summaryrefslogtreecommitdiff
path: root/src/lib/libssl/t1_lib.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/t1_lib.c58
1 files changed, 28 insertions, 30 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index ce827caae7..409da9b4bd 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.62 2014/10/05 14:53:06 jsing Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.63 2014/10/05 14:56:32 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -713,61 +713,60 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
713 } 713 }
714 714
715 if (using_ecc) { 715 if (using_ecc) {
716 const unsigned char *curves, *formats;
717 size_t curveslen, formatslen, lenmax;
718
716 /* 719 /*
717 * Add TLS extension ECPointFormats to the ClientHello message. 720 * Add TLS extension ECPointFormats to the ClientHello message.
718 */ 721 */
719 const unsigned char *plist; 722 tls1_get_formatlist(s, 0, &formats, &formatslen);
720 size_t plistlen;
721 size_t lenmax;
722
723 tls1_get_formatlist(s, 0, &plist, &plistlen);
724 723
725 if ((size_t)(limit - ret) < 5) 724 if ((size_t)(limit - ret) < 5)
726 return NULL; 725 return NULL;
727 726
728 lenmax = limit - ret - 5; 727 lenmax = limit - ret - 5;
729 if (plistlen > lenmax) 728 if (formatslen > lenmax)
730 return NULL; 729 return NULL;
731 if (plistlen > 255) { 730 if (formatslen > 255) {
732 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, 731 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
733 ERR_R_INTERNAL_ERROR); 732 ERR_R_INTERNAL_ERROR);
734 return NULL; 733 return NULL;
735 } 734 }
736 735
737 s2n(TLSEXT_TYPE_ec_point_formats, ret); 736 s2n(TLSEXT_TYPE_ec_point_formats, ret);
738 s2n(plistlen + 1, ret); 737 s2n(formatslen + 1, ret);
739 *(ret++) = (unsigned char)plistlen; 738 *(ret++) = (unsigned char)formatslen;
740 memcpy(ret, plist, plistlen); 739 memcpy(ret, formats, formatslen);
741 ret += plistlen; 740 ret += formatslen;
742 741
743 /* 742 /*
744 * Add TLS extension EllipticCurves to the ClientHello message. 743 * Add TLS extension EllipticCurves to the ClientHello message.
745 */ 744 */
746 tls1_get_curvelist(s, 0, &plist, &plistlen); 745 tls1_get_curvelist(s, 0, &curves, &curveslen);
747 746
748 if ((size_t)(limit - ret) < 6) 747 if ((size_t)(limit - ret) < 6)
749 return NULL; 748 return NULL;
750 749
751 lenmax = limit - ret - 6; 750 lenmax = limit - ret - 6;
752 if (plistlen > lenmax) 751 if (curveslen > lenmax)
753 return NULL; 752 return NULL;
754 if (plistlen > 65532) { 753 if (curveslen > 65532) {
755 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, 754 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
756 ERR_R_INTERNAL_ERROR); 755 ERR_R_INTERNAL_ERROR);
757 return NULL; 756 return NULL;
758 } 757 }
759 758
760 s2n(TLSEXT_TYPE_elliptic_curves, ret); 759 s2n(TLSEXT_TYPE_elliptic_curves, ret);
761 s2n(plistlen + 2, ret); 760 s2n(curveslen + 2, ret);
762 761
763 /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for 762 /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
764 * elliptic_curve_list, but the examples use two bytes. 763 * elliptic_curve_list, but the examples use two bytes.
765 * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html 764 * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
766 * resolves this to two bytes. 765 * resolves this to two bytes.
767 */ 766 */
768 s2n(plistlen, ret); 767 s2n(curveslen, ret);
769 memcpy(ret, plist, plistlen); 768 memcpy(ret, curves, curveslen);
770 ret += plistlen; 769 ret += curveslen;
771 } 770 }
772 771
773 if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) { 772 if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
@@ -990,32 +989,31 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
990 } 989 }
991 990
992 if (using_ecc && s->version != DTLS1_VERSION) { 991 if (using_ecc && s->version != DTLS1_VERSION) {
992 const unsigned char *formats;
993 size_t formatslen, lenmax;
994
993 /* 995 /*
994 * Add TLS extension ECPointFormats to the ServerHello message. 996 * Add TLS extension ECPointFormats to the ServerHello message.
995 */ 997 */
996 const unsigned char *plist; 998 tls1_get_formatlist(s, 0, &formats, &formatslen);
997 size_t plistlen;
998 size_t lenmax;
999
1000 tls1_get_formatlist(s, 0, &plist, &plistlen);
1001 999
1002 if ((size_t)(limit - ret) < 5) 1000 if ((size_t)(limit - ret) < 5)
1003 return NULL; 1001 return NULL;
1004 1002
1005 lenmax = limit - ret - 5; 1003 lenmax = limit - ret - 5;
1006 if (plistlen > lenmax) 1004 if (formatslen > lenmax)
1007 return NULL; 1005 return NULL;
1008 if (plistlen > 255) { 1006 if (formatslen > 255) {
1009 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, 1007 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT,
1010 ERR_R_INTERNAL_ERROR); 1008 ERR_R_INTERNAL_ERROR);
1011 return NULL; 1009 return NULL;
1012 } 1010 }
1013 1011
1014 s2n(TLSEXT_TYPE_ec_point_formats, ret); 1012 s2n(TLSEXT_TYPE_ec_point_formats, ret);
1015 s2n(plistlen + 1, ret); 1013 s2n(formatslen + 1, ret);
1016 *(ret++) = (unsigned char)plistlen; 1014 *(ret++) = (unsigned char)formatslen;
1017 memcpy(ret, plist, plistlen); 1015 memcpy(ret, formats, formatslen);
1018 ret += plistlen; 1016 ret += formatslen;
1019 } 1017 }
1020 1018
1021 /* 1019 /*
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-01 15:42:12 +0000