CBS_mem_equal(&prev_client, s->s3->previous_client_finished, | 527 | if (!CBS_mem_equal(&prev_client, s->s3->previous_client_finished, |
| 535 | s->s3->previous_client_finished_len)) { | 528 | s->s3->previous_client_finished_len)) { |
| @@ -548,11 +541,6 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 548 | s->s3->send_connection_binding = 1; | 541 | s->s3->send_connection_binding = 1; |
| 549 | 542 | ||
| 550 | return 1; | 543 | return 1; |
| 551 | |||
| 552 | err: | ||
| 553 | SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
| 554 | *alert = SSL_AD_DECODE_ERROR; | ||
| 555 | return 0; | ||
| 556 | } | 544 | } |
| 557 | 545 | ||
| 558 | /* | 546 | /* |
| @@ -862,10 +850,8 @@ tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 862 | return 0; | 850 | return 0; |
| 863 | } | 851 | } |
| 864 | } else { | 852 | } else { |
| 865 | if (s->session->tlsext_hostname != NULL) { | 853 | if (s->session->tlsext_hostname != NULL) |
| 866 | *alert = SSL_AD_DECODE_ERROR; | ||
| 867 | return 0; | 854 | return 0; |
| 868 | } | ||
| 869 | if ((s->session->tlsext_hostname = | 855 | if ((s->session->tlsext_hostname = |
| 870 | strdup(s->tlsext_hostname)) == NULL) { | 856 | strdup(s->tlsext_hostname)) == NULL) { |
| 871 | *alert = SSL_AD_INTERNAL_ERROR; | 857 | *alert = SSL_AD_INTERNAL_ERROR; |
| @@ -1303,7 +1289,6 @@ tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1303 | 1289 | ||
| 1304 | if (!CBS_get_u8_length_prefixed(cbs, &mki) || CBS_len(&mki) != 0) { | 1290 | if (!CBS_get_u8_length_prefixed(cbs, &mki) || CBS_len(&mki) != 0) { |
| 1305 | SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE); | 1291 | SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE); |
| 1306 | *alert = SSL_AD_DECODE_ERROR; | ||
| 1307 | goto done; | 1292 | goto done; |
| 1308 | } | 1293 | } |
| 1309 | 1294 | ||
| @@ -1319,8 +1304,7 @@ tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1319 | if ((srvr = SSL_get_srtp_profiles(s)) == NULL) | 1304 | if ((srvr = SSL_get_srtp_profiles(s)) == NULL) |
| 1320 | goto err; | 1305 | goto err; |
| 1321 | for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) { | 1306 | for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) { |
| 1322 | if ((sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i)) | 1307 | if ((sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i)) == NULL) |
| 1323 | == NULL) | ||
| 1324 | goto err; | 1308 | goto err; |
| 1325 | 1309 | ||
| 1326 | for (j = 0; j < sk_SRTP_PROTECTION_PROFILE_num(clnt); j++) { | 1310 | for (j = 0; j < sk_SRTP_PROTECTION_PROFILE_num(clnt); j++) { |
| @@ -1342,7 +1326,6 @@ tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1342 | 1326 | ||
| 1343 | err: | 1327 | err: |
| 1344 | SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | 1328 | SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); |
| 1345 | *alert = SSL_AD_DECODE_ERROR; | ||
| 1346 | 1329 | ||
| 1347 | done: | 1330 | done: |
| 1348 | sk_SRTP_PROTECTION_PROFILE_free(clnt); | 1331 | sk_SRTP_PROTECTION_PROFILE_free(clnt); |
| @@ -1390,12 +1373,12 @@ tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1390 | 1373 | ||
| 1391 | if (!CBS_get_u16_length_prefixed(cbs, &profile_ids)) { | 1374 | if (!CBS_get_u16_length_prefixed(cbs, &profile_ids)) { |
| 1392 | SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | 1375 | SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); |
| 1393 | goto err; | 1376 | return 0; |
| 1394 | } | 1377 | } |
| 1395 | 1378 | ||
| 1396 | if (!CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) { | 1379 | if (!CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) { |
| 1397 | SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | 1380 | SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); |
| 1398 | goto err; | 1381 | return 0; |
| 1399 | } | 1382 | } |
| 1400 | 1383 | ||
| 1401 | if (!CBS_get_u8_length_prefixed(cbs, &mki) || CBS_len(&mki) != 0) { | 1384 | if (!CBS_get_u8_length_prefixed(cbs, &mki) || CBS_len(&mki) != 0) { |
| @@ -1406,14 +1389,14 @@ tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1406 | 1389 | ||
| 1407 | if ((clnt = SSL_get_srtp_profiles(s)) == NULL) { | 1390 | if ((clnt = SSL_get_srtp_profiles(s)) == NULL) { |
| 1408 | SSLerror(s, SSL_R_NO_SRTP_PROFILES); | 1391 | SSLerror(s, SSL_R_NO_SRTP_PROFILES); |
| 1409 | goto err; | 1392 | return 0; |
| 1410 | } | 1393 | } |
| 1411 | 1394 | ||
| 1412 | for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) { | 1395 | for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) { |
| 1413 | if ((prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i)) | 1396 | if ((prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i)) |
| 1414 | == NULL) { | 1397 | == NULL) { |
| 1415 | SSLerror(s, SSL_R_NO_SRTP_PROFILES); | 1398 | SSLerror(s, SSL_R_NO_SRTP_PROFILES); |
| 1416 | goto err; | 1399 | return 0; |
| 1417 | } | 1400 | } |
| 1418 | 1401 | ||
| 1419 | if (prof->id == id) { | 1402 | if (prof->id == id) { |
| @@ -1423,8 +1406,7 @@ tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1423 | } | 1406 | } |
| 1424 | 1407 | ||
| 1425 | SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | 1408 | SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); |
| 1426 | err: | 1409 | |
| 1427 | *alert = SSL_AD_DECODE_ERROR; | ||
| 1428 | return 0; | 1410 | return 0; |
| 1429 | } | 1411 | } |
| 1430 | 1412 | ||
| @@ -1635,11 +1617,11 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1635 | min = s->s3->hs.our_min_tls_version; | 1617 | min = s->s3->hs.our_min_tls_version; |
| 1636 | 1618 | ||
| 1637 | if (!CBS_get_u8_length_prefixed(cbs, &versions)) | 1619 | if (!CBS_get_u8_length_prefixed(cbs, &versions)) |
| 1638 | goto err; | 1620 | return 0; |
| 1639 | 1621 | ||
| 1640 | while (CBS_len(&versions) > 0) { | 1622 | while (CBS_len(&versions) > 0) { |
| 1641 | if (!CBS_get_u16(&versions, &version)) | 1623 | if (!CBS_get_u16(&versions, &version)) |
| 1642 | goto err; | 1624 | return 0; |
| 1643 | /* | 1625 | /* |
| 1644 | * XXX What is below implements client preference, and | 1626 | * XXX What is below implements client preference, and |
| 1645 | * ignores any server preference entirely. | 1627 | * ignores any server preference entirely. |
| @@ -1656,10 +1638,6 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1656 | 1638 | ||
| 1657 | *alert = SSL_AD_PROTOCOL_VERSION; | 1639 | *alert = SSL_AD_PROTOCOL_VERSION; |
| 1658 | return 0; | 1640 | return 0; |
| 1659 | |||
| 1660 | err: | ||
| 1661 | *alert = SSL_AD_DECODE_ERROR; | ||
| 1662 | return 0; | ||
| 1663 | } | 1641 | } |
| 1664 | 1642 | ||
| 1665 | int | 1643 | int |
| @@ -1679,10 +1657,8 @@ tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1679 | { | 1657 | { |
| 1680 | uint16_t selected_version; | 1658 | uint16_t selected_version; |
| 1681 | 1659 | ||
| 1682 | if (!CBS_get_u16(cbs, &selected_version)) { | 1660 | if (!CBS_get_u16(cbs, &selected_version)) |
| 1683 | *alert = SSL_AD_DECODE_ERROR; | ||
| 1684 | return 0; | 1661 | return 0; |
| 1685 | } | ||
| 1686 | 1662 | ||
| 1687 | /* XXX - need to fix for DTLS 1.3 */ | 1663 | /* XXX - need to fix for DTLS 1.3 */ |
| 1688 | if (selected_version < TLS1_3_VERSION) { | 1664 | if (selected_version < TLS1_3_VERSION) { |
| @@ -1732,10 +1708,10 @@ tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1732 | CBS cookie; | 1708 | CBS cookie; |
| 1733 | 1709 | ||
| 1734 | if (!CBS_get_u16_length_prefixed(cbs, &cookie)) | 1710 | if (!CBS_get_u16_length_prefixed(cbs, &cookie)) |
| 1735 | goto err; | 1711 | return 0; |
| 1736 | 1712 | ||
| 1737 | if (CBS_len(&cookie) != s->s3->hs.tls13.cookie_len) | 1713 | if (CBS_len(&cookie) != s->s3->hs.tls13.cookie_len) |
| 1738 | goto err; | 1714 | return 0; |
| 1739 | 1715 | ||
| 1740 | /* | 1716 | /* |
| 1741 | * Check provided cookie value against what server previously | 1717 | * Check provided cookie value against what server previously |
| @@ -1750,10 +1726,6 @@ tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1750 | } | 1726 | } |
| 1751 | 1727 | ||
| 1752 | return 1; | 1728 | return 1; |
| 1753 | |||
| 1754 | err: | ||
| 1755 | *alert = SSL_AD_DECODE_ERROR; | ||
| 1756 | return 0; | ||
| 1757 | } | 1729 | } |
| 1758 | 1730 | ||
| 1759 | int | 1731 | int |
| @@ -1804,17 +1776,13 @@ tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1804 | } | 1776 | } |
| 1805 | 1777 | ||
| 1806 | if (!CBS_get_u16_length_prefixed(cbs, &cookie)) | 1778 | if (!CBS_get_u16_length_prefixed(cbs, &cookie)) |
| 1807 | goto err; | 1779 | return 0; |
| 1808 | 1780 | ||
| 1809 | if (!CBS_stow(&cookie, &s->s3->hs.tls13.cookie, | 1781 | if (!CBS_stow(&cookie, &s->s3->hs.tls13.cookie, |
| 1810 | &s->s3->hs.tls13.cookie_len)) | 1782 | &s->s3->hs.tls13.cookie_len)) |
| 1811 | goto err; | 1783 | return 0; |
| 1812 | 1784 | ||
| 1813 | return 1; | 1785 | return 1; |
| 1814 | |||
| 1815 | err: | ||
| 1816 | *alert = SSL_AD_DECODE_ERROR; | ||
| 1817 | return 0; | ||
| 1818 | } | 1786 | } |
| 1819 | 1787 | ||
| 1820 | /* | 1788 | /* |