diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_lib.c | 378 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 378 | 
2 files changed, 388 insertions, 368 deletions
| diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 54f536917e..6913d15663 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c | |||
| @@ -5,21 +5,21 @@ | |||
| 5 | * This package is an SSL implementation written | 5 | * This package is an SSL implementation written | 
| 6 | * by Eric Young (eay@cryptsoft.com). | 6 | * by Eric Young (eay@cryptsoft.com). | 
| 7 | * The implementation was written so as to conform with Netscapes SSL. | 7 | * The implementation was written so as to conform with Netscapes SSL. | 
| 8 | * | 8 | * | 
| 9 | * This library is free for commercial and non-commercial use as long as | 9 | * This library is free for commercial and non-commercial use as long as | 
| 10 | * the following conditions are aheared to. The following conditions | 10 | * the following conditions are aheared to. The following conditions | 
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | 11 | * apply to all code found in this distribution, be it the RC4, RSA, | 
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 
| 13 | * included with this distribution is covered by the same copyright terms | 13 | * included with this distribution is covered by the same copyright terms | 
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 
| 15 | * | 15 | * | 
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | 
| 17 | * the code are not to be removed. | 17 | * the code are not to be removed. | 
| 18 | * If this package is used in a product, Eric Young should be given attribution | 18 | * If this package is used in a product, Eric Young should be given attribution | 
| 19 | * as the author of the parts of the library used. | 19 | * as the author of the parts of the library used. | 
| 20 | * This can be in the form of a textual message at program startup or | 20 | * This can be in the form of a textual message at program startup or | 
| 21 | * in documentation (online or textual) provided with the package. | 21 | * in documentation (online or textual) provided with the package. | 
| 22 | * | 22 | * | 
| 23 | * Redistribution and use in source and binary forms, with or without | 23 | * Redistribution and use in source and binary forms, with or without | 
| 24 | * modification, are permitted provided that the following conditions | 24 | * modification, are permitted provided that the following conditions | 
| 25 | * are met: | 25 | * are met: | 
| @@ -34,10 +34,10 @@ | |||
| 34 | * Eric Young (eay@cryptsoft.com)" | 34 | * Eric Young (eay@cryptsoft.com)" | 
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 35 | * The word 'cryptographic' can be left out if the rouines from the library | 
| 36 | * being used are not cryptographic related :-). | 36 | * being used are not cryptographic related :-). | 
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 
| 38 | * the apps directory (application code) you must include an acknowledgement: | 38 | * the apps directory (application code) you must include an acknowledgement: | 
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 
| 40 | * | 40 | * | 
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 
| @@ -49,7 +49,7 @@ | |||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 
| 51 | * SUCH DAMAGE. | 51 | * SUCH DAMAGE. | 
| 52 | * | 52 | * | 
| 53 | * The licence and distribution terms for any publically available version or | 53 | * The licence and distribution terms for any publically available version or | 
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence | 
| @@ -63,7 +63,7 @@ | |||
| 63 | * are met: | 63 | * are met: | 
| 64 | * | 64 | * | 
| 65 | * 1. Redistributions of source code must retain the above copyright | 65 | * 1. Redistributions of source code must retain the above copyright | 
| 66 | * notice, this list of conditions and the following disclaimer. | 66 | * notice, this list of conditions and the following disclaimer. | 
| 67 | * | 67 | * | 
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | 68 | * 2. Redistributions in binary form must reproduce the above copyright | 
| 69 | * notice, this list of conditions and the following disclaimer in | 69 | * notice, this list of conditions and the following disclaimer in | 
| @@ -117,11 +117,10 @@ | |||
| 117 | #include <openssl/rand.h> | 117 | #include <openssl/rand.h> | 
| 118 | #include "ssl_locl.h" | 118 | #include "ssl_locl.h" | 
| 119 | 119 | ||
| 120 | const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT; | 120 | const char tls1_version_str[] = "TLSv1" OPENSSL_VERSION_PTEXT; | 
| 121 | 121 | ||
| 122 | #ifndef OPENSSL_NO_TLSEXT | 122 | #ifndef OPENSSL_NO_TLSEXT | 
| 123 | static int | 123 | static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, | 
| 124 | tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, | ||
| 125 | const unsigned char *sess_id, int sesslen, | 124 | const unsigned char *sess_id, int sesslen, | 
| 126 | SSL_SESSION **psess); | 125 | SSL_SESSION **psess); | 
| 127 | #endif | 126 | #endif | 
| @@ -146,7 +145,7 @@ tls1_default_timeout(void) | |||
| 146 | { | 145 | { | 
| 147 | /* 2 hours, the 24 hours mentioned in the TLSv1 spec | 146 | /* 2 hours, the 24 hours mentioned in the TLSv1 spec | 
| 148 | * is way too long for http, the cache would over fill */ | 147 | * is way too long for http, the cache would over fill */ | 
| 149 | return (60*60*2); | 148 | return (60 * 60 * 2); | 
| 150 | } | 149 | } | 
| 151 | 150 | ||
| 152 | int | 151 | int | 
| @@ -179,67 +178,67 @@ tls1_clear(SSL *s) | |||
| 179 | #ifndef OPENSSL_NO_EC | 178 | #ifndef OPENSSL_NO_EC | 
| 180 | 179 | ||
| 181 | static int nid_list[] = { | 180 | static int nid_list[] = { | 
| 182 | NID_sect163k1, /* sect163k1 (1) */ | 181 | NID_sect163k1, /* sect163k1 (1) */ | 
| 183 | NID_sect163r1, /* sect163r1 (2) */ | 182 | NID_sect163r1, /* sect163r1 (2) */ | 
| 184 | NID_sect163r2, /* sect163r2 (3) */ | 183 | NID_sect163r2, /* sect163r2 (3) */ | 
| 185 | NID_sect193r1, /* sect193r1 (4) */ | 184 | NID_sect193r1, /* sect193r1 (4) */ | 
| 186 | NID_sect193r2, /* sect193r2 (5) */ | 185 | NID_sect193r2, /* sect193r2 (5) */ | 
| 187 | NID_sect233k1, /* sect233k1 (6) */ | 186 | NID_sect233k1, /* sect233k1 (6) */ | 
| 188 | NID_sect233r1, /* sect233r1 (7) */ | 187 | NID_sect233r1, /* sect233r1 (7) */ | 
| 189 | NID_sect239k1, /* sect239k1 (8) */ | 188 | NID_sect239k1, /* sect239k1 (8) */ | 
| 190 | NID_sect283k1, /* sect283k1 (9) */ | 189 | NID_sect283k1, /* sect283k1 (9) */ | 
| 191 | NID_sect283r1, /* sect283r1 (10) */ | 190 | NID_sect283r1, /* sect283r1 (10) */ | 
| 192 | NID_sect409k1, /* sect409k1 (11) */ | 191 | NID_sect409k1, /* sect409k1 (11) */ | 
| 193 | NID_sect409r1, /* sect409r1 (12) */ | 192 | NID_sect409r1, /* sect409r1 (12) */ | 
| 194 | NID_sect571k1, /* sect571k1 (13) */ | 193 | NID_sect571k1, /* sect571k1 (13) */ | 
| 195 | NID_sect571r1, /* sect571r1 (14) */ | 194 | NID_sect571r1, /* sect571r1 (14) */ | 
| 196 | NID_secp160k1, /* secp160k1 (15) */ | 195 | NID_secp160k1, /* secp160k1 (15) */ | 
| 197 | NID_secp160r1, /* secp160r1 (16) */ | 196 | NID_secp160r1, /* secp160r1 (16) */ | 
| 198 | NID_secp160r2, /* secp160r2 (17) */ | 197 | NID_secp160r2, /* secp160r2 (17) */ | 
| 199 | NID_secp192k1, /* secp192k1 (18) */ | 198 | NID_secp192k1, /* secp192k1 (18) */ | 
| 200 | NID_X9_62_prime192v1, /* secp192r1 (19) */ | 199 | NID_X9_62_prime192v1, /* secp192r1 (19) */ | 
| 201 | NID_secp224k1, /* secp224k1 (20) */ | 200 | NID_secp224k1, /* secp224k1 (20) */ | 
| 202 | NID_secp224r1, /* secp224r1 (21) */ | 201 | NID_secp224r1, /* secp224r1 (21) */ | 
| 203 | NID_secp256k1, /* secp256k1 (22) */ | 202 | NID_secp256k1, /* secp256k1 (22) */ | 
| 204 | NID_X9_62_prime256v1, /* secp256r1 (23) */ | 203 | NID_X9_62_prime256v1, /* secp256r1 (23) */ | 
| 205 | NID_secp384r1, /* secp384r1 (24) */ | 204 | NID_secp384r1, /* secp384r1 (24) */ | 
| 206 | NID_secp521r1 /* secp521r1 (25) */ | 205 | NID_secp521r1 /* secp521r1 (25) */ | 
| 207 | }; | 206 | }; | 
| 208 | 207 | ||
| 209 | static int pref_list[] = { | 208 | static int pref_list[] = { | 
| 210 | NID_sect571r1, /* sect571r1 (14) */ | 209 | NID_sect571r1, /* sect571r1 (14) */ | 
| 211 | NID_sect571k1, /* sect571k1 (13) */ | 210 | NID_sect571k1, /* sect571k1 (13) */ | 
| 212 | NID_secp521r1, /* secp521r1 (25) */ | 211 | NID_secp521r1, /* secp521r1 (25) */ | 
| 213 | NID_sect409k1, /* sect409k1 (11) */ | 212 | NID_sect409k1, /* sect409k1 (11) */ | 
| 214 | NID_sect409r1, /* sect409r1 (12) */ | 213 | NID_sect409r1, /* sect409r1 (12) */ | 
| 215 | NID_secp384r1, /* secp384r1 (24) */ | 214 | NID_secp384r1, /* secp384r1 (24) */ | 
| 216 | NID_sect283k1, /* sect283k1 (9) */ | 215 | NID_sect283k1, /* sect283k1 (9) */ | 
| 217 | NID_sect283r1, /* sect283r1 (10) */ | 216 | NID_sect283r1, /* sect283r1 (10) */ | 
| 218 | NID_secp256k1, /* secp256k1 (22) */ | 217 | NID_secp256k1, /* secp256k1 (22) */ | 
| 219 | NID_X9_62_prime256v1, /* secp256r1 (23) */ | 218 | NID_X9_62_prime256v1, /* secp256r1 (23) */ | 
| 220 | NID_sect239k1, /* sect239k1 (8) */ | 219 | NID_sect239k1, /* sect239k1 (8) */ | 
| 221 | NID_sect233k1, /* sect233k1 (6) */ | 220 | NID_sect233k1, /* sect233k1 (6) */ | 
| 222 | NID_sect233r1, /* sect233r1 (7) */ | 221 | NID_sect233r1, /* sect233r1 (7) */ | 
| 223 | NID_secp224k1, /* secp224k1 (20) */ | 222 | NID_secp224k1, /* secp224k1 (20) */ | 
| 224 | NID_secp224r1, /* secp224r1 (21) */ | 223 | NID_secp224r1, /* secp224r1 (21) */ | 
| 225 | NID_sect193r1, /* sect193r1 (4) */ | 224 | NID_sect193r1, /* sect193r1 (4) */ | 
| 226 | NID_sect193r2, /* sect193r2 (5) */ | 225 | NID_sect193r2, /* sect193r2 (5) */ | 
| 227 | NID_secp192k1, /* secp192k1 (18) */ | 226 | NID_secp192k1, /* secp192k1 (18) */ | 
| 228 | NID_X9_62_prime192v1, /* secp192r1 (19) */ | 227 | NID_X9_62_prime192v1, /* secp192r1 (19) */ | 
| 229 | NID_sect163k1, /* sect163k1 (1) */ | 228 | NID_sect163k1, /* sect163k1 (1) */ | 
| 230 | NID_sect163r1, /* sect163r1 (2) */ | 229 | NID_sect163r1, /* sect163r1 (2) */ | 
| 231 | NID_sect163r2, /* sect163r2 (3) */ | 230 | NID_sect163r2, /* sect163r2 (3) */ | 
| 232 | NID_secp160k1, /* secp160k1 (15) */ | 231 | NID_secp160k1, /* secp160k1 (15) */ | 
| 233 | NID_secp160r1, /* secp160r1 (16) */ | 232 | NID_secp160r1, /* secp160r1 (16) */ | 
| 234 | NID_secp160r2, /* secp160r2 (17) */ | 233 | NID_secp160r2, /* secp160r2 (17) */ | 
| 235 | }; | 234 | }; | 
| 236 | 235 | ||
| 237 | int | 236 | int | 
| 238 | tls1_ec_curve_id2nid(int curve_id) | 237 | tls1_ec_curve_id2nid(int curve_id) | 
| 239 | { | 238 | { | 
| 240 | /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ | 239 | /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ | 
| 241 | if ((curve_id < 1) || ((unsigned int)curve_id > | 240 | if ((curve_id < 1) || | 
| 242 | sizeof(nid_list)/sizeof(nid_list[0]))) | 241 | ((unsigned int)curve_id > sizeof(nid_list) / sizeof(nid_list[0]))) | 
| 243 | return 0; | 242 | return 0; | 
| 244 | return nid_list[curve_id - 1]; | 243 | return nid_list[curve_id - 1]; | 
| 245 | } | 244 | } | 
| @@ -297,7 +296,7 @@ tls1_ec_nid2curve_id(int nid) | |||
| 297 | return 23; | 296 | return 23; | 
| 298 | case NID_secp384r1: /* secp384r1 (24) */ | 297 | case NID_secp384r1: /* secp384r1 (24) */ | 
| 299 | return 24; | 298 | return 24; | 
| 300 | case NID_secp521r1: /* secp521r1 (25) */ | 299 | case NID_secp521r1: /* secp521r1 (25) */ | 
| 301 | return 25; | 300 | return 25; | 
| 302 | default: | 301 | default: | 
| 303 | return 0; | 302 | return 0; | 
| @@ -322,9 +321,9 @@ tls1_ec_nid2curve_id(int nid) | |||
| 322 | #endif | 321 | #endif | 
| 323 | 322 | ||
| 324 | #define tlsext_sigalg(md) \ | 323 | #define tlsext_sigalg(md) \ | 
| 325 | tlsext_sigalg_rsa(md) \ | 324 | tlsext_sigalg_rsa(md) \ | 
| 326 | tlsext_sigalg_dsa(md) \ | 325 | tlsext_sigalg_dsa(md) \ | 
| 327 | tlsext_sigalg_ecdsa(md) | 326 | tlsext_sigalg_ecdsa(md) | 
| 328 | 327 | ||
| 329 | static unsigned char tls12_sigalgs[] = { | 328 | static unsigned char tls12_sigalgs[] = { | 
| 330 | tlsext_sigalg(TLSEXT_hash_sha512) | 329 | tlsext_sigalg(TLSEXT_hash_sha512) | 
| @@ -338,6 +337,7 @@ int | |||
| 338 | tls12_get_req_sig_algs(SSL *s, unsigned char *p) | 337 | tls12_get_req_sig_algs(SSL *s, unsigned char *p) | 
| 339 | { | 338 | { | 
| 340 | size_t slen = sizeof(tls12_sigalgs); | 339 | size_t slen = sizeof(tls12_sigalgs); | 
| 340 | |||
| 341 | if (p) | 341 | if (p) | 
| 342 | memcpy(p, tls12_sigalgs, slen); | 342 | memcpy(p, tls12_sigalgs, slen); | 
| 343 | return (int)slen; | 343 | return (int)slen; | 
| @@ -356,20 +356,19 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 356 | 356 | ||
| 357 | ret += 2; | 357 | ret += 2; | 
| 358 | 358 | ||
| 359 | if (ret>=limit) | 359 | if (ret >= limit) | 
| 360 | return NULL; /* this really never occurs, but ... */ | 360 | return NULL; /* this really never occurs, but ... */ | 
| 361 | 361 | ||
| 362 | if (s->tlsext_hostname != NULL) { | 362 | if (s->tlsext_hostname != NULL) { | 
| 363 | /* Add TLS extension servername to the Client Hello message */ | 363 | /* Add TLS extension servername to the Client Hello message */ | 
| 364 | size_t size_str, lenmax; | 364 | size_t size_str, lenmax; | 
| 365 | 365 | ||
| 366 | |||
| 367 | /* check for enough space. | 366 | /* check for enough space. | 
| 368 | 4 for the servername type and extension length | 367 | 4 for the servername type and extension length | 
| 369 | 2 for servernamelist length | 368 | 2 for servernamelist length | 
| 370 | 1 for the hostname type | 369 | 1 for the hostname type | 
| 371 | 2 for hostname length | 370 | 2 for hostname length | 
| 372 | + hostname length | 371 | + hostname length | 
| 373 | */ | 372 | */ | 
| 374 | 373 | ||
| 375 | if ((size_t)(limit - ret) < 9) | 374 | if ((size_t)(limit - ret) < 9) | 
| @@ -399,7 +398,8 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 399 | int el; | 398 | int el; | 
| 400 | 399 | ||
| 401 | if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { | 400 | if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { | 
| 402 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 401 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, | 
| 402 | ERR_R_INTERNAL_ERROR); | ||
| 403 | return NULL; | 403 | return NULL; | 
| 404 | } | 404 | } | 
| 405 | 405 | ||
| @@ -410,7 +410,8 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 410 | s2n(el, ret); | 410 | s2n(el, ret); | 
| 411 | 411 | ||
| 412 | if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { | 412 | if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { | 
| 413 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 413 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, | 
| 414 | ERR_R_INTERNAL_ERROR); | ||
| 414 | return NULL; | 415 | return NULL; | 
| 415 | } | 416 | } | 
| 416 | 417 | ||
| @@ -431,14 +432,16 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 431 | if (s->tlsext_ecpointformatlist_length > lenmax) | 432 | if (s->tlsext_ecpointformatlist_length > lenmax) | 
| 432 | return NULL; | 433 | return NULL; | 
| 433 | if (s->tlsext_ecpointformatlist_length > 255) { | 434 | if (s->tlsext_ecpointformatlist_length > 255) { | 
| 434 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 435 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, | 
| 436 | ERR_R_INTERNAL_ERROR); | ||
| 435 | return NULL; | 437 | return NULL; | 
| 436 | } | 438 | } | 
| 437 | 439 | ||
| 438 | s2n(TLSEXT_TYPE_ec_point_formats, ret); | 440 | s2n(TLSEXT_TYPE_ec_point_formats, ret); | 
| 439 | s2n(s->tlsext_ecpointformatlist_length + 1, ret); | 441 | s2n(s->tlsext_ecpointformatlist_length + 1, ret); | 
| 440 | *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; | 442 | *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; | 
| 441 | memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); | 443 | memcpy(ret, s->tlsext_ecpointformatlist, | 
| 444 | s->tlsext_ecpointformatlist_length); | ||
| 442 | ret += s->tlsext_ecpointformatlist_length; | 445 | ret += s->tlsext_ecpointformatlist_length; | 
| 443 | } | 446 | } | 
| 444 | if (s->tlsext_ellipticcurvelist != NULL && | 447 | if (s->tlsext_ellipticcurvelist != NULL && | 
| @@ -453,7 +456,8 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 453 | if (s->tlsext_ellipticcurvelist_length > lenmax) | 456 | if (s->tlsext_ellipticcurvelist_length > lenmax) | 
| 454 | return NULL; | 457 | return NULL; | 
| 455 | if (s->tlsext_ellipticcurvelist_length > 65532) { | 458 | if (s->tlsext_ellipticcurvelist_length > 65532) { | 
| 456 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 459 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, | 
| 460 | ERR_R_INTERNAL_ERROR); | ||
| 457 | return NULL; | 461 | return NULL; | 
| 458 | } | 462 | } | 
| 459 | 463 | ||
| @@ -466,7 +470,8 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 466 | * resolves this to two bytes. | 470 | * resolves this to two bytes. | 
| 467 | */ | 471 | */ | 
| 468 | s2n(s->tlsext_ellipticcurvelist_length, ret); | 472 | s2n(s->tlsext_ellipticcurvelist_length, ret); | 
| 469 | memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); | 473 | memcpy(ret, s->tlsext_ellipticcurvelist, | 
| 474 | s->tlsext_ellipticcurvelist_length); | ||
| 470 | ret += s->tlsext_ellipticcurvelist_length; | 475 | ret += s->tlsext_ellipticcurvelist_length; | 
| 471 | } | 476 | } | 
| 472 | #endif /* OPENSSL_NO_EC */ | 477 | #endif /* OPENSSL_NO_EC */ | 
| @@ -603,7 +608,8 @@ skip_ext: | |||
| 603 | s2n(el, ret); | 608 | s2n(el, ret); | 
| 604 | 609 | ||
| 605 | if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) { | 610 | if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) { | 
| 606 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 611 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, | 
| 612 | ERR_R_INTERNAL_ERROR); | ||
| 607 | return NULL; | 613 | return NULL; | 
| 608 | } | 614 | } | 
| 609 | ret += el; | 615 | ret += el; | 
| @@ -660,10 +666,11 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 660 | return p; | 666 | return p; | 
| 661 | 667 | ||
| 662 | ret += 2; | 668 | ret += 2; | 
| 663 | if (ret>=limit) | 669 | if (ret >= limit) | 
| 664 | return NULL; /* this really never occurs, but ... */ | 670 | return NULL; /* this really never occurs, but ... */ | 
| 665 | 671 | ||
| 666 | if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL) { | 672 | if (!s->hit && s->servername_done == 1 && | 
| 673 | s->session->tlsext_hostname != NULL) { | ||
| 667 | if ((size_t)(limit - ret) < 4) | 674 | if ((size_t)(limit - ret) < 4) | 
| 668 | return NULL; | 675 | return NULL; | 
| 669 | 676 | ||
| @@ -675,7 +682,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 675 | int el; | 682 | int el; | 
| 676 | 683 | ||
| 677 | if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { | 684 | if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { | 
| 678 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 685 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, | 
| 686 | ERR_R_INTERNAL_ERROR); | ||
| 679 | return NULL; | 687 | return NULL; | 
| 680 | } | 688 | } | 
| 681 | 689 | ||
| @@ -686,7 +694,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 686 | s2n(el, ret); | 694 | s2n(el, ret); | 
| 687 | 695 | ||
| 688 | if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) { | 696 | if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) { | 
| 689 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 697 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, | 
| 698 | ERR_R_INTERNAL_ERROR); | ||
| 690 | return NULL; | 699 | return NULL; | 
| 691 | } | 700 | } | 
| 692 | 701 | ||
| @@ -695,7 +704,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 695 | 704 | ||
| 696 | #ifndef OPENSSL_NO_EC | 705 | #ifndef OPENSSL_NO_EC | 
| 697 | if (s->tlsext_ecpointformatlist != NULL && | 706 | if (s->tlsext_ecpointformatlist != NULL && | 
| 698 | s->version != DTLS1_VERSION) { | 707 | s->version != DTLS1_VERSION) { | 
| 699 | /* Add TLS extension ECPointFormats to the ServerHello message */ | 708 | /* Add TLS extension ECPointFormats to the ServerHello message */ | 
| 700 | size_t lenmax; | 709 | size_t lenmax; | 
| 701 | 710 | ||
| @@ -706,21 +715,24 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 706 | if (s->tlsext_ecpointformatlist_length > lenmax) | 715 | if (s->tlsext_ecpointformatlist_length > lenmax) | 
| 707 | return NULL; | 716 | return NULL; | 
| 708 | if (s->tlsext_ecpointformatlist_length > 255) { | 717 | if (s->tlsext_ecpointformatlist_length > 255) { | 
| 709 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 718 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, | 
| 719 | ERR_R_INTERNAL_ERROR); | ||
| 710 | return NULL; | 720 | return NULL; | 
| 711 | } | 721 | } | 
| 712 | 722 | ||
| 713 | s2n(TLSEXT_TYPE_ec_point_formats, ret); | 723 | s2n(TLSEXT_TYPE_ec_point_formats, ret); | 
| 714 | s2n(s->tlsext_ecpointformatlist_length + 1, ret); | 724 | s2n(s->tlsext_ecpointformatlist_length + 1, ret); | 
| 715 | *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; | 725 | *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; | 
| 716 | memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); | 726 | memcpy(ret, s->tlsext_ecpointformatlist, | 
| 727 | s->tlsext_ecpointformatlist_length); | ||
| 717 | ret += s->tlsext_ecpointformatlist_length; | 728 | ret += s->tlsext_ecpointformatlist_length; | 
| 718 | 729 | ||
| 719 | } | 730 | } | 
| 720 | /* Currently the server should not respond with a SupportedCurves extension */ | 731 | /* Currently the server should not respond with a SupportedCurves extension */ | 
| 721 | #endif /* OPENSSL_NO_EC */ | 732 | #endif /* OPENSSL_NO_EC */ | 
| 722 | 733 | ||
| 723 | if (s->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { | 734 | if (s->tlsext_ticket_expected && | 
| 735 | !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { | ||
| 724 | if ((size_t)(limit - ret) < 4) | 736 | if ((size_t)(limit - ret) < 4) | 
| 725 | return NULL; | 737 | return NULL; | 
| 726 | 738 | ||
| @@ -737,7 +749,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 737 | } | 749 | } | 
| 738 | 750 | ||
| 739 | #ifdef TLSEXT_TYPE_opaque_prf_input | 751 | #ifdef TLSEXT_TYPE_opaque_prf_input | 
| 740 | if (s->s3->server_opaque_prf_input != NULL && s->version != DTLS1_VERSION) { | 752 | if (s->s3->server_opaque_prf_input != NULL && | 
| 753 | s->version != DTLS1_VERSION) { | ||
| 741 | size_t sol = s->s3->server_opaque_prf_input_len; | 754 | size_t sol = s->s3->server_opaque_prf_input_len; | 
| 742 | 755 | ||
| 743 | if ((size_t)(limit - ret) < 6 + sol) | 756 | if ((size_t)(limit - ret) < 6 + sol) | 
| @@ -767,7 +780,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 767 | s2n(el, ret); | 780 | s2n(el, ret); | 
| 768 | 781 | ||
| 769 | if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) { | 782 | if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) { | 
| 770 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 783 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, | 
| 784 | ERR_R_INTERNAL_ERROR); | ||
| 771 | return NULL; | 785 | return NULL; | 
| 772 | } | 786 | } | 
| 773 | ret += el; | 787 | ret += el; | 
| @@ -781,7 +795,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 781 | 0xfd, 0xe8, /*65000*/ | 795 | 0xfd, 0xe8, /*65000*/ | 
| 782 | 0x00, 0x20, /*32 bytes length*/ | 796 | 0x00, 0x20, /*32 bytes length*/ | 
| 783 | 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, | 797 | 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, | 
| 784 | 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, | 798 | 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, | 
| 785 | 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, | 799 | 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, | 
| 786 | 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17 | 800 | 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17 | 
| 787 | }; | 801 | }; | 
| @@ -799,7 +813,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 799 | unsigned int npalen; | 813 | unsigned int npalen; | 
| 800 | int r; | 814 | int r; | 
| 801 | 815 | ||
| 802 | r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx->next_protos_advertised_cb_arg); | 816 | r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, | 
| 817 | s->ctx->next_protos_advertised_cb_arg); | ||
| 803 | if (r == SSL_TLSEXT_ERR_OK) { | 818 | if (r == SSL_TLSEXT_ERR_OK) { | 
| 804 | if ((size_t)(limit - ret) < 4 + npalen) | 819 | if ((size_t)(limit - ret) < 4 + npalen) | 
| 805 | return NULL; | 820 | return NULL; | 
| @@ -833,7 +848,9 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 833 | * 10.8..10.8.3 (which don't work). | 848 | * 10.8..10.8.3 (which don't work). | 
| 834 | */ | 849 | */ | 
| 835 | static void | 850 | static void | 
| 836 | ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, int n) { | 851 | ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, | 
| 852 | int n) | ||
| 853 | { | ||
| 837 | unsigned short type, size; | 854 | unsigned short type, size; | 
| 838 | static const unsigned char kSafariExtensionsBlock[] = { | 855 | static const unsigned char kSafariExtensionsBlock[] = { | 
| 839 | 0x00, 0x0a, /* elliptic_curves extension */ | 856 | 0x00, 0x0a, /* elliptic_curves extension */ | 
| @@ -940,7 +957,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 940 | #endif | 957 | #endif | 
| 941 | if (s->tlsext_debug_cb) | 958 | if (s->tlsext_debug_cb) | 
| 942 | s->tlsext_debug_cb(s, 0, type, data, size, | 959 | s->tlsext_debug_cb(s, 0, type, data, size, | 
| 943 | s->tlsext_debug_arg); | 960 | s->tlsext_debug_arg); | 
| 944 | /* The servername extension is treated as follows: | 961 | /* The servername extension is treated as follows: | 
| 945 | 962 | ||
| 946 | - Only the hostname type is supported with a maximum length of 255. | 963 | - Only the hostname type is supported with a maximum length of 255. | 
| @@ -948,21 +965,21 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 948 | in which case an fatal alert is generated. | 965 | in which case an fatal alert is generated. | 
| 949 | - The servername field is maintained together with the session cache. | 966 | - The servername field is maintained together with the session cache. | 
| 950 | - When a session is resumed, the servername call back invoked in order | 967 | - When a session is resumed, the servername call back invoked in order | 
| 951 | to allow the application to position itself to the right context. | 968 | to allow the application to position itself to the right context. | 
| 952 | - The servername is acknowledged if it is new for a session or when | 969 | - The servername is acknowledged if it is new for a session or when | 
| 953 | it is identical to a previously used for the same session. | 970 | it is identical to a previously used for the same session. | 
| 954 | Applications can control the behaviour. They can at any time | 971 | Applications can control the behaviour. They can at any time | 
| 955 | set a 'desirable' servername for a new SSL object. This can be the | 972 | set a 'desirable' servername for a new SSL object. This can be the | 
| 956 | case for example with HTTPS when a Host: header field is received and | 973 | case for example with HTTPS when a Host: header field is received and | 
| 957 | a renegotiation is requested. In this case, a possible servername | 974 | a renegotiation is requested. In this case, a possible servername | 
| 958 | presented in the new client hello is only acknowledged if it matches | 975 | presented in the new client hello is only acknowledged if it matches | 
| 959 | the value of the Host: field. | 976 | the value of the Host: field. | 
| 960 | - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | 977 | - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | 
| 961 | if they provide for changing an explicit servername context for the session, | 978 | if they provide for changing an explicit servername context for the session, | 
| 962 | i.e. when the session has been established with a servername extension. | 979 | i.e. when the session has been established with a servername extension. | 
| 963 | - On session reconnect, the servername extension may be absent. | 980 | - On session reconnect, the servername extension may be absent. | 
| 964 | 981 | ||
| 965 | */ | 982 | */ | 
| 966 | 983 | ||
| 967 | if (type == TLSEXT_TYPE_server_name) { | 984 | if (type == TLSEXT_TYPE_server_name) { | 
| 968 | unsigned char *sdata; | 985 | unsigned char *sdata; | 
| @@ -995,41 +1012,41 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 995 | if (s->servername_done == 0) | 1012 | if (s->servername_done == 0) | 
| 996 | switch (servname_type) { | 1013 | switch (servname_type) { | 
| 997 | case TLSEXT_NAMETYPE_host_name: | 1014 | case TLSEXT_NAMETYPE_host_name: | 
| 998 | if (!s->hit) { | 1015 | if (!s->hit) { | 
| 999 | if (s->session->tlsext_hostname) { | 1016 | if (s->session->tlsext_hostname) { | 
| 1000 | *al = SSL_AD_DECODE_ERROR; | 1017 | *al = SSL_AD_DECODE_ERROR; | 
| 1001 | return 0; | 1018 | return 0; | 
| 1002 | } | 1019 | } | 
| 1003 | if (len > TLSEXT_MAXLEN_host_name) { | 1020 | if (len > TLSEXT_MAXLEN_host_name) { | 
| 1004 | *al = TLS1_AD_UNRECOGNIZED_NAME; | 1021 | *al = TLS1_AD_UNRECOGNIZED_NAME; | 
| 1005 | return 0; | 1022 | return 0; | 
| 1006 | } | 1023 | } | 
| 1007 | if ((s->session->tlsext_hostname = | 1024 | if ((s->session->tlsext_hostname = | 
| 1008 | malloc(len + 1)) == NULL) { | 1025 | malloc(len + 1)) == NULL) { | 
| 1009 | *al = TLS1_AD_INTERNAL_ERROR; | 1026 | *al = TLS1_AD_INTERNAL_ERROR; | 
| 1010 | return 0; | 1027 | return 0; | 
| 1011 | } | 1028 | } | 
| 1012 | memcpy(s->session->tlsext_hostname, sdata, len); | 1029 | memcpy(s->session->tlsext_hostname, sdata, len); | 
| 1013 | s->session->tlsext_hostname[len] = '\0'; | 1030 | s->session->tlsext_hostname[len] = '\0'; | 
| 1014 | if (strlen(s->session->tlsext_hostname) != len) { | 1031 | if (strlen(s->session->tlsext_hostname) != len) { | 
| 1015 | free(s->session->tlsext_hostname); | 1032 | free(s->session->tlsext_hostname); | 
| 1016 | s->session->tlsext_hostname = NULL; | 1033 | s->session->tlsext_hostname = NULL; | 
| 1017 | *al = TLS1_AD_UNRECOGNIZED_NAME; | 1034 | *al = TLS1_AD_UNRECOGNIZED_NAME; | 
| 1018 | return 0; | 1035 | return 0; | 
| 1036 | } | ||
| 1037 | s->servername_done = 1; | ||
| 1038 | |||
| 1039 | |||
| 1040 | } else { | ||
| 1041 | s->servername_done = s->session->tlsext_hostname && | ||
| 1042 | strlen(s->session->tlsext_hostname) == len && | ||
| 1043 | strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; | ||
| 1019 | } | 1044 | } | 
| 1020 | s->servername_done = 1; | 1045 | break; | 
| 1021 | |||
| 1022 | |||
| 1023 | } else { | ||
| 1024 | s->servername_done = s->session->tlsext_hostname && | ||
| 1025 | strlen(s->session->tlsext_hostname) == len && | ||
| 1026 | strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; | ||
| 1027 | } | ||
| 1028 | break; | ||
| 1029 | 1046 | ||
| 1030 | default: | 1047 | default: | 
| 1031 | break; | 1048 | break; | 
| 1032 | } | 1049 | } | 
| 1033 | 1050 | ||
| 1034 | dsize -= len; | 1051 | dsize -= len; | 
| 1035 | } | 1052 | } | 
| @@ -1042,7 +1059,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1042 | 1059 | ||
| 1043 | #ifndef OPENSSL_NO_EC | 1060 | #ifndef OPENSSL_NO_EC | 
| 1044 | else if (type == TLSEXT_TYPE_ec_point_formats && | 1061 | else if (type == TLSEXT_TYPE_ec_point_formats && | 
| 1045 | s->version != DTLS1_VERSION) { | 1062 | s->version != DTLS1_VERSION) { | 
| 1046 | unsigned char *sdata = data; | 1063 | unsigned char *sdata = data; | 
| 1047 | int ecpointformatlist_length = *(sdata++); | 1064 | int ecpointformatlist_length = *(sdata++); | 
| 1048 | 1065 | ||
| @@ -1078,7 +1095,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1078 | ellipticcurvelist_length += (*(sdata++)); | 1095 | ellipticcurvelist_length += (*(sdata++)); | 
| 1079 | 1096 | ||
| 1080 | if (ellipticcurvelist_length != size - 2 || | 1097 | if (ellipticcurvelist_length != size - 2 || | 
| 1081 | ellipticcurvelist_length < 1) { | 1098 | ellipticcurvelist_length < 1) { | 
| 1082 | *al = TLS1_AD_DECODE_ERROR; | 1099 | *al = TLS1_AD_DECODE_ERROR; | 
| 1083 | return 0; | 1100 | return 0; | 
| 1084 | } | 1101 | } | 
| @@ -1107,7 +1124,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1107 | #endif /* OPENSSL_NO_EC */ | 1124 | #endif /* OPENSSL_NO_EC */ | 
| 1108 | #ifdef TLSEXT_TYPE_opaque_prf_input | 1125 | #ifdef TLSEXT_TYPE_opaque_prf_input | 
| 1109 | else if (type == TLSEXT_TYPE_opaque_prf_input && | 1126 | else if (type == TLSEXT_TYPE_opaque_prf_input && | 
| 1110 | s->version != DTLS1_VERSION) { | 1127 | s->version != DTLS1_VERSION) { | 
| 1111 | unsigned char *sdata = data; | 1128 | unsigned char *sdata = data; | 
| 1112 | 1129 | ||
| 1113 | if (size < 2) { | 1130 | if (size < 2) { | 
| @@ -1134,7 +1151,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1134 | #endif | 1151 | #endif | 
| 1135 | else if (type == TLSEXT_TYPE_session_ticket) { | 1152 | else if (type == TLSEXT_TYPE_session_ticket) { | 
| 1136 | if (s->tls_session_ticket_ext_cb && | 1153 | if (s->tls_session_ticket_ext_cb && | 
| 1137 | !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) { | 1154 | !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) { | 
| 1138 | *al = TLS1_AD_INTERNAL_ERROR; | 1155 | *al = TLS1_AD_INTERNAL_ERROR; | 
| 1139 | return 0; | 1156 | return 0; | 
| 1140 | } | 1157 | } | 
| @@ -1196,7 +1213,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1196 | sdata = data; | 1213 | sdata = data; | 
| 1197 | data += idsize; | 1214 | data += idsize; | 
| 1198 | id = d2i_OCSP_RESPID(NULL, | 1215 | id = d2i_OCSP_RESPID(NULL, | 
| 1199 | &sdata, idsize); | 1216 | &sdata, idsize); | 
| 1200 | if (!id) { | 1217 | if (!id) { | 
| 1201 | *al = SSL_AD_DECODE_ERROR; | 1218 | *al = SSL_AD_DECODE_ERROR; | 
| 1202 | return 0; | 1219 | return 0; | 
| @@ -1206,15 +1223,15 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1206 | *al = SSL_AD_DECODE_ERROR; | 1223 | *al = SSL_AD_DECODE_ERROR; | 
| 1207 | return 0; | 1224 | return 0; | 
| 1208 | } | 1225 | } | 
| 1209 | if (!s->tlsext_ocsp_ids | 1226 | if (!s->tlsext_ocsp_ids && | 
| 1210 | && !(s->tlsext_ocsp_ids = | 1227 | !(s->tlsext_ocsp_ids = | 
| 1211 | sk_OCSP_RESPID_new_null())) { | 1228 | sk_OCSP_RESPID_new_null())) { | 
| 1212 | OCSP_RESPID_free(id); | 1229 | OCSP_RESPID_free(id); | 
| 1213 | *al = SSL_AD_INTERNAL_ERROR; | 1230 | *al = SSL_AD_INTERNAL_ERROR; | 
| 1214 | return 0; | 1231 | return 0; | 
| 1215 | } | 1232 | } | 
| 1216 | if (!sk_OCSP_RESPID_push( | 1233 | if (!sk_OCSP_RESPID_push( | 
| 1217 | s->tlsext_ocsp_ids, id)) { | 1234 | s->tlsext_ocsp_ids, id)) { | 
| 1218 | OCSP_RESPID_free(id); | 1235 | OCSP_RESPID_free(id); | 
| 1219 | *al = SSL_AD_INTERNAL_ERROR; | 1236 | *al = SSL_AD_INTERNAL_ERROR; | 
| 1220 | return 0; | 1237 | return 0; | 
| @@ -1236,14 +1253,14 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1236 | if (dsize > 0) { | 1253 | if (dsize > 0) { | 
| 1237 | if (s->tlsext_ocsp_exts) { | 1254 | if (s->tlsext_ocsp_exts) { | 
| 1238 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | 1255 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | 
| 1239 | X509_EXTENSION_free); | 1256 | X509_EXTENSION_free); | 
| 1240 | } | 1257 | } | 
| 1241 | 1258 | ||
| 1242 | s->tlsext_ocsp_exts = | 1259 | s->tlsext_ocsp_exts = | 
| 1243 | d2i_X509_EXTENSIONS(NULL, | 1260 | d2i_X509_EXTENSIONS(NULL, | 
| 1244 | &sdata, dsize); | 1261 | &sdata, dsize); | 
| 1245 | if (!s->tlsext_ocsp_exts | 1262 | if (!s->tlsext_ocsp_exts || | 
| 1246 | || (data + dsize != sdata)) { | 1263 | (data + dsize != sdata)) { | 
| 1247 | *al = SSL_AD_DECODE_ERROR; | 1264 | *al = SSL_AD_DECODE_ERROR; | 
| 1248 | return 0; | 1265 | return 0; | 
| 1249 | } | 1266 | } | 
| @@ -1290,14 +1307,14 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1290 | 1307 | ||
| 1291 | *p = data; | 1308 | *p = data; | 
| 1292 | 1309 | ||
| 1293 | ri_check: | 1310 | ri_check: | 
| 1294 | 1311 | ||
| 1295 | /* Need RI if renegotiating */ | 1312 | /* Need RI if renegotiating */ | 
| 1296 | 1313 | ||
| 1297 | if (!renegotiate_seen && s->renegotiate) { | 1314 | if (!renegotiate_seen && s->renegotiate) { | 
| 1298 | *al = SSL_AD_HANDSHAKE_FAILURE; | 1315 | *al = SSL_AD_HANDSHAKE_FAILURE; | 
| 1299 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, | 1316 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, | 
| 1300 | SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | 1317 | SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | 
| 1301 | return 0; | 1318 | return 0; | 
| 1302 | } | 1319 | } | 
| 1303 | 1320 | ||
| @@ -1325,7 +1342,8 @@ ssl_next_proto_validate(unsigned char *d, unsigned len) | |||
| 1325 | #endif | 1342 | #endif | 
| 1326 | 1343 | ||
| 1327 | int | 1344 | int | 
| 1328 | ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) | 1345 | ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | 
| 1346 | int n, int *al) | ||
| 1329 | { | 1347 | { | 
| 1330 | unsigned short length; | 1348 | unsigned short length; | 
| 1331 | unsigned short type; | 1349 | unsigned short type; | 
| @@ -1356,7 +1374,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, | |||
| 1356 | 1374 | ||
| 1357 | if (s->tlsext_debug_cb) | 1375 | if (s->tlsext_debug_cb) | 
| 1358 | s->tlsext_debug_cb(s, 1, type, data, size, | 1376 | s->tlsext_debug_cb(s, 1, type, data, size, | 
| 1359 | s->tlsext_debug_arg); | 1377 | s->tlsext_debug_arg); | 
| 1360 | 1378 | ||
| 1361 | if (type == TLSEXT_TYPE_server_name) { | 1379 | if (type == TLSEXT_TYPE_server_name) { | 
| 1362 | if (s->tlsext_hostname == NULL || size > 0) { | 1380 | if (s->tlsext_hostname == NULL || size > 0) { | 
| @@ -1368,12 +1386,12 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, | |||
| 1368 | } | 1386 | } | 
| 1369 | #ifndef OPENSSL_NO_EC | 1387 | #ifndef OPENSSL_NO_EC | 
| 1370 | else if (type == TLSEXT_TYPE_ec_point_formats && | 1388 | else if (type == TLSEXT_TYPE_ec_point_formats && | 
| 1371 | s->version != DTLS1_VERSION) { | 1389 | s->version != DTLS1_VERSION) { | 
| 1372 | unsigned char *sdata = data; | 1390 | unsigned char *sdata = data; | 
| 1373 | int ecpointformatlist_length = *(sdata++); | 1391 | int ecpointformatlist_length = *(sdata++); | 
| 1374 | 1392 | ||
| 1375 | if (ecpointformatlist_length != size - 1 || | 1393 | if (ecpointformatlist_length != size - 1 || | 
| 1376 | ecpointformatlist_length < 1) { | 1394 | ecpointformatlist_length < 1) { | 
| 1377 | *al = TLS1_AD_DECODE_ERROR; | 1395 | *al = TLS1_AD_DECODE_ERROR; | 
| 1378 | return 0; | 1396 | return 0; | 
| 1379 | } | 1397 | } | 
| @@ -1440,7 +1458,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, | |||
| 1440 | s->version != DTLS1_VERSION) { | 1458 | s->version != DTLS1_VERSION) { | 
| 1441 | /* MUST be empty and only sent if we've requested | 1459 | /* MUST be empty and only sent if we've requested | 
| 1442 | * a status request message. | 1460 | * a status request message. | 
| 1443 | */ | 1461 | */ | 
| 1444 | if ((s->tlsext_status_type == -1) || (size > 0)) { | 1462 | if ((s->tlsext_status_type == -1) || (size > 0)) { | 
| 1445 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | 1463 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | 
| 1446 | return 0; | 1464 | return 0; | 
| @@ -1485,9 +1503,9 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, | |||
| 1485 | } | 1503 | } | 
| 1486 | #ifndef OPENSSL_NO_SRTP | 1504 | #ifndef OPENSSL_NO_SRTP | 
| 1487 | else if (type == TLSEXT_TYPE_use_srtp) { | 1505 | else if (type == TLSEXT_TYPE_use_srtp) { | 
| 1488 | if (ssl_parse_serverhello_use_srtp_ext(s, data, size, | 1506 | if (ssl_parse_serverhello_use_srtp_ext(s, data, | 
| 1489 | al)) | 1507 | size, al)) | 
| 1490 | return 0; | 1508 | return 0; | 
| 1491 | } | 1509 | } | 
| 1492 | #endif | 1510 | #endif | 
| 1493 | 1511 | ||
| @@ -1530,7 +1548,7 @@ ri_check: | |||
| 1530 | if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) { | 1548 | if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) { | 
| 1531 | *al = SSL_AD_HANDSHAKE_FAILURE; | 1549 | *al = SSL_AD_HANDSHAKE_FAILURE; | 
| 1532 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, | 1550 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, | 
| 1533 | SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | 1551 | SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | 
| 1534 | return 0; | 1552 | return 0; | 
| 1535 | } | 1553 | } | 
| 1536 | 1554 | ||
| @@ -1541,7 +1559,7 @@ int | |||
| 1541 | ssl_prepare_clienthello_tlsext(SSL *s) | 1559 | ssl_prepare_clienthello_tlsext(SSL *s) | 
| 1542 | { | 1560 | { | 
| 1543 | #ifndef OPENSSL_NO_EC | 1561 | #ifndef OPENSSL_NO_EC | 
| 1544 | /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats | 1562 | /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats | 
| 1545 | * and elliptic curves we support. | 1563 | * and elliptic curves we support. | 
| 1546 | */ | 1564 | */ | 
| 1547 | int using_ecc = 0; | 1565 | int using_ecc = 0; | 
| @@ -1566,7 +1584,8 @@ ssl_prepare_clienthello_tlsext(SSL *s) | |||
| 1566 | if (s->tlsext_ecpointformatlist != NULL) | 1584 | if (s->tlsext_ecpointformatlist != NULL) | 
| 1567 | free(s->tlsext_ecpointformatlist); | 1585 | free(s->tlsext_ecpointformatlist); | 
| 1568 | if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { | 1586 | if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { | 
| 1569 | SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE); | 1587 | SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, | 
| 1588 | ERR_R_MALLOC_FAILURE); | ||
| 1570 | return -1; | 1589 | return -1; | 
| 1571 | } | 1590 | } | 
| 1572 | s->tlsext_ecpointformatlist_length = 3; | 1591 | s->tlsext_ecpointformatlist_length = 3; | 
| @@ -1577,15 +1596,14 @@ ssl_prepare_clienthello_tlsext(SSL *s) | |||
| 1577 | /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ | 1596 | /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ | 
| 1578 | if (s->tlsext_ellipticcurvelist != NULL) | 1597 | if (s->tlsext_ellipticcurvelist != NULL) | 
| 1579 | free(s->tlsext_ellipticcurvelist); | 1598 | free(s->tlsext_ellipticcurvelist); | 
| 1580 | s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2; | 1599 | s->tlsext_ellipticcurvelist_length = sizeof(pref_list) / sizeof(pref_list[0]) * 2; | 
| 1581 | if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { | 1600 | if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { | 
| 1582 | s->tlsext_ellipticcurvelist_length = 0; | 1601 | s->tlsext_ellipticcurvelist_length = 0; | 
| 1583 | SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE); | 1602 | SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, | 
| 1603 | ERR_R_MALLOC_FAILURE); | ||
| 1584 | return -1; | 1604 | return -1; | 
| 1585 | } | 1605 | } | 
| 1586 | for (i = 0, j = s->tlsext_ellipticcurvelist; | 1606 | for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i < sizeof(pref_list) / sizeof(pref_list[0]); i++) { | 
| 1587 | (unsigned int)i < sizeof(pref_list)/sizeof(pref_list[0]); | ||
| 1588 | i++) { | ||
| 1589 | int id = tls1_ec_nid2curve_id(pref_list[i]); | 1607 | int id = tls1_ec_nid2curve_id(pref_list[i]); | 
| 1590 | s2n(id, j); | 1608 | s2n(id, j); | 
| 1591 | } | 1609 | } | 
| @@ -1620,7 +1638,7 @@ ssl_prepare_clienthello_tlsext(SSL *s) | |||
| 1620 | if (r == 2) { | 1638 | if (r == 2) { | 
| 1621 | /* at callback's request, insist on receiving an appropriate server opaque PRF input */ | 1639 | /* at callback's request, insist on receiving an appropriate server opaque PRF input */ | 
| 1622 | s->s3->server_opaque_prf_input_len = | 1640 | s->s3->server_opaque_prf_input_len = | 
| 1623 | s->tlsext_opaque_prf_input_len; | 1641 | s->tlsext_opaque_prf_input_len; | 
| 1624 | } | 1642 | } | 
| 1625 | } | 1643 | } | 
| 1626 | #endif | 1644 | #endif | 
| @@ -1632,7 +1650,7 @@ int | |||
| 1632 | ssl_prepare_serverhello_tlsext(SSL *s) | 1650 | ssl_prepare_serverhello_tlsext(SSL *s) | 
| 1633 | { | 1651 | { | 
| 1634 | #ifndef OPENSSL_NO_EC | 1652 | #ifndef OPENSSL_NO_EC | 
| 1635 | /* If we are server and using an ECC cipher suite, send the point formats we support | 1653 | /* If we are server and using an ECC cipher suite, send the point formats we support | 
| 1636 | * if the client sent us an ECPointsFormat extension. Note that the server is not | 1654 | * if the client sent us an ECPointsFormat extension. Note that the server is not | 
| 1637 | * supposed to send an EllipticCurves extension. | 1655 | * supposed to send an EllipticCurves extension. | 
| 1638 | */ | 1656 | */ | 
| @@ -1666,10 +1684,10 @@ ssl_check_clienthello_tlsext_early(SSL *s) | |||
| 1666 | int al = SSL_AD_UNRECOGNIZED_NAME; | 1684 | int al = SSL_AD_UNRECOGNIZED_NAME; | 
| 1667 | 1685 | ||
| 1668 | #ifndef OPENSSL_NO_EC | 1686 | #ifndef OPENSSL_NO_EC | 
| 1669 | /* The handling of the ECPointFormats extension is done elsewhere, namely in | 1687 | /* The handling of the ECPointFormats extension is done elsewhere, namely in | 
| 1670 | * ssl3_choose_cipher in s3_lib.c. | 1688 | * ssl3_choose_cipher in s3_lib.c. | 
| 1671 | */ | 1689 | */ | 
| 1672 | /* The handling of the EllipticCurves extension is done elsewhere, namely in | 1690 | /* The handling of the EllipticCurves extension is done elsewhere, namely in | 
| 1673 | * ssl3_choose_cipher in s3_lib.c. | 1691 | * ssl3_choose_cipher in s3_lib.c. | 
| 1674 | */ | 1692 | */ | 
| 1675 | #endif | 1693 | #endif | 
| @@ -1735,14 +1753,10 @@ err: | |||
| 1735 | switch (ret) { | 1753 | switch (ret) { | 
| 1736 | case SSL_TLSEXT_ERR_ALERT_FATAL: | 1754 | case SSL_TLSEXT_ERR_ALERT_FATAL: | 
| 1737 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1755 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 
| 1738 | |||
| 1739 | return -1; | 1756 | return -1; | 
| 1740 | |||
| 1741 | case SSL_TLSEXT_ERR_ALERT_WARNING: | 1757 | case SSL_TLSEXT_ERR_ALERT_WARNING: | 
| 1742 | ssl3_send_alert(s, SSL3_AL_WARNING, al); | 1758 | ssl3_send_alert(s, SSL3_AL_WARNING, al); | 
| 1743 | return 1; | 1759 | return 1; | 
| 1744 | |||
| 1745 | |||
| 1746 | case SSL_TLSEXT_ERR_NOACK: | 1760 | case SSL_TLSEXT_ERR_NOACK: | 
| 1747 | s->servername_done = 0; | 1761 | s->servername_done = 0; | 
| 1748 | default: | 1762 | default: | 
| @@ -1757,11 +1771,12 @@ ssl_check_clienthello_tlsext_late(SSL *s) | |||
| 1757 | int al = 0; /* XXX gcc3 */ | 1771 | int al = 0; /* XXX gcc3 */ | 
| 1758 | 1772 | ||
| 1759 | /* If status request then ask callback what to do. | 1773 | /* If status request then ask callback what to do. | 
| 1760 | * Note: this must be called after servername callbacks in case | 1774 | * Note: this must be called after servername callbacks in case | 
| 1761 | * the certificate has changed, and must be called after the cipher | 1775 | * the certificate has changed, and must be called after the cipher | 
| 1762 | * has been chosen because this may influence which certificate is sent | 1776 | * has been chosen because this may influence which certificate is sent | 
| 1763 | */ | 1777 | */ | 
| 1764 | if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) { | 1778 | if ((s->tlsext_status_type != -1) && | 
| 1779 | s->ctx && s->ctx->tlsext_status_cb) { | ||
| 1765 | int r; | 1780 | int r; | 
| 1766 | CERT_PKEY *certpkey; | 1781 | CERT_PKEY *certpkey; | 
| 1767 | certpkey = ssl_get_server_send_pkey(s); | 1782 | certpkey = ssl_get_server_send_pkey(s); | 
| @@ -1800,12 +1815,10 @@ err: | |||
| 1800 | switch (ret) { | 1815 | switch (ret) { | 
| 1801 | case SSL_TLSEXT_ERR_ALERT_FATAL: | 1816 | case SSL_TLSEXT_ERR_ALERT_FATAL: | 
| 1802 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1817 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 
| 1803 | |||
| 1804 | return -1; | 1818 | return -1; | 
| 1805 | case SSL_TLSEXT_ERR_ALERT_WARNING: | 1819 | case SSL_TLSEXT_ERR_ALERT_WARNING: | 
| 1806 | ssl3_send_alert(s, SSL3_AL_WARNING, al); | 1820 | ssl3_send_alert(s, SSL3_AL_WARNING, al); | 
| 1807 | return 1; | 1821 | return 1; | 
| 1808 | |||
| 1809 | default: | 1822 | default: | 
| 1810 | return 1; | 1823 | return 1; | 
| 1811 | } | 1824 | } | 
| @@ -1866,7 +1879,7 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 1866 | /* Anytime the server *has* sent an opaque PRF input, we need to check | 1879 | /* Anytime the server *has* sent an opaque PRF input, we need to check | 
| 1867 | * that we have a client opaque PRF input of the same size. */ | 1880 | * that we have a client opaque PRF input of the same size. */ | 
| 1868 | if (s->s3->client_opaque_prf_input == NULL || | 1881 | if (s->s3->client_opaque_prf_input == NULL || | 
| 1869 | s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len) { | 1882 | s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len) { | 
| 1870 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | 1883 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | 
| 1871 | al = SSL_AD_ILLEGAL_PARAMETER; | 1884 | al = SSL_AD_ILLEGAL_PARAMETER; | 
| 1872 | } | 1885 | } | 
| @@ -1876,8 +1889,8 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 1876 | /* If we've requested certificate status and we wont get one | 1889 | /* If we've requested certificate status and we wont get one | 
| 1877 | * tell the callback | 1890 | * tell the callback | 
| 1878 | */ | 1891 | */ | 
| 1879 | if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) | 1892 | if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) && | 
| 1880 | && s->ctx && s->ctx->tlsext_status_cb) { | 1893 | s->ctx && s->ctx->tlsext_status_cb) { | 
| 1881 | int r; | 1894 | int r; | 
| 1882 | /* Set resp to NULL, resplen to -1 so callback knows | 1895 | /* Set resp to NULL, resplen to -1 so callback knows | 
| 1883 | * there is no response. | 1896 | * there is no response. | 
| @@ -2077,9 +2090,9 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, | |||
| 2077 | if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) | 2090 | if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) | 
| 2078 | return 2; | 2091 | return 2; | 
| 2079 | HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, | 2092 | HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, | 
| 2080 | tlsext_tick_md(), NULL); | 2093 | tlsext_tick_md(), NULL); | 
| 2081 | EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, | 2094 | EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, | 
| 2082 | tctx->tlsext_tick_aes_key, etick + 16); | 2095 | tctx->tlsext_tick_aes_key, etick + 16); | 
| 2083 | } | 2096 | } | 
| 2084 | /* Attempt to process session ticket, first conduct sanity and | 2097 | /* Attempt to process session ticket, first conduct sanity and | 
| 2085 | * integrity checks on ticket. | 2098 | * integrity checks on ticket. | 
| @@ -2189,7 +2202,7 @@ tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md) | |||
| 2189 | if (!md) | 2202 | if (!md) | 
| 2190 | return 0; | 2203 | return 0; | 
| 2191 | md_id = tls12_find_id(EVP_MD_type(md), tls12_md, | 2204 | md_id = tls12_find_id(EVP_MD_type(md), tls12_md, | 
| 2192 | sizeof(tls12_md)/sizeof(tls12_lookup)); | 2205 | sizeof(tls12_md) / sizeof(tls12_lookup)); | 
| 2193 | if (md_id == -1) | 2206 | if (md_id == -1) | 
| 2194 | return 0; | 2207 | return 0; | 
| 2195 | sig_id = tls12_get_sigid(pk); | 2208 | sig_id = tls12_get_sigid(pk); | 
| @@ -2204,7 +2217,7 @@ int | |||
| 2204 | tls12_get_sigid(const EVP_PKEY *pk) | 2217 | tls12_get_sigid(const EVP_PKEY *pk) | 
| 2205 | { | 2218 | { | 
| 2206 | return tls12_find_id(pk->type, tls12_sig, | 2219 | return tls12_find_id(pk->type, tls12_sig, | 
| 2207 | sizeof(tls12_sig)/sizeof(tls12_lookup)); | 2220 | sizeof(tls12_sig) / sizeof(tls12_lookup)); | 
| 2208 | } | 2221 | } | 
| 2209 | 2222 | ||
| 2210 | const EVP_MD * | 2223 | const EVP_MD * | 
| @@ -2215,17 +2228,14 @@ tls12_get_hash(unsigned char hash_alg) | |||
| 2215 | return EVP_sha1(); | 2228 | return EVP_sha1(); | 
| 2216 | case TLSEXT_hash_sha224: | 2229 | case TLSEXT_hash_sha224: | 
| 2217 | return EVP_sha224(); | 2230 | return EVP_sha224(); | 
| 2218 | |||
| 2219 | case TLSEXT_hash_sha256: | 2231 | case TLSEXT_hash_sha256: | 
| 2220 | return EVP_sha256(); | 2232 | return EVP_sha256(); | 
| 2221 | case TLSEXT_hash_sha384: | 2233 | case TLSEXT_hash_sha384: | 
| 2222 | return EVP_sha384(); | 2234 | return EVP_sha384(); | 
| 2223 | |||
| 2224 | case TLSEXT_hash_sha512: | 2235 | case TLSEXT_hash_sha512: | 
| 2225 | return EVP_sha512(); | 2236 | return EVP_sha512(); | 
| 2226 | default: | 2237 | default: | 
| 2227 | return NULL; | 2238 | return NULL; | 
| 2228 | |||
| 2229 | } | 2239 | } | 
| 2230 | } | 2240 | } | 
| 2231 | 2241 | ||
| diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 54f536917e..6913d15663 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -5,21 +5,21 @@ | |||
| 5 | * This package is an SSL implementation written | 5 | * This package is an SSL implementation written | 
| 6 | * by Eric Young (eay@cryptsoft.com). | 6 | * by Eric Young (eay@cryptsoft.com). | 
| 7 | * The implementation was written so as to conform with Netscapes SSL. | 7 | * The implementation was written so as to conform with Netscapes SSL. | 
| 8 | * | 8 | * | 
| 9 | * This library is free for commercial and non-commercial use as long as | 9 | * This library is free for commercial and non-commercial use as long as | 
| 10 | * the following conditions are aheared to. The following conditions | 10 | * the following conditions are aheared to. The following conditions | 
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | 11 | * apply to all code found in this distribution, be it the RC4, RSA, | 
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 
| 13 | * included with this distribution is covered by the same copyright terms | 13 | * included with this distribution is covered by the same copyright terms | 
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 
| 15 | * | 15 | * | 
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | 
| 17 | * the code are not to be removed. | 17 | * the code are not to be removed. | 
| 18 | * If this package is used in a product, Eric Young should be given attribution | 18 | * If this package is used in a product, Eric Young should be given attribution | 
| 19 | * as the author of the parts of the library used. | 19 | * as the author of the parts of the library used. | 
| 20 | * This can be in the form of a textual message at program startup or | 20 | * This can be in the form of a textual message at program startup or | 
| 21 | * in documentation (online or textual) provided with the package. | 21 | * in documentation (online or textual) provided with the package. | 
| 22 | * | 22 | * | 
| 23 | * Redistribution and use in source and binary forms, with or without | 23 | * Redistribution and use in source and binary forms, with or without | 
| 24 | * modification, are permitted provided that the following conditions | 24 | * modification, are permitted provided that the following conditions | 
| 25 | * are met: | 25 | * are met: | 
| @@ -34,10 +34,10 @@ | |||
| 34 | * Eric Young (eay@cryptsoft.com)" | 34 | * Eric Young (eay@cryptsoft.com)" | 
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 35 | * The word 'cryptographic' can be left out if the rouines from the library | 
| 36 | * being used are not cryptographic related :-). | 36 | * being used are not cryptographic related :-). | 
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 
| 38 | * the apps directory (application code) you must include an acknowledgement: | 38 | * the apps directory (application code) you must include an acknowledgement: | 
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 
| 40 | * | 40 | * | 
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 
| @@ -49,7 +49,7 @@ | |||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 
| 51 | * SUCH DAMAGE. | 51 | * SUCH DAMAGE. | 
| 52 | * | 52 | * | 
| 53 | * The licence and distribution terms for any publically available version or | 53 | * The licence and distribution terms for any publically available version or | 
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence | 
| @@ -63,7 +63,7 @@ | |||
| 63 | * are met: | 63 | * are met: | 
| 64 | * | 64 | * | 
| 65 | * 1. Redistributions of source code must retain the above copyright | 65 | * 1. Redistributions of source code must retain the above copyright | 
| 66 | * notice, this list of conditions and the following disclaimer. | 66 | * notice, this list of conditions and the following disclaimer. | 
| 67 | * | 67 | * | 
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | 68 | * 2. Redistributions in binary form must reproduce the above copyright | 
| 69 | * notice, this list of conditions and the following disclaimer in | 69 | * notice, this list of conditions and the following disclaimer in | 
| @@ -117,11 +117,10 @@ | |||
| 117 | #include <openssl/rand.h> | 117 | #include <openssl/rand.h> | 
| 118 | #include "ssl_locl.h" | 118 | #include "ssl_locl.h" | 
| 119 | 119 | ||
| 120 | const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT; | 120 | const char tls1_version_str[] = "TLSv1" OPENSSL_VERSION_PTEXT; | 
| 121 | 121 | ||
| 122 | #ifndef OPENSSL_NO_TLSEXT | 122 | #ifndef OPENSSL_NO_TLSEXT | 
| 123 | static int | 123 | static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, | 
| 124 | tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, | ||
| 125 | const unsigned char *sess_id, int sesslen, | 124 | const unsigned char *sess_id, int sesslen, | 
| 126 | SSL_SESSION **psess); | 125 | SSL_SESSION **psess); | 
| 127 | #endif | 126 | #endif | 
| @@ -146,7 +145,7 @@ tls1_default_timeout(void) | |||
| 146 | { | 145 | { | 
| 147 | /* 2 hours, the 24 hours mentioned in the TLSv1 spec | 146 | /* 2 hours, the 24 hours mentioned in the TLSv1 spec | 
| 148 | * is way too long for http, the cache would over fill */ | 147 | * is way too long for http, the cache would over fill */ | 
| 149 | return (60*60*2); | 148 | return (60 * 60 * 2); | 
| 150 | } | 149 | } | 
| 151 | 150 | ||
| 152 | int | 151 | int | 
| @@ -179,67 +178,67 @@ tls1_clear(SSL *s) | |||
| 179 | #ifndef OPENSSL_NO_EC | 178 | #ifndef OPENSSL_NO_EC | 
| 180 | 179 | ||
| 181 | static int nid_list[] = { | 180 | static int nid_list[] = { | 
| 182 | NID_sect163k1, /* sect163k1 (1) */ | 181 | NID_sect163k1, /* sect163k1 (1) */ | 
| 183 | NID_sect163r1, /* sect163r1 (2) */ | 182 | NID_sect163r1, /* sect163r1 (2) */ | 
| 184 | NID_sect163r2, /* sect163r2 (3) */ | 183 | NID_sect163r2, /* sect163r2 (3) */ | 
| 185 | NID_sect193r1, /* sect193r1 (4) */ | 184 | NID_sect193r1, /* sect193r1 (4) */ | 
| 186 | NID_sect193r2, /* sect193r2 (5) */ | 185 | NID_sect193r2, /* sect193r2 (5) */ | 
| 187 | NID_sect233k1, /* sect233k1 (6) */ | 186 | NID_sect233k1, /* sect233k1 (6) */ | 
| 188 | NID_sect233r1, /* sect233r1 (7) */ | 187 | NID_sect233r1, /* sect233r1 (7) */ | 
| 189 | NID_sect239k1, /* sect239k1 (8) */ | 188 | NID_sect239k1, /* sect239k1 (8) */ | 
| 190 | NID_sect283k1, /* sect283k1 (9) */ | 189 | NID_sect283k1, /* sect283k1 (9) */ | 
| 191 | NID_sect283r1, /* sect283r1 (10) */ | 190 | NID_sect283r1, /* sect283r1 (10) */ | 
| 192 | NID_sect409k1, /* sect409k1 (11) */ | 191 | NID_sect409k1, /* sect409k1 (11) */ | 
| 193 | NID_sect409r1, /* sect409r1 (12) */ | 192 | NID_sect409r1, /* sect409r1 (12) */ | 
| 194 | NID_sect571k1, /* sect571k1 (13) */ | 193 | NID_sect571k1, /* sect571k1 (13) */ | 
| 195 | NID_sect571r1, /* sect571r1 (14) */ | 194 | NID_sect571r1, /* sect571r1 (14) */ | 
| 196 | NID_secp160k1, /* secp160k1 (15) */ | 195 | NID_secp160k1, /* secp160k1 (15) */ | 
| 197 | NID_secp160r1, /* secp160r1 (16) */ | 196 | NID_secp160r1, /* secp160r1 (16) */ | 
| 198 | NID_secp160r2, /* secp160r2 (17) */ | 197 | NID_secp160r2, /* secp160r2 (17) */ | 
| 199 | NID_secp192k1, /* secp192k1 (18) */ | 198 | NID_secp192k1, /* secp192k1 (18) */ | 
| 200 | NID_X9_62_prime192v1, /* secp192r1 (19) */ | 199 | NID_X9_62_prime192v1, /* secp192r1 (19) */ | 
| 201 | NID_secp224k1, /* secp224k1 (20) */ | 200 | NID_secp224k1, /* secp224k1 (20) */ | 
| 202 | NID_secp224r1, /* secp224r1 (21) */ | 201 | NID_secp224r1, /* secp224r1 (21) */ | 
| 203 | NID_secp256k1, /* secp256k1 (22) */ | 202 | NID_secp256k1, /* secp256k1 (22) */ | 
| 204 | NID_X9_62_prime256v1, /* secp256r1 (23) */ | 203 | NID_X9_62_prime256v1, /* secp256r1 (23) */ | 
| 205 | NID_secp384r1, /* secp384r1 (24) */ | 204 | NID_secp384r1, /* secp384r1 (24) */ | 
| 206 | NID_secp521r1 /* secp521r1 (25) */ | 205 | NID_secp521r1 /* secp521r1 (25) */ | 
| 207 | }; | 206 | }; | 
| 208 | 207 | ||
| 209 | static int pref_list[] = { | 208 | static int pref_list[] = { | 
| 210 | NID_sect571r1, /* sect571r1 (14) */ | 209 | NID_sect571r1, /* sect571r1 (14) */ | 
| 211 | NID_sect571k1, /* sect571k1 (13) */ | 210 | NID_sect571k1, /* sect571k1 (13) */ | 
| 212 | NID_secp521r1, /* secp521r1 (25) */ | 211 | NID_secp521r1, /* secp521r1 (25) */ | 
| 213 | NID_sect409k1, /* sect409k1 (11) */ | 212 | NID_sect409k1, /* sect409k1 (11) */ | 
| 214 | NID_sect409r1, /* sect409r1 (12) */ | 213 | NID_sect409r1, /* sect409r1 (12) */ | 
| 215 | NID_secp384r1, /* secp384r1 (24) */ | 214 | NID_secp384r1, /* secp384r1 (24) */ | 
| 216 | NID_sect283k1, /* sect283k1 (9) */ | 215 | NID_sect283k1, /* sect283k1 (9) */ | 
| 217 | NID_sect283r1, /* sect283r1 (10) */ | 216 | NID_sect283r1, /* sect283r1 (10) */ | 
| 218 | NID_secp256k1, /* secp256k1 (22) */ | 217 | NID_secp256k1, /* secp256k1 (22) */ | 
| 219 | NID_X9_62_prime256v1, /* secp256r1 (23) */ | 218 | NID_X9_62_prime256v1, /* secp256r1 (23) */ | 
| 220 | NID_sect239k1, /* sect239k1 (8) */ | 219 | NID_sect239k1, /* sect239k1 (8) */ | 
| 221 | NID_sect233k1, /* sect233k1 (6) */ | 220 | NID_sect233k1, /* sect233k1 (6) */ | 
| 222 | NID_sect233r1, /* sect233r1 (7) */ | 221 | NID_sect233r1, /* sect233r1 (7) */ | 
| 223 | NID_secp224k1, /* secp224k1 (20) */ | 222 | NID_secp224k1, /* secp224k1 (20) */ | 
| 224 | NID_secp224r1, /* secp224r1 (21) */ | 223 | NID_secp224r1, /* secp224r1 (21) */ | 
| 225 | NID_sect193r1, /* sect193r1 (4) */ | 224 | NID_sect193r1, /* sect193r1 (4) */ | 
| 226 | NID_sect193r2, /* sect193r2 (5) */ | 225 | NID_sect193r2, /* sect193r2 (5) */ | 
| 227 | NID_secp192k1, /* secp192k1 (18) */ | 226 | NID_secp192k1, /* secp192k1 (18) */ | 
| 228 | NID_X9_62_prime192v1, /* secp192r1 (19) */ | 227 | NID_X9_62_prime192v1, /* secp192r1 (19) */ | 
| 229 | NID_sect163k1, /* sect163k1 (1) */ | 228 | NID_sect163k1, /* sect163k1 (1) */ | 
| 230 | NID_sect163r1, /* sect163r1 (2) */ | 229 | NID_sect163r1, /* sect163r1 (2) */ | 
| 231 | NID_sect163r2, /* sect163r2 (3) */ | 230 | NID_sect163r2, /* sect163r2 (3) */ | 
| 232 | NID_secp160k1, /* secp160k1 (15) */ | 231 | NID_secp160k1, /* secp160k1 (15) */ | 
| 233 | NID_secp160r1, /* secp160r1 (16) */ | 232 | NID_secp160r1, /* secp160r1 (16) */ | 
| 234 | NID_secp160r2, /* secp160r2 (17) */ | 233 | NID_secp160r2, /* secp160r2 (17) */ | 
| 235 | }; | 234 | }; | 
| 236 | 235 | ||
| 237 | int | 236 | int | 
| 238 | tls1_ec_curve_id2nid(int curve_id) | 237 | tls1_ec_curve_id2nid(int curve_id) | 
| 239 | { | 238 | { | 
| 240 | /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ | 239 | /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ | 
| 241 | if ((curve_id < 1) || ((unsigned int)curve_id > | 240 | if ((curve_id < 1) || | 
| 242 | sizeof(nid_list)/sizeof(nid_list[0]))) | 241 | ((unsigned int)curve_id > sizeof(nid_list) / sizeof(nid_list[0]))) | 
| 243 | return 0; | 242 | return 0; | 
| 244 | return nid_list[curve_id - 1]; | 243 | return nid_list[curve_id - 1]; | 
| 245 | } | 244 | } | 
| @@ -297,7 +296,7 @@ tls1_ec_nid2curve_id(int nid) | |||
| 297 | return 23; | 296 | return 23; | 
| 298 | case NID_secp384r1: /* secp384r1 (24) */ | 297 | case NID_secp384r1: /* secp384r1 (24) */ | 
| 299 | return 24; | 298 | return 24; | 
| 300 | case NID_secp521r1: /* secp521r1 (25) */ | 299 | case NID_secp521r1: /* secp521r1 (25) */ | 
| 301 | return 25; | 300 | return 25; | 
| 302 | default: | 301 | default: | 
| 303 | return 0; | 302 | return 0; | 
| @@ -322,9 +321,9 @@ tls1_ec_nid2curve_id(int nid) | |||
| 322 | #endif | 321 | #endif | 
| 323 | 322 | ||
| 324 | #define tlsext_sigalg(md) \ | 323 | #define tlsext_sigalg(md) \ | 
| 325 | tlsext_sigalg_rsa(md) \ | 324 | tlsext_sigalg_rsa(md) \ | 
| 326 | tlsext_sigalg_dsa(md) \ | 325 | tlsext_sigalg_dsa(md) \ | 
| 327 | tlsext_sigalg_ecdsa(md) | 326 | tlsext_sigalg_ecdsa(md) | 
| 328 | 327 | ||
| 329 | static unsigned char tls12_sigalgs[] = { | 328 | static unsigned char tls12_sigalgs[] = { | 
| 330 | tlsext_sigalg(TLSEXT_hash_sha512) | 329 | tlsext_sigalg(TLSEXT_hash_sha512) | 
| @@ -338,6 +337,7 @@ int | |||
| 338 | tls12_get_req_sig_algs(SSL *s, unsigned char *p) | 337 | tls12_get_req_sig_algs(SSL *s, unsigned char *p) | 
| 339 | { | 338 | { | 
| 340 | size_t slen = sizeof(tls12_sigalgs); | 339 | size_t slen = sizeof(tls12_sigalgs); | 
| 340 | |||
| 341 | if (p) | 341 | if (p) | 
| 342 | memcpy(p, tls12_sigalgs, slen); | 342 | memcpy(p, tls12_sigalgs, slen); | 
| 343 | return (int)slen; | 343 | return (int)slen; | 
| @@ -356,20 +356,19 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 356 | 356 | ||
| 357 | ret += 2; | 357 | ret += 2; | 
| 358 | 358 | ||
| 359 | if (ret>=limit) | 359 | if (ret >= limit) | 
| 360 | return NULL; /* this really never occurs, but ... */ | 360 | return NULL; /* this really never occurs, but ... */ | 
| 361 | 361 | ||
| 362 | if (s->tlsext_hostname != NULL) { | 362 | if (s->tlsext_hostname != NULL) { | 
| 363 | /* Add TLS extension servername to the Client Hello message */ | 363 | /* Add TLS extension servername to the Client Hello message */ | 
| 364 | size_t size_str, lenmax; | 364 | size_t size_str, lenmax; | 
| 365 | 365 | ||
| 366 | |||
| 367 | /* check for enough space. | 366 | /* check for enough space. | 
| 368 | 4 for the servername type and extension length | 367 | 4 for the servername type and extension length | 
| 369 | 2 for servernamelist length | 368 | 2 for servernamelist length | 
| 370 | 1 for the hostname type | 369 | 1 for the hostname type | 
| 371 | 2 for hostname length | 370 | 2 for hostname length | 
| 372 | + hostname length | 371 | + hostname length | 
| 373 | */ | 372 | */ | 
| 374 | 373 | ||
| 375 | if ((size_t)(limit - ret) < 9) | 374 | if ((size_t)(limit - ret) < 9) | 
| @@ -399,7 +398,8 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 399 | int el; | 398 | int el; | 
| 400 | 399 | ||
| 401 | if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { | 400 | if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { | 
| 402 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 401 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, | 
| 402 | ERR_R_INTERNAL_ERROR); | ||
| 403 | return NULL; | 403 | return NULL; | 
| 404 | } | 404 | } | 
| 405 | 405 | ||
| @@ -410,7 +410,8 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 410 | s2n(el, ret); | 410 | s2n(el, ret); | 
| 411 | 411 | ||
| 412 | if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { | 412 | if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { | 
| 413 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 413 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, | 
| 414 | ERR_R_INTERNAL_ERROR); | ||
| 414 | return NULL; | 415 | return NULL; | 
| 415 | } | 416 | } | 
| 416 | 417 | ||
| @@ -431,14 +432,16 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 431 | if (s->tlsext_ecpointformatlist_length > lenmax) | 432 | if (s->tlsext_ecpointformatlist_length > lenmax) | 
| 432 | return NULL; | 433 | return NULL; | 
| 433 | if (s->tlsext_ecpointformatlist_length > 255) { | 434 | if (s->tlsext_ecpointformatlist_length > 255) { | 
| 434 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 435 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, | 
| 436 | ERR_R_INTERNAL_ERROR); | ||
| 435 | return NULL; | 437 | return NULL; | 
| 436 | } | 438 | } | 
| 437 | 439 | ||
| 438 | s2n(TLSEXT_TYPE_ec_point_formats, ret); | 440 | s2n(TLSEXT_TYPE_ec_point_formats, ret); | 
| 439 | s2n(s->tlsext_ecpointformatlist_length + 1, ret); | 441 | s2n(s->tlsext_ecpointformatlist_length + 1, ret); | 
| 440 | *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; | 442 | *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; | 
| 441 | memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); | 443 | memcpy(ret, s->tlsext_ecpointformatlist, | 
| 444 | s->tlsext_ecpointformatlist_length); | ||
| 442 | ret += s->tlsext_ecpointformatlist_length; | 445 | ret += s->tlsext_ecpointformatlist_length; | 
| 443 | } | 446 | } | 
| 444 | if (s->tlsext_ellipticcurvelist != NULL && | 447 | if (s->tlsext_ellipticcurvelist != NULL && | 
| @@ -453,7 +456,8 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 453 | if (s->tlsext_ellipticcurvelist_length > lenmax) | 456 | if (s->tlsext_ellipticcurvelist_length > lenmax) | 
| 454 | return NULL; | 457 | return NULL; | 
| 455 | if (s->tlsext_ellipticcurvelist_length > 65532) { | 458 | if (s->tlsext_ellipticcurvelist_length > 65532) { | 
| 456 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 459 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, | 
| 460 | ERR_R_INTERNAL_ERROR); | ||
| 457 | return NULL; | 461 | return NULL; | 
| 458 | } | 462 | } | 
| 459 | 463 | ||
| @@ -466,7 +470,8 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 466 | * resolves this to two bytes. | 470 | * resolves this to two bytes. | 
| 467 | */ | 471 | */ | 
| 468 | s2n(s->tlsext_ellipticcurvelist_length, ret); | 472 | s2n(s->tlsext_ellipticcurvelist_length, ret); | 
| 469 | memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); | 473 | memcpy(ret, s->tlsext_ellipticcurvelist, | 
| 474 | s->tlsext_ellipticcurvelist_length); | ||
| 470 | ret += s->tlsext_ellipticcurvelist_length; | 475 | ret += s->tlsext_ellipticcurvelist_length; | 
| 471 | } | 476 | } | 
| 472 | #endif /* OPENSSL_NO_EC */ | 477 | #endif /* OPENSSL_NO_EC */ | 
| @@ -603,7 +608,8 @@ skip_ext: | |||
| 603 | s2n(el, ret); | 608 | s2n(el, ret); | 
| 604 | 609 | ||
| 605 | if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) { | 610 | if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) { | 
| 606 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 611 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, | 
| 612 | ERR_R_INTERNAL_ERROR); | ||
| 607 | return NULL; | 613 | return NULL; | 
| 608 | } | 614 | } | 
| 609 | ret += el; | 615 | ret += el; | 
| @@ -660,10 +666,11 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 660 | return p; | 666 | return p; | 
| 661 | 667 | ||
| 662 | ret += 2; | 668 | ret += 2; | 
| 663 | if (ret>=limit) | 669 | if (ret >= limit) | 
| 664 | return NULL; /* this really never occurs, but ... */ | 670 | return NULL; /* this really never occurs, but ... */ | 
| 665 | 671 | ||
| 666 | if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL) { | 672 | if (!s->hit && s->servername_done == 1 && | 
| 673 | s->session->tlsext_hostname != NULL) { | ||
| 667 | if ((size_t)(limit - ret) < 4) | 674 | if ((size_t)(limit - ret) < 4) | 
| 668 | return NULL; | 675 | return NULL; | 
| 669 | 676 | ||
| @@ -675,7 +682,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 675 | int el; | 682 | int el; | 
| 676 | 683 | ||
| 677 | if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { | 684 | if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { | 
| 678 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 685 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, | 
| 686 | ERR_R_INTERNAL_ERROR); | ||
| 679 | return NULL; | 687 | return NULL; | 
| 680 | } | 688 | } | 
| 681 | 689 | ||
| @@ -686,7 +694,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 686 | s2n(el, ret); | 694 | s2n(el, ret); | 
| 687 | 695 | ||
| 688 | if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) { | 696 | if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) { | 
| 689 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 697 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, | 
| 698 | ERR_R_INTERNAL_ERROR); | ||
| 690 | return NULL; | 699 | return NULL; | 
| 691 | } | 700 | } | 
| 692 | 701 | ||
| @@ -695,7 +704,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 695 | 704 | ||
| 696 | #ifndef OPENSSL_NO_EC | 705 | #ifndef OPENSSL_NO_EC | 
| 697 | if (s->tlsext_ecpointformatlist != NULL && | 706 | if (s->tlsext_ecpointformatlist != NULL && | 
| 698 | s->version != DTLS1_VERSION) { | 707 | s->version != DTLS1_VERSION) { | 
| 699 | /* Add TLS extension ECPointFormats to the ServerHello message */ | 708 | /* Add TLS extension ECPointFormats to the ServerHello message */ | 
| 700 | size_t lenmax; | 709 | size_t lenmax; | 
| 701 | 710 | ||
| @@ -706,21 +715,24 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 706 | if (s->tlsext_ecpointformatlist_length > lenmax) | 715 | if (s->tlsext_ecpointformatlist_length > lenmax) | 
| 707 | return NULL; | 716 | return NULL; | 
| 708 | if (s->tlsext_ecpointformatlist_length > 255) { | 717 | if (s->tlsext_ecpointformatlist_length > 255) { | 
| 709 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 718 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, | 
| 719 | ERR_R_INTERNAL_ERROR); | ||
| 710 | return NULL; | 720 | return NULL; | 
| 711 | } | 721 | } | 
| 712 | 722 | ||
| 713 | s2n(TLSEXT_TYPE_ec_point_formats, ret); | 723 | s2n(TLSEXT_TYPE_ec_point_formats, ret); | 
| 714 | s2n(s->tlsext_ecpointformatlist_length + 1, ret); | 724 | s2n(s->tlsext_ecpointformatlist_length + 1, ret); | 
| 715 | *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; | 725 | *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; | 
| 716 | memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); | 726 | memcpy(ret, s->tlsext_ecpointformatlist, | 
| 727 | s->tlsext_ecpointformatlist_length); | ||
| 717 | ret += s->tlsext_ecpointformatlist_length; | 728 | ret += s->tlsext_ecpointformatlist_length; | 
| 718 | 729 | ||
| 719 | } | 730 | } | 
| 720 | /* Currently the server should not respond with a SupportedCurves extension */ | 731 | /* Currently the server should not respond with a SupportedCurves extension */ | 
| 721 | #endif /* OPENSSL_NO_EC */ | 732 | #endif /* OPENSSL_NO_EC */ | 
| 722 | 733 | ||
| 723 | if (s->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { | 734 | if (s->tlsext_ticket_expected && | 
| 735 | !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { | ||
| 724 | if ((size_t)(limit - ret) < 4) | 736 | if ((size_t)(limit - ret) < 4) | 
| 725 | return NULL; | 737 | return NULL; | 
| 726 | 738 | ||
| @@ -737,7 +749,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 737 | } | 749 | } | 
| 738 | 750 | ||
| 739 | #ifdef TLSEXT_TYPE_opaque_prf_input | 751 | #ifdef TLSEXT_TYPE_opaque_prf_input | 
| 740 | if (s->s3->server_opaque_prf_input != NULL && s->version != DTLS1_VERSION) { | 752 | if (s->s3->server_opaque_prf_input != NULL && | 
| 753 | s->version != DTLS1_VERSION) { | ||
| 741 | size_t sol = s->s3->server_opaque_prf_input_len; | 754 | size_t sol = s->s3->server_opaque_prf_input_len; | 
| 742 | 755 | ||
| 743 | if ((size_t)(limit - ret) < 6 + sol) | 756 | if ((size_t)(limit - ret) < 6 + sol) | 
| @@ -767,7 +780,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 767 | s2n(el, ret); | 780 | s2n(el, ret); | 
| 768 | 781 | ||
| 769 | if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) { | 782 | if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) { | 
| 770 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 783 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, | 
| 784 | ERR_R_INTERNAL_ERROR); | ||
| 771 | return NULL; | 785 | return NULL; | 
| 772 | } | 786 | } | 
| 773 | ret += el; | 787 | ret += el; | 
| @@ -781,7 +795,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 781 | 0xfd, 0xe8, /*65000*/ | 795 | 0xfd, 0xe8, /*65000*/ | 
| 782 | 0x00, 0x20, /*32 bytes length*/ | 796 | 0x00, 0x20, /*32 bytes length*/ | 
| 783 | 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, | 797 | 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, | 
| 784 | 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, | 798 | 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, | 
| 785 | 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, | 799 | 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, | 
| 786 | 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17 | 800 | 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17 | 
| 787 | }; | 801 | }; | 
| @@ -799,7 +813,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 799 | unsigned int npalen; | 813 | unsigned int npalen; | 
| 800 | int r; | 814 | int r; | 
| 801 | 815 | ||
| 802 | r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx->next_protos_advertised_cb_arg); | 816 | r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, | 
| 817 | s->ctx->next_protos_advertised_cb_arg); | ||
| 803 | if (r == SSL_TLSEXT_ERR_OK) { | 818 | if (r == SSL_TLSEXT_ERR_OK) { | 
| 804 | if ((size_t)(limit - ret) < 4 + npalen) | 819 | if ((size_t)(limit - ret) < 4 + npalen) | 
| 805 | return NULL; | 820 | return NULL; | 
| @@ -833,7 +848,9 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 833 | * 10.8..10.8.3 (which don't work). | 848 | * 10.8..10.8.3 (which don't work). | 
| 834 | */ | 849 | */ | 
| 835 | static void | 850 | static void | 
| 836 | ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, int n) { | 851 | ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, | 
| 852 | int n) | ||
| 853 | { | ||
| 837 | unsigned short type, size; | 854 | unsigned short type, size; | 
| 838 | static const unsigned char kSafariExtensionsBlock[] = { | 855 | static const unsigned char kSafariExtensionsBlock[] = { | 
| 839 | 0x00, 0x0a, /* elliptic_curves extension */ | 856 | 0x00, 0x0a, /* elliptic_curves extension */ | 
| @@ -940,7 +957,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 940 | #endif | 957 | #endif | 
| 941 | if (s->tlsext_debug_cb) | 958 | if (s->tlsext_debug_cb) | 
| 942 | s->tlsext_debug_cb(s, 0, type, data, size, | 959 | s->tlsext_debug_cb(s, 0, type, data, size, | 
| 943 | s->tlsext_debug_arg); | 960 | s->tlsext_debug_arg); | 
| 944 | /* The servername extension is treated as follows: | 961 | /* The servername extension is treated as follows: | 
| 945 | 962 | ||
| 946 | - Only the hostname type is supported with a maximum length of 255. | 963 | - Only the hostname type is supported with a maximum length of 255. | 
| @@ -948,21 +965,21 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 948 | in which case an fatal alert is generated. | 965 | in which case an fatal alert is generated. | 
| 949 | - The servername field is maintained together with the session cache. | 966 | - The servername field is maintained together with the session cache. | 
| 950 | - When a session is resumed, the servername call back invoked in order | 967 | - When a session is resumed, the servername call back invoked in order | 
| 951 | to allow the application to position itself to the right context. | 968 | to allow the application to position itself to the right context. | 
| 952 | - The servername is acknowledged if it is new for a session or when | 969 | - The servername is acknowledged if it is new for a session or when | 
| 953 | it is identical to a previously used for the same session. | 970 | it is identical to a previously used for the same session. | 
| 954 | Applications can control the behaviour. They can at any time | 971 | Applications can control the behaviour. They can at any time | 
| 955 | set a 'desirable' servername for a new SSL object. This can be the | 972 | set a 'desirable' servername for a new SSL object. This can be the | 
| 956 | case for example with HTTPS when a Host: header field is received and | 973 | case for example with HTTPS when a Host: header field is received and | 
| 957 | a renegotiation is requested. In this case, a possible servername | 974 | a renegotiation is requested. In this case, a possible servername | 
| 958 | presented in the new client hello is only acknowledged if it matches | 975 | presented in the new client hello is only acknowledged if it matches | 
| 959 | the value of the Host: field. | 976 | the value of the Host: field. | 
| 960 | - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | 977 | - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | 
| 961 | if they provide for changing an explicit servername context for the session, | 978 | if they provide for changing an explicit servername context for the session, | 
| 962 | i.e. when the session has been established with a servername extension. | 979 | i.e. when the session has been established with a servername extension. | 
| 963 | - On session reconnect, the servername extension may be absent. | 980 | - On session reconnect, the servername extension may be absent. | 
| 964 | 981 | ||
| 965 | */ | 982 | */ | 
| 966 | 983 | ||
| 967 | if (type == TLSEXT_TYPE_server_name) { | 984 | if (type == TLSEXT_TYPE_server_name) { | 
| 968 | unsigned char *sdata; | 985 | unsigned char *sdata; | 
| @@ -995,41 +1012,41 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 995 | if (s->servername_done == 0) | 1012 | if (s->servername_done == 0) | 
| 996 | switch (servname_type) { | 1013 | switch (servname_type) { | 
| 997 | case TLSEXT_NAMETYPE_host_name: | 1014 | case TLSEXT_NAMETYPE_host_name: | 
| 998 | if (!s->hit) { | 1015 | if (!s->hit) { | 
| 999 | if (s->session->tlsext_hostname) { | 1016 | if (s->session->tlsext_hostname) { | 
| 1000 | *al = SSL_AD_DECODE_ERROR; | 1017 | *al = SSL_AD_DECODE_ERROR; | 
| 1001 | return 0; | 1018 | return 0; | 
| 1002 | } | 1019 | } | 
| 1003 | if (len > TLSEXT_MAXLEN_host_name) { | 1020 | if (len > TLSEXT_MAXLEN_host_name) { | 
| 1004 | *al = TLS1_AD_UNRECOGNIZED_NAME; | 1021 | *al = TLS1_AD_UNRECOGNIZED_NAME; | 
| 1005 | return 0; | 1022 | return 0; | 
| 1006 | } | 1023 | } | 
| 1007 | if ((s->session->tlsext_hostname = | 1024 | if ((s->session->tlsext_hostname = | 
| 1008 | malloc(len + 1)) == NULL) { | 1025 | malloc(len + 1)) == NULL) { | 
| 1009 | *al = TLS1_AD_INTERNAL_ERROR; | 1026 | *al = TLS1_AD_INTERNAL_ERROR; | 
| 1010 | return 0; | 1027 | return 0; | 
| 1011 | } | 1028 | } | 
| 1012 | memcpy(s->session->tlsext_hostname, sdata, len); | 1029 | memcpy(s->session->tlsext_hostname, sdata, len); | 
| 1013 | s->session->tlsext_hostname[len] = '\0'; | 1030 | s->session->tlsext_hostname[len] = '\0'; | 
| 1014 | if (strlen(s->session->tlsext_hostname) != len) { | 1031 | if (strlen(s->session->tlsext_hostname) != len) { | 
| 1015 | free(s->session->tlsext_hostname); | 1032 | free(s->session->tlsext_hostname); | 
| 1016 | s->session->tlsext_hostname = NULL; | 1033 | s->session->tlsext_hostname = NULL; | 
| 1017 | *al = TLS1_AD_UNRECOGNIZED_NAME; | 1034 | *al = TLS1_AD_UNRECOGNIZED_NAME; | 
| 1018 | return 0; | 1035 | return 0; | 
| 1036 | } | ||
| 1037 | s->servername_done = 1; | ||
| 1038 | |||
| 1039 | |||
| 1040 | } else { | ||
| 1041 | s->servername_done = s->session->tlsext_hostname && | ||
| 1042 | strlen(s->session->tlsext_hostname) == len && | ||
| 1043 | strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; | ||
| 1019 | } | 1044 | } | 
| 1020 | s->servername_done = 1; | 1045 | break; | 
| 1021 | |||
| 1022 | |||
| 1023 | } else { | ||
| 1024 | s->servername_done = s->session->tlsext_hostname && | ||
| 1025 | strlen(s->session->tlsext_hostname) == len && | ||
| 1026 | strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; | ||
| 1027 | } | ||
| 1028 | break; | ||
| 1029 | 1046 | ||
| 1030 | default: | 1047 | default: | 
| 1031 | break; | 1048 | break; | 
| 1032 | } | 1049 | } | 
| 1033 | 1050 | ||
| 1034 | dsize -= len; | 1051 | dsize -= len; | 
| 1035 | } | 1052 | } | 
| @@ -1042,7 +1059,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1042 | 1059 | ||
| 1043 | #ifndef OPENSSL_NO_EC | 1060 | #ifndef OPENSSL_NO_EC | 
| 1044 | else if (type == TLSEXT_TYPE_ec_point_formats && | 1061 | else if (type == TLSEXT_TYPE_ec_point_formats && | 
| 1045 | s->version != DTLS1_VERSION) { | 1062 | s->version != DTLS1_VERSION) { | 
| 1046 | unsigned char *sdata = data; | 1063 | unsigned char *sdata = data; | 
| 1047 | int ecpointformatlist_length = *(sdata++); | 1064 | int ecpointformatlist_length = *(sdata++); | 
| 1048 | 1065 | ||
| @@ -1078,7 +1095,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1078 | ellipticcurvelist_length += (*(sdata++)); | 1095 | ellipticcurvelist_length += (*(sdata++)); | 
| 1079 | 1096 | ||
| 1080 | if (ellipticcurvelist_length != size - 2 || | 1097 | if (ellipticcurvelist_length != size - 2 || | 
| 1081 | ellipticcurvelist_length < 1) { | 1098 | ellipticcurvelist_length < 1) { | 
| 1082 | *al = TLS1_AD_DECODE_ERROR; | 1099 | *al = TLS1_AD_DECODE_ERROR; | 
| 1083 | return 0; | 1100 | return 0; | 
| 1084 | } | 1101 | } | 
| @@ -1107,7 +1124,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1107 | #endif /* OPENSSL_NO_EC */ | 1124 | #endif /* OPENSSL_NO_EC */ | 
| 1108 | #ifdef TLSEXT_TYPE_opaque_prf_input | 1125 | #ifdef TLSEXT_TYPE_opaque_prf_input | 
| 1109 | else if (type == TLSEXT_TYPE_opaque_prf_input && | 1126 | else if (type == TLSEXT_TYPE_opaque_prf_input && | 
| 1110 | s->version != DTLS1_VERSION) { | 1127 | s->version != DTLS1_VERSION) { | 
| 1111 | unsigned char *sdata = data; | 1128 | unsigned char *sdata = data; | 
| 1112 | 1129 | ||
| 1113 | if (size < 2) { | 1130 | if (size < 2) { | 
| @@ -1134,7 +1151,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1134 | #endif | 1151 | #endif | 
| 1135 | else if (type == TLSEXT_TYPE_session_ticket) { | 1152 | else if (type == TLSEXT_TYPE_session_ticket) { | 
| 1136 | if (s->tls_session_ticket_ext_cb && | 1153 | if (s->tls_session_ticket_ext_cb && | 
| 1137 | !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) { | 1154 | !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) { | 
| 1138 | *al = TLS1_AD_INTERNAL_ERROR; | 1155 | *al = TLS1_AD_INTERNAL_ERROR; | 
| 1139 | return 0; | 1156 | return 0; | 
| 1140 | } | 1157 | } | 
| @@ -1196,7 +1213,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1196 | sdata = data; | 1213 | sdata = data; | 
| 1197 | data += idsize; | 1214 | data += idsize; | 
| 1198 | id = d2i_OCSP_RESPID(NULL, | 1215 | id = d2i_OCSP_RESPID(NULL, | 
| 1199 | &sdata, idsize); | 1216 | &sdata, idsize); | 
| 1200 | if (!id) { | 1217 | if (!id) { | 
| 1201 | *al = SSL_AD_DECODE_ERROR; | 1218 | *al = SSL_AD_DECODE_ERROR; | 
| 1202 | return 0; | 1219 | return 0; | 
| @@ -1206,15 +1223,15 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1206 | *al = SSL_AD_DECODE_ERROR; | 1223 | *al = SSL_AD_DECODE_ERROR; | 
| 1207 | return 0; | 1224 | return 0; | 
| 1208 | } | 1225 | } | 
| 1209 | if (!s->tlsext_ocsp_ids | 1226 | if (!s->tlsext_ocsp_ids && | 
| 1210 | && !(s->tlsext_ocsp_ids = | 1227 | !(s->tlsext_ocsp_ids = | 
| 1211 | sk_OCSP_RESPID_new_null())) { | 1228 | sk_OCSP_RESPID_new_null())) { | 
| 1212 | OCSP_RESPID_free(id); | 1229 | OCSP_RESPID_free(id); | 
| 1213 | *al = SSL_AD_INTERNAL_ERROR; | 1230 | *al = SSL_AD_INTERNAL_ERROR; | 
| 1214 | return 0; | 1231 | return 0; | 
| 1215 | } | 1232 | } | 
| 1216 | if (!sk_OCSP_RESPID_push( | 1233 | if (!sk_OCSP_RESPID_push( | 
| 1217 | s->tlsext_ocsp_ids, id)) { | 1234 | s->tlsext_ocsp_ids, id)) { | 
| 1218 | OCSP_RESPID_free(id); | 1235 | OCSP_RESPID_free(id); | 
| 1219 | *al = SSL_AD_INTERNAL_ERROR; | 1236 | *al = SSL_AD_INTERNAL_ERROR; | 
| 1220 | return 0; | 1237 | return 0; | 
| @@ -1236,14 +1253,14 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1236 | if (dsize > 0) { | 1253 | if (dsize > 0) { | 
| 1237 | if (s->tlsext_ocsp_exts) { | 1254 | if (s->tlsext_ocsp_exts) { | 
| 1238 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | 1255 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | 
| 1239 | X509_EXTENSION_free); | 1256 | X509_EXTENSION_free); | 
| 1240 | } | 1257 | } | 
| 1241 | 1258 | ||
| 1242 | s->tlsext_ocsp_exts = | 1259 | s->tlsext_ocsp_exts = | 
| 1243 | d2i_X509_EXTENSIONS(NULL, | 1260 | d2i_X509_EXTENSIONS(NULL, | 
| 1244 | &sdata, dsize); | 1261 | &sdata, dsize); | 
| 1245 | if (!s->tlsext_ocsp_exts | 1262 | if (!s->tlsext_ocsp_exts || | 
| 1246 | || (data + dsize != sdata)) { | 1263 | (data + dsize != sdata)) { | 
| 1247 | *al = SSL_AD_DECODE_ERROR; | 1264 | *al = SSL_AD_DECODE_ERROR; | 
| 1248 | return 0; | 1265 | return 0; | 
| 1249 | } | 1266 | } | 
| @@ -1290,14 +1307,14 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1290 | 1307 | ||
| 1291 | *p = data; | 1308 | *p = data; | 
| 1292 | 1309 | ||
| 1293 | ri_check: | 1310 | ri_check: | 
| 1294 | 1311 | ||
| 1295 | /* Need RI if renegotiating */ | 1312 | /* Need RI if renegotiating */ | 
| 1296 | 1313 | ||
| 1297 | if (!renegotiate_seen && s->renegotiate) { | 1314 | if (!renegotiate_seen && s->renegotiate) { | 
| 1298 | *al = SSL_AD_HANDSHAKE_FAILURE; | 1315 | *al = SSL_AD_HANDSHAKE_FAILURE; | 
| 1299 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, | 1316 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, | 
| 1300 | SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | 1317 | SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | 
| 1301 | return 0; | 1318 | return 0; | 
| 1302 | } | 1319 | } | 
| 1303 | 1320 | ||
| @@ -1325,7 +1342,8 @@ ssl_next_proto_validate(unsigned char *d, unsigned len) | |||
| 1325 | #endif | 1342 | #endif | 
| 1326 | 1343 | ||
| 1327 | int | 1344 | int | 
| 1328 | ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) | 1345 | ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | 
| 1346 | int n, int *al) | ||
| 1329 | { | 1347 | { | 
| 1330 | unsigned short length; | 1348 | unsigned short length; | 
| 1331 | unsigned short type; | 1349 | unsigned short type; | 
| @@ -1356,7 +1374,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, | |||
| 1356 | 1374 | ||
| 1357 | if (s->tlsext_debug_cb) | 1375 | if (s->tlsext_debug_cb) | 
| 1358 | s->tlsext_debug_cb(s, 1, type, data, size, | 1376 | s->tlsext_debug_cb(s, 1, type, data, size, | 
| 1359 | s->tlsext_debug_arg); | 1377 | s->tlsext_debug_arg); | 
| 1360 | 1378 | ||
| 1361 | if (type == TLSEXT_TYPE_server_name) { | 1379 | if (type == TLSEXT_TYPE_server_name) { | 
| 1362 | if (s->tlsext_hostname == NULL || size > 0) { | 1380 | if (s->tlsext_hostname == NULL || size > 0) { | 
| @@ -1368,12 +1386,12 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, | |||
| 1368 | } | 1386 | } | 
| 1369 | #ifndef OPENSSL_NO_EC | 1387 | #ifndef OPENSSL_NO_EC | 
| 1370 | else if (type == TLSEXT_TYPE_ec_point_formats && | 1388 | else if (type == TLSEXT_TYPE_ec_point_formats && | 
| 1371 | s->version != DTLS1_VERSION) { | 1389 | s->version != DTLS1_VERSION) { | 
| 1372 | unsigned char *sdata = data; | 1390 | unsigned char *sdata = data; | 
| 1373 | int ecpointformatlist_length = *(sdata++); | 1391 | int ecpointformatlist_length = *(sdata++); | 
| 1374 | 1392 | ||
| 1375 | if (ecpointformatlist_length != size - 1 || | 1393 | if (ecpointformatlist_length != size - 1 || | 
| 1376 | ecpointformatlist_length < 1) { | 1394 | ecpointformatlist_length < 1) { | 
| 1377 | *al = TLS1_AD_DECODE_ERROR; | 1395 | *al = TLS1_AD_DECODE_ERROR; | 
| 1378 | return 0; | 1396 | return 0; | 
| 1379 | } | 1397 | } | 
| @@ -1440,7 +1458,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, | |||
| 1440 | s->version != DTLS1_VERSION) { | 1458 | s->version != DTLS1_VERSION) { | 
| 1441 | /* MUST be empty and only sent if we've requested | 1459 | /* MUST be empty and only sent if we've requested | 
| 1442 | * a status request message. | 1460 | * a status request message. | 
| 1443 | */ | 1461 | */ | 
| 1444 | if ((s->tlsext_status_type == -1) || (size > 0)) { | 1462 | if ((s->tlsext_status_type == -1) || (size > 0)) { | 
| 1445 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | 1463 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | 
| 1446 | return 0; | 1464 | return 0; | 
| @@ -1485,9 +1503,9 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, | |||
| 1485 | } | 1503 | } | 
| 1486 | #ifndef OPENSSL_NO_SRTP | 1504 | #ifndef OPENSSL_NO_SRTP | 
| 1487 | else if (type == TLSEXT_TYPE_use_srtp) { | 1505 | else if (type == TLSEXT_TYPE_use_srtp) { | 
| 1488 | if (ssl_parse_serverhello_use_srtp_ext(s, data, size, | 1506 | if (ssl_parse_serverhello_use_srtp_ext(s, data, | 
| 1489 | al)) | 1507 | size, al)) | 
| 1490 | return 0; | 1508 | return 0; | 
| 1491 | } | 1509 | } | 
| 1492 | #endif | 1510 | #endif | 
| 1493 | 1511 | ||
| @@ -1530,7 +1548,7 @@ ri_check: | |||
| 1530 | if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) { | 1548 | if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) { | 
| 1531 | *al = SSL_AD_HANDSHAKE_FAILURE; | 1549 | *al = SSL_AD_HANDSHAKE_FAILURE; | 
| 1532 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, | 1550 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, | 
| 1533 | SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | 1551 | SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | 
| 1534 | return 0; | 1552 | return 0; | 
| 1535 | } | 1553 | } | 
| 1536 | 1554 | ||
| @@ -1541,7 +1559,7 @@ int | |||
| 1541 | ssl_prepare_clienthello_tlsext(SSL *s) | 1559 | ssl_prepare_clienthello_tlsext(SSL *s) | 
| 1542 | { | 1560 | { | 
| 1543 | #ifndef OPENSSL_NO_EC | 1561 | #ifndef OPENSSL_NO_EC | 
| 1544 | /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats | 1562 | /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats | 
| 1545 | * and elliptic curves we support. | 1563 | * and elliptic curves we support. | 
| 1546 | */ | 1564 | */ | 
| 1547 | int using_ecc = 0; | 1565 | int using_ecc = 0; | 
| @@ -1566,7 +1584,8 @@ ssl_prepare_clienthello_tlsext(SSL *s) | |||
| 1566 | if (s->tlsext_ecpointformatlist != NULL) | 1584 | if (s->tlsext_ecpointformatlist != NULL) | 
| 1567 | free(s->tlsext_ecpointformatlist); | 1585 | free(s->tlsext_ecpointformatlist); | 
| 1568 | if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { | 1586 | if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { | 
| 1569 | SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE); | 1587 | SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, | 
| 1588 | ERR_R_MALLOC_FAILURE); | ||
| 1570 | return -1; | 1589 | return -1; | 
| 1571 | } | 1590 | } | 
| 1572 | s->tlsext_ecpointformatlist_length = 3; | 1591 | s->tlsext_ecpointformatlist_length = 3; | 
| @@ -1577,15 +1596,14 @@ ssl_prepare_clienthello_tlsext(SSL *s) | |||
| 1577 | /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ | 1596 | /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ | 
| 1578 | if (s->tlsext_ellipticcurvelist != NULL) | 1597 | if (s->tlsext_ellipticcurvelist != NULL) | 
| 1579 | free(s->tlsext_ellipticcurvelist); | 1598 | free(s->tlsext_ellipticcurvelist); | 
| 1580 | s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2; | 1599 | s->tlsext_ellipticcurvelist_length = sizeof(pref_list) / sizeof(pref_list[0]) * 2; | 
| 1581 | if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { | 1600 | if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { | 
| 1582 | s->tlsext_ellipticcurvelist_length = 0; | 1601 | s->tlsext_ellipticcurvelist_length = 0; | 
| 1583 | SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE); | 1602 | SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, | 
| 1603 | ERR_R_MALLOC_FAILURE); | ||
| 1584 | return -1; | 1604 | return -1; | 
| 1585 | } | 1605 | } | 
| 1586 | for (i = 0, j = s->tlsext_ellipticcurvelist; | 1606 | for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i < sizeof(pref_list) / sizeof(pref_list[0]); i++) { | 
| 1587 | (unsigned int)i < sizeof(pref_list)/sizeof(pref_list[0]); | ||
| 1588 | i++) { | ||
| 1589 | int id = tls1_ec_nid2curve_id(pref_list[i]); | 1607 | int id = tls1_ec_nid2curve_id(pref_list[i]); | 
| 1590 | s2n(id, j); | 1608 | s2n(id, j); | 
| 1591 | } | 1609 | } | 
| @@ -1620,7 +1638,7 @@ ssl_prepare_clienthello_tlsext(SSL *s) | |||
| 1620 | if (r == 2) { | 1638 | if (r == 2) { | 
| 1621 | /* at callback's request, insist on receiving an appropriate server opaque PRF input */ | 1639 | /* at callback's request, insist on receiving an appropriate server opaque PRF input */ | 
| 1622 | s->s3->server_opaque_prf_input_len = | 1640 | s->s3->server_opaque_prf_input_len = | 
| 1623 | s->tlsext_opaque_prf_input_len; | 1641 | s->tlsext_opaque_prf_input_len; | 
| 1624 | } | 1642 | } | 
| 1625 | } | 1643 | } | 
| 1626 | #endif | 1644 | #endif | 
| @@ -1632,7 +1650,7 @@ int | |||
| 1632 | ssl_prepare_serverhello_tlsext(SSL *s) | 1650 | ssl_prepare_serverhello_tlsext(SSL *s) | 
| 1633 | { | 1651 | { | 
| 1634 | #ifndef OPENSSL_NO_EC | 1652 | #ifndef OPENSSL_NO_EC | 
| 1635 | /* If we are server and using an ECC cipher suite, send the point formats we support | 1653 | /* If we are server and using an ECC cipher suite, send the point formats we support | 
| 1636 | * if the client sent us an ECPointsFormat extension. Note that the server is not | 1654 | * if the client sent us an ECPointsFormat extension. Note that the server is not | 
| 1637 | * supposed to send an EllipticCurves extension. | 1655 | * supposed to send an EllipticCurves extension. | 
| 1638 | */ | 1656 | */ | 
| @@ -1666,10 +1684,10 @@ ssl_check_clienthello_tlsext_early(SSL *s) | |||
| 1666 | int al = SSL_AD_UNRECOGNIZED_NAME; | 1684 | int al = SSL_AD_UNRECOGNIZED_NAME; | 
| 1667 | 1685 | ||
| 1668 | #ifndef OPENSSL_NO_EC | 1686 | #ifndef OPENSSL_NO_EC | 
| 1669 | /* The handling of the ECPointFormats extension is done elsewhere, namely in | 1687 | /* The handling of the ECPointFormats extension is done elsewhere, namely in | 
| 1670 | * ssl3_choose_cipher in s3_lib.c. | 1688 | * ssl3_choose_cipher in s3_lib.c. | 
| 1671 | */ | 1689 | */ | 
| 1672 | /* The handling of the EllipticCurves extension is done elsewhere, namely in | 1690 | /* The handling of the EllipticCurves extension is done elsewhere, namely in | 
| 1673 | * ssl3_choose_cipher in s3_lib.c. | 1691 | * ssl3_choose_cipher in s3_lib.c. | 
| 1674 | */ | 1692 | */ | 
| 1675 | #endif | 1693 | #endif | 
| @@ -1735,14 +1753,10 @@ err: | |||
| 1735 | switch (ret) { | 1753 | switch (ret) { | 
| 1736 | case SSL_TLSEXT_ERR_ALERT_FATAL: | 1754 | case SSL_TLSEXT_ERR_ALERT_FATAL: | 
| 1737 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1755 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 
| 1738 | |||
| 1739 | return -1; | 1756 | return -1; | 
| 1740 | |||
| 1741 | case SSL_TLSEXT_ERR_ALERT_WARNING: | 1757 | case SSL_TLSEXT_ERR_ALERT_WARNING: | 
| 1742 | ssl3_send_alert(s, SSL3_AL_WARNING, al); | 1758 | ssl3_send_alert(s, SSL3_AL_WARNING, al); | 
| 1743 | return 1; | 1759 | return 1; | 
| 1744 | |||
| 1745 | |||
| 1746 | case SSL_TLSEXT_ERR_NOACK: | 1760 | case SSL_TLSEXT_ERR_NOACK: | 
| 1747 | s->servername_done = 0; | 1761 | s->servername_done = 0; | 
| 1748 | default: | 1762 | default: | 
| @@ -1757,11 +1771,12 @@ ssl_check_clienthello_tlsext_late(SSL *s) | |||
| 1757 | int al = 0; /* XXX gcc3 */ | 1771 | int al = 0; /* XXX gcc3 */ | 
| 1758 | 1772 | ||
| 1759 | /* If status request then ask callback what to do. | 1773 | /* If status request then ask callback what to do. | 
| 1760 | * Note: this must be called after servername callbacks in case | 1774 | * Note: this must be called after servername callbacks in case | 
| 1761 | * the certificate has changed, and must be called after the cipher | 1775 | * the certificate has changed, and must be called after the cipher | 
| 1762 | * has been chosen because this may influence which certificate is sent | 1776 | * has been chosen because this may influence which certificate is sent | 
| 1763 | */ | 1777 | */ | 
| 1764 | if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) { | 1778 | if ((s->tlsext_status_type != -1) && | 
| 1779 | s->ctx && s->ctx->tlsext_status_cb) { | ||
| 1765 | int r; | 1780 | int r; | 
| 1766 | CERT_PKEY *certpkey; | 1781 | CERT_PKEY *certpkey; | 
| 1767 | certpkey = ssl_get_server_send_pkey(s); | 1782 | certpkey = ssl_get_server_send_pkey(s); | 
| @@ -1800,12 +1815,10 @@ err: | |||
| 1800 | switch (ret) { | 1815 | switch (ret) { | 
| 1801 | case SSL_TLSEXT_ERR_ALERT_FATAL: | 1816 | case SSL_TLSEXT_ERR_ALERT_FATAL: | 
| 1802 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1817 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 
| 1803 | |||
| 1804 | return -1; | 1818 | return -1; | 
| 1805 | case SSL_TLSEXT_ERR_ALERT_WARNING: | 1819 | case SSL_TLSEXT_ERR_ALERT_WARNING: | 
| 1806 | ssl3_send_alert(s, SSL3_AL_WARNING, al); | 1820 | ssl3_send_alert(s, SSL3_AL_WARNING, al); | 
| 1807 | return 1; | 1821 | return 1; | 
| 1808 | |||
| 1809 | default: | 1822 | default: | 
| 1810 | return 1; | 1823 | return 1; | 
| 1811 | } | 1824 | } | 
| @@ -1866,7 +1879,7 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 1866 | /* Anytime the server *has* sent an opaque PRF input, we need to check | 1879 | /* Anytime the server *has* sent an opaque PRF input, we need to check | 
| 1867 | * that we have a client opaque PRF input of the same size. */ | 1880 | * that we have a client opaque PRF input of the same size. */ | 
| 1868 | if (s->s3->client_opaque_prf_input == NULL || | 1881 | if (s->s3->client_opaque_prf_input == NULL || | 
| 1869 | s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len) { | 1882 | s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len) { | 
| 1870 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | 1883 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | 
| 1871 | al = SSL_AD_ILLEGAL_PARAMETER; | 1884 | al = SSL_AD_ILLEGAL_PARAMETER; | 
| 1872 | } | 1885 | } | 
| @@ -1876,8 +1889,8 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 1876 | /* If we've requested certificate status and we wont get one | 1889 | /* If we've requested certificate status and we wont get one | 
| 1877 | * tell the callback | 1890 | * tell the callback | 
| 1878 | */ | 1891 | */ | 
| 1879 | if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) | 1892 | if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) && | 
| 1880 | && s->ctx && s->ctx->tlsext_status_cb) { | 1893 | s->ctx && s->ctx->tlsext_status_cb) { | 
| 1881 | int r; | 1894 | int r; | 
| 1882 | /* Set resp to NULL, resplen to -1 so callback knows | 1895 | /* Set resp to NULL, resplen to -1 so callback knows | 
| 1883 | * there is no response. | 1896 | * there is no response. | 
| @@ -2077,9 +2090,9 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, | |||
| 2077 | if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) | 2090 | if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) | 
| 2078 | return 2; | 2091 | return 2; | 
| 2079 | HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, | 2092 | HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, | 
| 2080 | tlsext_tick_md(), NULL); | 2093 | tlsext_tick_md(), NULL); | 
| 2081 | EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, | 2094 | EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, | 
| 2082 | tctx->tlsext_tick_aes_key, etick + 16); | 2095 | tctx->tlsext_tick_aes_key, etick + 16); | 
| 2083 | } | 2096 | } | 
| 2084 | /* Attempt to process session ticket, first conduct sanity and | 2097 | /* Attempt to process session ticket, first conduct sanity and | 
| 2085 | * integrity checks on ticket. | 2098 | * integrity checks on ticket. | 
| @@ -2189,7 +2202,7 @@ tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md) | |||
| 2189 | if (!md) | 2202 | if (!md) | 
| 2190 | return 0; | 2203 | return 0; | 
| 2191 | md_id = tls12_find_id(EVP_MD_type(md), tls12_md, | 2204 | md_id = tls12_find_id(EVP_MD_type(md), tls12_md, | 
| 2192 | sizeof(tls12_md)/sizeof(tls12_lookup)); | 2205 | sizeof(tls12_md) / sizeof(tls12_lookup)); | 
| 2193 | if (md_id == -1) | 2206 | if (md_id == -1) | 
| 2194 | return 0; | 2207 | return 0; | 
| 2195 | sig_id = tls12_get_sigid(pk); | 2208 | sig_id = tls12_get_sigid(pk); | 
| @@ -2204,7 +2217,7 @@ int | |||
| 2204 | tls12_get_sigid(const EVP_PKEY *pk) | 2217 | tls12_get_sigid(const EVP_PKEY *pk) | 
| 2205 | { | 2218 | { | 
| 2206 | return tls12_find_id(pk->type, tls12_sig, | 2219 | return tls12_find_id(pk->type, tls12_sig, | 
| 2207 | sizeof(tls12_sig)/sizeof(tls12_lookup)); | 2220 | sizeof(tls12_sig) / sizeof(tls12_lookup)); | 
| 2208 | } | 2221 | } | 
| 2209 | 2222 | ||
| 2210 | const EVP_MD * | 2223 | const EVP_MD * | 
| @@ -2215,17 +2228,14 @@ tls12_get_hash(unsigned char hash_alg) | |||
| 2215 | return EVP_sha1(); | 2228 | return EVP_sha1(); | 
| 2216 | case TLSEXT_hash_sha224: | 2229 | case TLSEXT_hash_sha224: | 
| 2217 | return EVP_sha224(); | 2230 | return EVP_sha224(); | 
| 2218 | |||
| 2219 | case TLSEXT_hash_sha256: | 2231 | case TLSEXT_hash_sha256: | 
| 2220 | return EVP_sha256(); | 2232 | return EVP_sha256(); | 
| 2221 | case TLSEXT_hash_sha384: | 2233 | case TLSEXT_hash_sha384: | 
| 2222 | return EVP_sha384(); | 2234 | return EVP_sha384(); | 
| 2223 | |||
| 2224 | case TLSEXT_hash_sha512: | 2235 | case TLSEXT_hash_sha512: | 
| 2225 | return EVP_sha512(); | 2236 | return EVP_sha512(); | 
| 2226 | default: | 2237 | default: | 
| 2227 | return NULL; | 2238 | return NULL; | 
| 2228 | |||
| 2229 | } | 2239 | } | 
| 2230 | } | 2240 | } | 
| 2231 | 2241 | ||
