1 files changed, 134 insertions, 144 deletions
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
index 9c2cc3c712..86e0e61ffb 100644
--- a/src/lib/libssl/t1_reneg.c
+++ b/src/lib/libssl/t1_reneg.c
@@ -113,180 +113,170 @@
 #include "ssl_locl.h"
 /* Add the client's renegotiation binding */
-int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+int
-                                        int maxlen)
+ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-    {
+    int maxlen)
-    if(p)
+{
-        {
+        if (p) {
-        if((s->s3->previous_client_finished_len+1) > maxlen)
+                if ((s->s3->previous_client_finished_len + 1) > maxlen) {
-            {
+                        SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATE_EXT_TOO_LONG);
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
+                        return 0;
-            return 0;
+                }
-            }
-            
-        /* Length byte */
-        *p = s->s3->previous_client_finished_len;
-        p++;
-        memcpy(p, s->s3->previous_client_finished,
+                /* Length byte */
-               s->s3->previous_client_finished_len);
+                *p = s->s3->previous_client_finished_len;
+                p++;
+                memcpy(p, s->s3->previous_client_finished,
+                s->s3->previous_client_finished_len);
 #ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "%s RI extension sent by client\n",
+                fprintf(stderr, "%s RI extension sent by client\n",
                s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
 #endif
-        }
+        }
-    
-    *len=s->s3->previous_client_finished_len + 1;
+        *len = s->s3->previous_client_finished_len + 1;
- 
+        return 1;
-    return 1;
+}
-    }
 /* Parse the client's renegotiation binding and abort if it's not
   right */
-int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+int
-                                          int *al)
+ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
-    {
+    int *al)
-    int ilen;
+{
+        int ilen;
+        /* Parse the length byte */
+        if (len < 1) {
+                SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR);
+                *al = SSL_AD_ILLEGAL_PARAMETER;
+                return 0;
+        }
+        ilen = *d;
+        d++;
-    /* Parse the length byte */
+        /* Consistency check */
-    if(len < 1)
+        if ((ilen + 1) != len) {
-        {
+                SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR);
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
+                *al = SSL_AD_ILLEGAL_PARAMETER;
-        *al=SSL_AD_ILLEGAL_PARAMETER;
+                return 0;
-        return 0;
+        }
-        }
-    ilen = *d;
-    d++;
-    /* Consistency check */
+        /* Check that the extension matches */
-    if((ilen+1) != len)
+        if (ilen != s->s3->previous_client_finished_len) {
-        {
+                SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH);
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
+                *al = SSL_AD_HANDSHAKE_FAILURE;
-        *al=SSL_AD_ILLEGAL_PARAMETER;
+                return 0;
-        return 0;
+        }
-        }
-    /* Check that the extension matches */
+        if (memcmp(d, s->s3->previous_client_finished,
-    if(ilen != s->s3->previous_client_finished_len)
+                s->s3->previous_client_finished_len)) {
-        {
+                SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH);
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
+                *al = SSL_AD_HANDSHAKE_FAILURE;
-        *al=SSL_AD_HANDSHAKE_FAILURE;
+                return 0;
-        return 0;
+        }
-        }
-    
-    if(memcmp(d, s->s3->previous_client_finished,
-              s->s3->previous_client_finished_len))
-        {
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
-        *al=SSL_AD_HANDSHAKE_FAILURE;
-        return 0;
-        }
 #ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "%s RI extension received by server\n",
+        fprintf(stderr, "%s RI extension received by server\n",
-                                ilen ? "Non-empty" : "Empty");
+        ilen ? "Non-empty" : "Empty");
 #endif
-    s->s3->send_connection_binding=1;
+        s->s3->send_connection_binding = 1;
-    return 1;
+        return 1;
-    }
+}
 /* Add the server's renegotiation binding */
-int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+int
-                                        int maxlen)
+ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-    {
+    int maxlen)
-    if(p)
+{
-        {
+        if (p) {
-        if((s->s3->previous_client_finished_len +
+                if ((s->s3->previous_client_finished_len +
-            s->s3->previous_server_finished_len + 1) > maxlen)
+                        s->s3->previous_server_finished_len + 1) > maxlen) {
-            {
+                        SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATE_EXT_TOO_LONG);
-            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
+                        return 0;
-            return 0;
+                }
-            }
-        
-        /* Length byte */
-        *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len;
-        p++;
-        memcpy(p, s->s3->previous_client_finished,
+                /* Length byte */
-               s->s3->previous_client_finished_len);
+                *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len;
-        p += s->s3->previous_client_finished_len;
+                p++;
-        memcpy(p, s->s3->previous_server_finished,
+                memcpy(p, s->s3->previous_client_finished,
-               s->s3->previous_server_finished_len);
+                s->s3->previous_client_finished_len);
+                p += s->s3->previous_client_finished_len;
+                memcpy(p, s->s3->previous_server_finished,
+                s->s3->previous_server_finished_len);
 #ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "%s RI extension sent by server\n",
+                fprintf(stderr, "%s RI extension sent by server\n",
-                s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
+                s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
 #endif
-        }
+        }
-    
-    *len=s->s3->previous_client_finished_len
+        *len = s->s3->previous_client_finished_len
        + s->s3->previous_server_finished_len + 1;
-    
-    return 1;
+        return 1;
-    }
+}
 /* Parse the server's renegotiation binding and abort if it's not
   right */
-int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+int
-                                          int *al)
+ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
-    {
+    int *al)
-    int expected_len=s->s3->previous_client_finished_len
+{
+        int expected_len = s->s3->previous_client_finished_len
        + s->s3->previous_server_finished_len;
-    int ilen;
+        int ilen;
+        /* Check for logic errors */
+        OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
+        OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
+        /* Parse the length byte */
+        if (len < 1) {
+                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR);
+                *al = SSL_AD_ILLEGAL_PARAMETER;
+                return 0;
+        }
+        ilen = *d;
+        d++;
-    /* Check for logic errors */
+        /* Consistency check */
-    OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
+        if (ilen + 1 != len) {
-    OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
+                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR);
-    
+                *al = SSL_AD_ILLEGAL_PARAMETER;
-    /* Parse the length byte */
+                return 0;
-    if(len < 1)
+        }
-        {
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
-        *al=SSL_AD_ILLEGAL_PARAMETER;
-        return 0;
-        }
-    ilen = *d;
-    d++;
-    /* Consistency check */
+        /* Check that the extension matches */
-    if(ilen+1 != len)
+        if (ilen != expected_len) {
-        {
+                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH);
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
+                *al = SSL_AD_HANDSHAKE_FAILURE;
-        *al=SSL_AD_ILLEGAL_PARAMETER;
+                return 0;
-        return 0;
+        }
-        }
-    
-    /* Check that the extension matches */
-    if(ilen != expected_len)
-        {
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
-        *al=SSL_AD_HANDSHAKE_FAILURE;
-        return 0;
-        }
-    if(memcmp(d, s->s3->previous_client_finished,
+        if (memcmp(d, s->s3->previous_client_finished,
-              s->s3->previous_client_finished_len))
+                s->s3->previous_client_finished_len)) {
-        {
+                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH);
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
+                *al = SSL_AD_HANDSHAKE_FAILURE;
-        *al=SSL_AD_HANDSHAKE_FAILURE;
+                return 0;
-        return 0;
+        }
-        }
+        d += s->s3->previous_client_finished_len;
-    d += s->s3->previous_client_finished_len;
-    if(memcmp(d, s->s3->previous_server_finished,
+        if (memcmp(d, s->s3->previous_server_finished,
-              s->s3->previous_server_finished_len))
+                s->s3->previous_server_finished_len)) {
-        {
+                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH);
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
+                *al = SSL_AD_ILLEGAL_PARAMETER;
-        *al=SSL_AD_ILLEGAL_PARAMETER;
+                return 0;
-        return 0;
+        }
-        }
 #ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "%s RI extension received by client\n",
+        fprintf(stderr, "%s RI extension received by client\n",
-                                ilen ? "Non-empty" : "Empty");
+            ilen ? "Non-empty" : "Empty");
 #endif
-    s->s3->send_connection_binding=1;
+        s->s3->send_connection_binding = 1;
-    return 1;
+        return 1;
-    }
+}

diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c index 9c2cc3c712..86e0e61ffb 100644 --- a/src/lib/libssl/t1_reneg.c +++ b/src/lib/libssl/t1_reneg.c
@@ -113,180 +113,170 @@
113	#include "ssl_locl.h"	113	#include "ssl_locl.h"
114		114
115	/* Add the client's renegotiation binding */	115	/* Add the client's renegotiation binding */
116	int ssl_add_clienthello_renegotiate_ext(SSL s, unsigned char p, int *len,	116	int
117	int maxlen)	117	ssl_add_clienthello_renegotiate_ext(SSL s, unsigned char p, int *len,
118	{	118	int maxlen)
119	if(p)	119	{
120	{	120	if (p) {
121	if((s->s3->previous_client_finished_len+1) > maxlen)	121	if ((s->s3->previous_client_finished_len + 1) > maxlen) {
122	{	122	SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATE_EXT_TOO_LONG);
123	SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);	123	return 0;
124	return 0;	124	}
125	}
126
127	/* Length byte */
128	*p = s->s3->previous_client_finished_len;
129	p++;
130		125
131	memcpy(p, s->s3->previous_client_finished,	126	/* Length byte */
132	s->s3->previous_client_finished_len);	127	*p = s->s3->previous_client_finished_len;
		128	p++;
		129
		130	memcpy(p, s->s3->previous_client_finished,
		131	s->s3->previous_client_finished_len);
133	#ifdef OPENSSL_RI_DEBUG	132	#ifdef OPENSSL_RI_DEBUG
134	fprintf(stderr, "%s RI extension sent by client\n",	133	fprintf(stderr, "%s RI extension sent by client\n",
135	s->s3->previous_client_finished_len ? "Non-empty" : "Empty");	134	s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
136	#endif	135	#endif
137	}	136	}
138		137
139	*len=s->s3->previous_client_finished_len + 1;	138	*len = s->s3->previous_client_finished_len + 1;
140		139
141		140	return 1;
142	return 1;	141	}
143	}
144		142
145	/* Parse the client's renegotiation binding and abort if it's not	143	/* Parse the client's renegotiation binding and abort if it's not
146	right */	144	right */
147	int ssl_parse_clienthello_renegotiate_ext(SSL s, unsigned char d, int len,	145	int
148	int *al)	146	ssl_parse_clienthello_renegotiate_ext(SSL s, unsigned char d, int len,
149	{	147	int *al)
150	int ilen;	148	{
		149	int ilen;
		150
		151	/* Parse the length byte */
		152	if (len < 1) {
		153	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR);
		154	*al = SSL_AD_ILLEGAL_PARAMETER;
		155	return 0;
		156	}
		157	ilen = *d;
		158	d++;
151		159
152	/* Parse the length byte */	160	/* Consistency check */
153	if(len < 1)	161	if ((ilen + 1) != len) {
154	{	162	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR);
155	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);	163	*al = SSL_AD_ILLEGAL_PARAMETER;
156	*al=SSL_AD_ILLEGAL_PARAMETER;	164	return 0;
157	return 0;	165	}
158	}
159	ilen = *d;
160	d++;
161		166
162	/* Consistency check */	167	/* Check that the extension matches */
163	if((ilen+1) != len)	168	if (ilen != s->s3->previous_client_finished_len) {
164	{	169	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH);
165	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);	170	*al = SSL_AD_HANDSHAKE_FAILURE;
166	*al=SSL_AD_ILLEGAL_PARAMETER;	171	return 0;
167	return 0;	172	}
168	}
169		173
170	/* Check that the extension matches */	174	if (memcmp(d, s->s3->previous_client_finished,
171	if(ilen != s->s3->previous_client_finished_len)	175	s->s3->previous_client_finished_len)) {
172	{	176	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH);
173	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);	177	*al = SSL_AD_HANDSHAKE_FAILURE;
174	*al=SSL_AD_HANDSHAKE_FAILURE;	178	return 0;
175	return 0;	179	}
176	}
177
178	if(memcmp(d, s->s3->previous_client_finished,
179	s->s3->previous_client_finished_len))
180	{
181	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
182	*al=SSL_AD_HANDSHAKE_FAILURE;
183	return 0;
184	}
185	#ifdef OPENSSL_RI_DEBUG	180	#ifdef OPENSSL_RI_DEBUG
186	fprintf(stderr, "%s RI extension received by server\n",	181	fprintf(stderr, "%s RI extension received by server\n",
187	ilen ? "Non-empty" : "Empty");	182	ilen ? "Non-empty" : "Empty");
188	#endif	183	#endif
189		184
190	s->s3->send_connection_binding=1;	185	s->s3->send_connection_binding = 1;
191		186
192	return 1;	187	return 1;
193	}	188	}
194		189
195	/* Add the server's renegotiation binding */	190	/* Add the server's renegotiation binding */
196	int ssl_add_serverhello_renegotiate_ext(SSL s, unsigned char p, int *len,	191	int
197	int maxlen)	192	ssl_add_serverhello_renegotiate_ext(SSL s, unsigned char p, int *len,
198	{	193	int maxlen)
199	if(p)	194	{
200	{	195	if (p) {
201	if((s->s3->previous_client_finished_len +	196	if ((s->s3->previous_client_finished_len +
202	s->s3->previous_server_finished_len + 1) > maxlen)	197	s->s3->previous_server_finished_len + 1) > maxlen) {
203	{	198	SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATE_EXT_TOO_LONG);
204	SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);	199	return 0;
205	return 0;	200	}
206	}
207
208	/* Length byte */
209	*p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len;
210	p++;
211		201
212	memcpy(p, s->s3->previous_client_finished,	202	/* Length byte */
213	s->s3->previous_client_finished_len);	203	*p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len;
214	p += s->s3->previous_client_finished_len;	204	p++;
215		205
216	memcpy(p, s->s3->previous_server_finished,	206	memcpy(p, s->s3->previous_client_finished,
217	s->s3->previous_server_finished_len);	207	s->s3->previous_client_finished_len);
		208	p += s->s3->previous_client_finished_len;
		209
		210	memcpy(p, s->s3->previous_server_finished,
		211	s->s3->previous_server_finished_len);
218	#ifdef OPENSSL_RI_DEBUG	212	#ifdef OPENSSL_RI_DEBUG
219	fprintf(stderr, "%s RI extension sent by server\n",	213	fprintf(stderr, "%s RI extension sent by server\n",
220	s->s3->previous_client_finished_len ? "Non-empty" : "Empty");	214	s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
221	#endif	215	#endif
222	}	216	}
223		217
224	*len=s->s3->previous_client_finished_len	218	*len = s->s3->previous_client_finished_len
225	+ s->s3->previous_server_finished_len + 1;	219	+ s->s3->previous_server_finished_len + 1;
226		220
227	return 1;	221	return 1;
228	}	222	}
229		223
230	/* Parse the server's renegotiation binding and abort if it's not	224	/* Parse the server's renegotiation binding and abort if it's not
231	right */	225	right */
232	int ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d, int len,	226	int
233	int *al)	227	ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d, int len,
234	{	228	int *al)
235	int expected_len=s->s3->previous_client_finished_len	229	{
		230	int expected_len = s->s3->previous_client_finished_len
236	+ s->s3->previous_server_finished_len;	231	+ s->s3->previous_server_finished_len;
237	int ilen;	232	int ilen;
		233
		234	/* Check for logic errors */
		235	OPENSSL_assert(!expected_len \|\| s->s3->previous_client_finished_len);
		236	OPENSSL_assert(!expected_len \|\| s->s3->previous_server_finished_len);
		237
		238	/* Parse the length byte */
		239	if (len < 1) {
		240	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR);
		241	*al = SSL_AD_ILLEGAL_PARAMETER;
		242	return 0;
		243	}
		244	ilen = *d;
		245	d++;
238		246
239	/* Check for logic errors */	247	/* Consistency check */
240	OPENSSL_assert(!expected_len \|\| s->s3->previous_client_finished_len);	248	if (ilen + 1 != len) {
241	OPENSSL_assert(!expected_len \|\| s->s3->previous_server_finished_len);	249	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR);
242		250	*al = SSL_AD_ILLEGAL_PARAMETER;
243	/* Parse the length byte */	251	return 0;
244	if(len < 1)	252	}
245	{
246	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
247	*al=SSL_AD_ILLEGAL_PARAMETER;
248	return 0;
249	}
250	ilen = *d;
251	d++;
252		253
253	/* Consistency check */	254	/* Check that the extension matches */
254	if(ilen+1 != len)	255	if (ilen != expected_len) {
255	{	256	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH);
256	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);	257	*al = SSL_AD_HANDSHAKE_FAILURE;
257	*al=SSL_AD_ILLEGAL_PARAMETER;	258	return 0;
258	return 0;	259	}
259	}
260
261	/* Check that the extension matches */
262	if(ilen != expected_len)
263	{
264	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
265	*al=SSL_AD_HANDSHAKE_FAILURE;
266	return 0;
267	}
268		260
269	if(memcmp(d, s->s3->previous_client_finished,	261	if (memcmp(d, s->s3->previous_client_finished,
270	s->s3->previous_client_finished_len))	262	s->s3->previous_client_finished_len)) {
271	{	263	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH);
272	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);	264	*al = SSL_AD_HANDSHAKE_FAILURE;
273	*al=SSL_AD_HANDSHAKE_FAILURE;	265	return 0;
274	return 0;	266	}
275	}	267	d += s->s3->previous_client_finished_len;
276	d += s->s3->previous_client_finished_len;
277		268
278	if(memcmp(d, s->s3->previous_server_finished,	269	if (memcmp(d, s->s3->previous_server_finished,
279	s->s3->previous_server_finished_len))	270	s->s3->previous_server_finished_len)) {
280	{	271	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH);
281	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);	272	*al = SSL_AD_ILLEGAL_PARAMETER;
282	*al=SSL_AD_ILLEGAL_PARAMETER;	273	return 0;
283	return 0;	274	}
284	}
285	#ifdef OPENSSL_RI_DEBUG	275	#ifdef OPENSSL_RI_DEBUG
286	fprintf(stderr, "%s RI extension received by client\n",	276	fprintf(stderr, "%s RI extension received by client\n",
287	ilen ? "Non-empty" : "Empty");	277	ilen ? "Non-empty" : "Empty");
288	#endif	278	#endif
289	s->s3->send_connection_binding=1;	279	s->s3->send_connection_binding = 1;
290		280
291	return 1;	281	return 1;
292	}	282	}