diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 43 |
1 files changed, 9 insertions, 34 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index a9f10166fe..0d03b45a97 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.136 2017/08/27 02:58:04 doug Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.137 2017/08/30 16:44:37 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -664,16 +664,13 @@ tls12_get_req_sig_algs(SSL *s, unsigned char **sigalgs, size_t *sigalgs_len) | |||
| 664 | unsigned char * | 664 | unsigned char * |
| 665 | ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | 665 | ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) |
| 666 | { | 666 | { |
| 667 | int extdatalen = 0; | ||
| 668 | unsigned char *ret = p; | ||
| 669 | size_t len; | 667 | size_t len; |
| 670 | CBB cbb; | 668 | CBB cbb; |
| 671 | 669 | ||
| 672 | ret += 2; | 670 | if (p >= limit) |
| 673 | if (ret >= limit) | 671 | return NULL; |
| 674 | return NULL; /* this really never occurs, but ... */ | ||
| 675 | 672 | ||
| 676 | if (!CBB_init_fixed(&cbb, ret, limit - ret)) | 673 | if (!CBB_init_fixed(&cbb, p, limit - p)) |
| 677 | return NULL; | 674 | return NULL; |
| 678 | if (!tlsext_clienthello_build(s, &cbb)) { | 675 | if (!tlsext_clienthello_build(s, &cbb)) { |
| 679 | CBB_cleanup(&cbb); | 676 | CBB_cleanup(&cbb); |
| @@ -683,30 +680,20 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 683 | CBB_cleanup(&cbb); | 680 | CBB_cleanup(&cbb); |
| 684 | return NULL; | 681 | return NULL; |
| 685 | } | 682 | } |
| 686 | if (len > (limit - ret)) | ||
| 687 | return NULL; | ||
| 688 | ret += len; | ||
| 689 | |||
| 690 | if ((extdatalen = ret - p - 2) == 0) | ||
| 691 | return p; | ||
| 692 | 683 | ||
| 693 | s2n(extdatalen, p); | 684 | return (p + len); |
| 694 | return ret; | ||
| 695 | } | 685 | } |
| 696 | 686 | ||
| 697 | unsigned char * | 687 | unsigned char * |
| 698 | ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | 688 | ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) |
| 699 | { | 689 | { |
| 700 | int extdatalen = 0; | ||
| 701 | unsigned char *ret = p; | ||
| 702 | size_t len; | 690 | size_t len; |
| 703 | CBB cbb; | 691 | CBB cbb; |
| 704 | 692 | ||
| 705 | ret += 2; | 693 | if (p >= limit) |
| 706 | if (ret >= limit) | 694 | return NULL; |
| 707 | return NULL; /* this really never occurs, but ... */ | ||
| 708 | 695 | ||
| 709 | if (!CBB_init_fixed(&cbb, ret, limit - ret)) | 696 | if (!CBB_init_fixed(&cbb, p, limit - p)) |
| 710 | return NULL; | 697 | return NULL; |
| 711 | if (!tlsext_serverhello_build(s, &cbb)) { | 698 | if (!tlsext_serverhello_build(s, &cbb)) { |
| 712 | CBB_cleanup(&cbb); | 699 | CBB_cleanup(&cbb); |
| @@ -716,20 +703,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 716 | CBB_cleanup(&cbb); | 703 | CBB_cleanup(&cbb); |
| 717 | return NULL; | 704 | return NULL; |
| 718 | } | 705 | } |
| 719 | if (len > (limit - ret)) | ||
| 720 | return NULL; | ||
| 721 | ret += len; | ||
| 722 | |||
| 723 | /* | ||
| 724 | * Currently the server should not respond with a SupportedCurves | ||
| 725 | * extension. | ||
| 726 | */ | ||
| 727 | |||
| 728 | if ((extdatalen = ret - p - 2) == 0) | ||
| 729 | return p; | ||
| 730 | 706 | ||
| 731 | s2n(extdatalen, p); | 707 | return (p + len); |
| 732 | return ret; | ||
| 733 | } | 708 | } |
| 734 | 709 | ||
| 735 | int | 710 | int |