diff options
Diffstat (limited to 'src/lib/libssl')
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_lib.c | 50 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 50 |
2 files changed, 58 insertions, 42 deletions
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 678818d51b..0b3f0f3566 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.60 2014/10/03 13:58:18 jsing Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.61 2014/10/05 14:47:30 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -351,12 +351,21 @@ tls1_ec_nid2curve_id(int nid) | |||
| 351 | } | 351 | } |
| 352 | } | 352 | } |
| 353 | 353 | ||
| 354 | /* | ||
| 355 | * Return the appropriate format list. If client_formats is non-zero, return | ||
| 356 | * the client/session formats. Otherwise return the custom format list if one | ||
| 357 | * exists, or the default formats if a custom list has not been specified. | ||
| 358 | */ | ||
| 354 | static void | 359 | static void |
| 355 | tls1_get_formatlist(SSL *s, const unsigned char **pformats, size_t *pformatslen) | 360 | tls1_get_formatlist(SSL *s, int client_formats, const unsigned char **pformats, |
| 361 | size_t *pformatslen) | ||
| 356 | { | 362 | { |
| 357 | /* | 363 | if (client_formats != 0) { |
| 358 | * If we have a custom point format list use it, otherwise use default. | 364 | *pformats = s->session->tlsext_ecpointformatlist; |
| 359 | */ | 365 | *pformatslen = s->session->tlsext_ecpointformatlist_length; |
| 366 | return; | ||
| 367 | } | ||
| 368 | |||
| 360 | *pformats = s->tlsext_ecpointformatlist; | 369 | *pformats = s->tlsext_ecpointformatlist; |
| 361 | *pformatslen = s->tlsext_ecpointformatlist_length; | 370 | *pformatslen = s->tlsext_ecpointformatlist_length; |
| 362 | if (*pformats == NULL) { | 371 | if (*pformats == NULL) { |
| @@ -490,35 +499,34 @@ tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id, EC_KEY *ec) | |||
| 490 | static int | 499 | static int |
| 491 | tls1_check_ec_key(SSL *s, unsigned char *curve_id, unsigned char *comp_id) | 500 | tls1_check_ec_key(SSL *s, unsigned char *curve_id, unsigned char *comp_id) |
| 492 | { | 501 | { |
| 493 | const unsigned char *p; | 502 | const unsigned char *curves, *formats; |
| 494 | size_t plen, i; | 503 | size_t curveslen, formatslen, i; |
| 495 | 504 | ||
| 496 | /* | 505 | /* |
| 497 | * Check point formats extension if present, otherwise everything | 506 | * Check point formats extension if present, otherwise everything |
| 498 | * is supported (see RFC4492). | 507 | * is supported (see RFC4492). |
| 499 | */ | 508 | */ |
| 500 | if (comp_id != NULL && s->session->tlsext_ecpointformatlist != NULL) { | 509 | tls1_get_formatlist(s, 1, &formats, &formatslen); |
| 501 | p = s->session->tlsext_ecpointformatlist; | 510 | if (comp_id != NULL && formats != NULL) { |
| 502 | plen = s->session->tlsext_ecpointformatlist_length; | 511 | for (i = 0; i < formatslen; i++, formats++) { |
| 503 | for (i = 0; i < plen; i++, p++) { | 512 | if (*comp_id == *formats) |
| 504 | if (*comp_id == *p) | ||
| 505 | break; | 513 | break; |
| 506 | } | 514 | } |
| 507 | if (i == plen) | 515 | if (i == formatslen) |
| 508 | return (0); | 516 | return (0); |
| 509 | } | 517 | } |
| 510 | 518 | ||
| 511 | /* | 519 | /* |
| 512 | * Check curve list if present, otherwise everything is supported. | 520 | * Check curve list if present, otherwise everything is supported. |
| 513 | */ | 521 | */ |
| 514 | if (s->session->tlsext_ellipticcurvelist != NULL) { | 522 | tls1_get_curvelist(s, 1, &curves, &curveslen); |
| 515 | p = s->session->tlsext_ellipticcurvelist; | 523 | if (curves != NULL) { |
| 516 | plen = s->session->tlsext_ellipticcurvelist_length; | 524 | for (i = 0; i < curveslen; i += 2, curves += 2) { |
| 517 | for (i = 0; i < plen; i += 2, p += 2) { | 525 | if (curves[0] == curve_id[0] && |
| 518 | if (p[0] == curve_id[0] && p[1] == curve_id[1]) | 526 | curves[1] == curve_id[1]) |
| 519 | break; | 527 | break; |
| 520 | } | 528 | } |
| 521 | if (i == plen) | 529 | if (i == curveslen) |
| 522 | return (0); | 530 | return (0); |
| 523 | } | 531 | } |
| 524 | 532 | ||
| @@ -712,7 +720,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 712 | size_t plistlen; | 720 | size_t plistlen; |
| 713 | size_t lenmax; | 721 | size_t lenmax; |
| 714 | 722 | ||
| 715 | tls1_get_formatlist(s, &plist, &plistlen); | 723 | tls1_get_formatlist(s, 0, &plist, &plistlen); |
| 716 | 724 | ||
| 717 | if ((size_t)(limit - ret) < 5) | 725 | if ((size_t)(limit - ret) < 5) |
| 718 | return NULL; | 726 | return NULL; |
| @@ -998,7 +1006,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 998 | size_t plistlen; | 1006 | size_t plistlen; |
| 999 | size_t lenmax; | 1007 | size_t lenmax; |
| 1000 | 1008 | ||
| 1001 | tls1_get_formatlist(s, &plist, &plistlen); | 1009 | tls1_get_formatlist(s, 0, &plist, &plistlen); |
| 1002 | 1010 | ||
| 1003 | if ((size_t)(limit - ret) < 5) | 1011 | if ((size_t)(limit - ret) < 5) |
| 1004 | return NULL; | 1012 | return NULL; |
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 678818d51b..0b3f0f3566 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.60 2014/10/03 13:58:18 jsing Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.61 2014/10/05 14:47:30 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -351,12 +351,21 @@ tls1_ec_nid2curve_id(int nid) | |||
| 351 | } | 351 | } |
| 352 | } | 352 | } |
| 353 | 353 | ||
| 354 | /* | ||
| 355 | * Return the appropriate format list. If client_formats is non-zero, return | ||
| 356 | * the client/session formats. Otherwise return the custom format list if one | ||
| 357 | * exists, or the default formats if a custom list has not been specified. | ||
| 358 | */ | ||
| 354 | static void | 359 | static void |
| 355 | tls1_get_formatlist(SSL *s, const unsigned char **pformats, size_t *pformatslen) | 360 | tls1_get_formatlist(SSL *s, int client_formats, const unsigned char **pformats, |
| 361 | size_t *pformatslen) | ||
| 356 | { | 362 | { |
| 357 | /* | 363 | if (client_formats != 0) { |
| 358 | * If we have a custom point format list use it, otherwise use default. | 364 | *pformats = s->session->tlsext_ecpointformatlist; |
| 359 | */ | 365 | *pformatslen = s->session->tlsext_ecpointformatlist_length; |
| 366 | return; | ||
| 367 | } | ||
| 368 | |||
| 360 | *pformats = s->tlsext_ecpointformatlist; | 369 | *pformats = s->tlsext_ecpointformatlist; |
| 361 | *pformatslen = s->tlsext_ecpointformatlist_length; | 370 | *pformatslen = s->tlsext_ecpointformatlist_length; |
| 362 | if (*pformats == NULL) { | 371 | if (*pformats == NULL) { |
| @@ -490,35 +499,34 @@ tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id, EC_KEY *ec) | |||
| 490 | static int | 499 | static int |
| 491 | tls1_check_ec_key(SSL *s, unsigned char *curve_id, unsigned char *comp_id) | 500 | tls1_check_ec_key(SSL *s, unsigned char *curve_id, unsigned char *comp_id) |
| 492 | { | 501 | { |
| 493 | const unsigned char *p; | 502 | const unsigned char *curves, *formats; |
| 494 | size_t plen, i; | 503 | size_t curveslen, formatslen, i; |
| 495 | 504 | ||
| 496 | /* | 505 | /* |
| 497 | * Check point formats extension if present, otherwise everything | 506 | * Check point formats extension if present, otherwise everything |
| 498 | * is supported (see RFC4492). | 507 | * is supported (see RFC4492). |
| 499 | */ | 508 | */ |
| 500 | if (comp_id != NULL && s->session->tlsext_ecpointformatlist != NULL) { | 509 | tls1_get_formatlist(s, 1, &formats, &formatslen); |
| 501 | p = s->session->tlsext_ecpointformatlist; | 510 | if (comp_id != NULL && formats != NULL) { |
| 502 | plen = s->session->tlsext_ecpointformatlist_length; | 511 | for (i = 0; i < formatslen; i++, formats++) { |
| 503 | for (i = 0; i < plen; i++, p++) { | 512 | if (*comp_id == *formats) |
| 504 | if (*comp_id == *p) | ||
| 505 | break; | 513 | break; |
| 506 | } | 514 | } |
| 507 | if (i == plen) | 515 | if (i == formatslen) |
| 508 | return (0); | 516 | return (0); |
| 509 | } | 517 | } |
| 510 | 518 | ||
| 511 | /* | 519 | /* |
| 512 | * Check curve list if present, otherwise everything is supported. | 520 | * Check curve list if present, otherwise everything is supported. |
| 513 | */ | 521 | */ |
| 514 | if (s->session->tlsext_ellipticcurvelist != NULL) { | 522 | tls1_get_curvelist(s, 1, &curves, &curveslen); |
| 515 | p = s->session->tlsext_ellipticcurvelist; | 523 | if (curves != NULL) { |
| 516 | plen = s->session->tlsext_ellipticcurvelist_length; | 524 | for (i = 0; i < curveslen; i += 2, curves += 2) { |
| 517 | for (i = 0; i < plen; i += 2, p += 2) { | 525 | if (curves[0] == curve_id[0] && |
| 518 | if (p[0] == curve_id[0] && p[1] == curve_id[1]) | 526 | curves[1] == curve_id[1]) |
| 519 | break; | 527 | break; |
| 520 | } | 528 | } |
| 521 | if (i == plen) | 529 | if (i == curveslen) |
| 522 | return (0); | 530 | return (0); |
| 523 | } | 531 | } |
| 524 | 532 | ||
| @@ -712,7 +720,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 712 | size_t plistlen; | 720 | size_t plistlen; |
| 713 | size_t lenmax; | 721 | size_t lenmax; |
| 714 | 722 | ||
| 715 | tls1_get_formatlist(s, &plist, &plistlen); | 723 | tls1_get_formatlist(s, 0, &plist, &plistlen); |
| 716 | 724 | ||
| 717 | if ((size_t)(limit - ret) < 5) | 725 | if ((size_t)(limit - ret) < 5) |
| 718 | return NULL; | 726 | return NULL; |
| @@ -998,7 +1006,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 998 | size_t plistlen; | 1006 | size_t plistlen; |
| 999 | size_t lenmax; | 1007 | size_t lenmax; |
| 1000 | 1008 | ||
| 1001 | tls1_get_formatlist(s, &plist, &plistlen); | 1009 | tls1_get_formatlist(s, 0, &plist, &plistlen); |
| 1002 | 1010 | ||
| 1003 | if ((size_t)(limit - ret) < 5) | 1011 | if ((size_t)(limit - ret) < 5) |
| 1004 | return NULL; | 1012 | return NULL; |