summaryrefslogtreecommitdiff
path: root/src/lib/libssl/t1_reneg.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/t1_reneg.c')
-rw-r--r--src/lib/libssl/t1_reneg.c35
1 files changed, 12 insertions, 23 deletions
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
index ea432554b0..596b96edd3 100644
--- a/src/lib/libssl/t1_reneg.c
+++ b/src/lib/libssl/t1_reneg.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_reneg.c,v 1.13 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: t1_reneg.c,v 1.14 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -123,8 +123,7 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
123{ 123{
124 if (p) { 124 if (p) {
125 if ((S3I(s)->previous_client_finished_len + 1) > maxlen) { 125 if ((S3I(s)->previous_client_finished_len + 1) > maxlen) {
126 SSLerror( 126 SSLerror(SSL_R_RENEGOTIATE_EXT_TOO_LONG);
127 SSL_R_RENEGOTIATE_EXT_TOO_LONG);
128 return 0; 127 return 0;
129 } 128 }
130 129
@@ -151,8 +150,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len,
151 CBS cbs, reneg; 150 CBS cbs, reneg;
152 151
153 if (len < 0) { 152 if (len < 0) {
154 SSLerror( 153 SSLerror(SSL_R_RENEGOTIATION_ENCODING_ERR);
155 SSL_R_RENEGOTIATION_ENCODING_ERR);
156 *al = SSL_AD_ILLEGAL_PARAMETER; 154 *al = SSL_AD_ILLEGAL_PARAMETER;
157 return 0; 155 return 0;
158 } 156 }
@@ -161,24 +159,21 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len,
161 if (!CBS_get_u8_length_prefixed(&cbs, &reneg) || 159 if (!CBS_get_u8_length_prefixed(&cbs, &reneg) ||
162 /* Consistency check */ 160 /* Consistency check */
163 CBS_len(&cbs) != 0) { 161 CBS_len(&cbs) != 0) {
164 SSLerror( 162 SSLerror(SSL_R_RENEGOTIATION_ENCODING_ERR);
165 SSL_R_RENEGOTIATION_ENCODING_ERR);
166 *al = SSL_AD_ILLEGAL_PARAMETER; 163 *al = SSL_AD_ILLEGAL_PARAMETER;
167 return 0; 164 return 0;
168 } 165 }
169 166
170 /* Check that the extension matches */ 167 /* Check that the extension matches */
171 if (CBS_len(&reneg) != S3I(s)->previous_client_finished_len) { 168 if (CBS_len(&reneg) != S3I(s)->previous_client_finished_len) {
172 SSLerror( 169 SSLerror(SSL_R_RENEGOTIATION_MISMATCH);
173 SSL_R_RENEGOTIATION_MISMATCH);
174 *al = SSL_AD_HANDSHAKE_FAILURE; 170 *al = SSL_AD_HANDSHAKE_FAILURE;
175 return 0; 171 return 0;
176 } 172 }
177 173
178 if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished, 174 if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished,
179 S3I(s)->previous_client_finished_len)) { 175 S3I(s)->previous_client_finished_len)) {
180 SSLerror( 176 SSLerror(SSL_R_RENEGOTIATION_MISMATCH);
181 SSL_R_RENEGOTIATION_MISMATCH);
182 *al = SSL_AD_HANDSHAKE_FAILURE; 177 *al = SSL_AD_HANDSHAKE_FAILURE;
183 return 0; 178 return 0;
184 } 179 }
@@ -196,8 +191,7 @@ ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
196 if (p) { 191 if (p) {
197 if ((S3I(s)->previous_client_finished_len + 192 if ((S3I(s)->previous_client_finished_len +
198 S3I(s)->previous_server_finished_len + 1) > maxlen) { 193 S3I(s)->previous_server_finished_len + 1) > maxlen) {
199 SSLerror( 194 SSLerror(SSL_R_RENEGOTIATE_EXT_TOO_LONG);
200 SSL_R_RENEGOTIATE_EXT_TOO_LONG);
201 return 0; 195 return 0;
202 } 196 }
203 197
@@ -235,8 +229,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i
235 OPENSSL_assert(!expected_len || S3I(s)->previous_server_finished_len); 229 OPENSSL_assert(!expected_len || S3I(s)->previous_server_finished_len);
236 230
237 if (len < 0) { 231 if (len < 0) {
238 SSLerror( 232 SSLerror(SSL_R_RENEGOTIATION_ENCODING_ERR);
239 SSL_R_RENEGOTIATION_ENCODING_ERR);
240 *al = SSL_AD_ILLEGAL_PARAMETER; 233 *al = SSL_AD_ILLEGAL_PARAMETER;
241 return 0; 234 return 0;
242 } 235 }
@@ -246,8 +239,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i
246 if (!CBS_get_u8_length_prefixed(&cbs, &reneg) || 239 if (!CBS_get_u8_length_prefixed(&cbs, &reneg) ||
247 /* Consistency check */ 240 /* Consistency check */
248 CBS_len(&cbs) != 0) { 241 CBS_len(&cbs) != 0) {
249 SSLerror( 242 SSLerror(SSL_R_RENEGOTIATION_ENCODING_ERR);
250 SSL_R_RENEGOTIATION_ENCODING_ERR);
251 *al = SSL_AD_ILLEGAL_PARAMETER; 243 *al = SSL_AD_ILLEGAL_PARAMETER;
252 return 0; 244 return 0;
253 } 245 }
@@ -259,23 +251,20 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i
259 !CBS_get_bytes(&reneg, &previous_server, 251 !CBS_get_bytes(&reneg, &previous_server,
260 S3I(s)->previous_server_finished_len) || 252 S3I(s)->previous_server_finished_len) ||
261 CBS_len(&reneg) != 0) { 253 CBS_len(&reneg) != 0) {
262 SSLerror( 254 SSLerror(SSL_R_RENEGOTIATION_MISMATCH);
263 SSL_R_RENEGOTIATION_MISMATCH);
264 *al = SSL_AD_HANDSHAKE_FAILURE; 255 *al = SSL_AD_HANDSHAKE_FAILURE;
265 return 0; 256 return 0;
266 } 257 }
267 258
268 if (!CBS_mem_equal(&previous_client, S3I(s)->previous_client_finished, 259 if (!CBS_mem_equal(&previous_client, S3I(s)->previous_client_finished,
269 CBS_len(&previous_client))) { 260 CBS_len(&previous_client))) {
270 SSLerror( 261 SSLerror(SSL_R_RENEGOTIATION_MISMATCH);
271 SSL_R_RENEGOTIATION_MISMATCH);
272 *al = SSL_AD_HANDSHAKE_FAILURE; 262 *al = SSL_AD_HANDSHAKE_FAILURE;
273 return 0; 263 return 0;
274 } 264 }
275 if (!CBS_mem_equal(&previous_server, S3I(s)->previous_server_finished, 265 if (!CBS_mem_equal(&previous_server, S3I(s)->previous_server_finished,
276 CBS_len(&previous_server))) { 266 CBS_len(&previous_server))) {
277 SSLerror( 267 SSLerror(SSL_R_RENEGOTIATION_MISMATCH);
278 SSL_R_RENEGOTIATION_MISMATCH);
279 *al = SSL_AD_ILLEGAL_PARAMETER; 268 *al = SSL_AD_ILLEGAL_PARAMETER;
280 return 0; 269 return 0;
281 } 270 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 03:11:19 +0000