Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 8157d44b 编写于 作者: M Matt Caswell
浏览文件
操作

Convert ServerHello construction to WPACKET 

Reviewed-by: NRich Salz <rsalz@openssl.org>
上级 2f2d6e3e
显示空白变更内容
内联 并排
Showing with 134 addition and 219 deletion
ssl/d1_srtp.c
浏览文件 @ 8157d44b
...@@ -203,30 +203,6 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al) ...@@ -203,30 +203,6 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
return 0; return 0;
} }
int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
int maxlen)
{
if (p) {
if (maxlen < 5) {
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
return 1;
}
if (s->srtp_profile == 0) {
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
SSL_R_USE_SRTP_NOT_NEGOTIATED);
return 1;
}
s2n(2, p);
s2n(s->srtp_profile->id, p);
*p++ = 0;
}
*len = 5;
return 0;
}
int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al) int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
{ {
unsigned int id, ct, mki; unsigned int id, ct, mki;
......
ssl/ssl_locl.h
浏览文件 @ 8157d44b
...@@ -2017,8 +2017,7 @@ __owur int tls1_shared_list(SSL *s, ...@@ -2017,8 +2017,7 @@ __owur int tls1_shared_list(SSL *s,
const unsigned char *l1, size_t l1len, const unsigned char *l1, size_t l1len,
const unsigned char *l2, size_t l2len, int nmatch); const unsigned char *l2, size_t l2len, int nmatch);
__owur int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al); __owur int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al);
__owur unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, __owur int ssl_add_serverhello_tlsext(SSL *s, WPACKET *pkt, int *al);
unsigned char *limit, int *al);
__owur int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt); __owur int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt);
void ssl_set_default_md(SSL *s); void ssl_set_default_md(SSL *s);
__owur int tls1_set_server_sigalgs(SSL *s); __owur int tls1_set_server_sigalgs(SSL *s);
...@@ -2066,8 +2065,7 @@ __owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex, ...@@ -2066,8 +2065,7 @@ __owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex,
__owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md); __owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
void ssl_clear_hash_ctx(EVP_MD_CTX **hash); void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
__owur int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, __owur int ssl_add_serverhello_renegotiate_ext(SSL *s, WPACKET *pkt);
int *len, int maxlen);
__owur int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al); __owur int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al);
__owur int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al); __owur int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al);
__owur long ssl_get_algorithm2(SSL *s); __owur long ssl_get_algorithm2(SSL *s);
...@@ -2084,8 +2082,6 @@ void ssl_set_client_disabled(SSL *s); ...@@ -2084,8 +2082,6 @@ void ssl_set_client_disabled(SSL *s);
__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op); __owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op);
__owur int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al); __owur int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al);
__owur int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
int maxlen);
__owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al); __owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al);
__owur int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen); __owur int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen);
......
ssl/statem/statem_srvr.c
浏览文件 @ 8157d44b
...@@ -1499,26 +1499,23 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) ...@@ -1499,26 +1499,23 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
int tls_construct_server_hello(SSL *s) int tls_construct_server_hello(SSL *s)
{ {
unsigned char *buf; int sl;
unsigned char *p, *d; int al = SSL_AD_INTERNAL_ERROR;
int i, sl; int compm;
int al = 0; size_t len;
unsigned long l; WPACKET pkt;
buf = (unsigned char *)s->init_buf->data;
/* Do the message type and length last */
d = p = ssl_handshake_start(s);
*(p++) = s->version >> 8;
*(p++) = s->version & 0xff;
if (!WPACKET_init(&pkt, s->init_buf)
|| !ssl_set_handshake_header2(s, &pkt, SSL3_MT_SERVER_HELLO)
|| !WPACKET_put_bytes_u16(&pkt, s->version)
/* /*
* Random stuff. Filling of the server_random takes place in * Random stuff. Filling of the server_random takes place in
* tls_process_client_hello() * tls_process_client_hello()
*/ */
memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); || !WPACKET_memcpy(&pkt, s->s3->server_random, SSL3_RANDOM_SIZE)) {
p += SSL3_RANDOM_SIZE; SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
goto err;
}
/*- /*-
* There are several cases for the session ID to send * There are several cases for the session ID to send
...@@ -1544,50 +1541,35 @@ int tls_construct_server_hello(SSL *s) ...@@ -1544,50 +1541,35 @@ int tls_construct_server_hello(SSL *s)
sl = s->session->session_id_length; sl = s->session->session_id_length;
if (sl > (int)sizeof(s->session->session_id)) { if (sl > (int)sizeof(s->session->session_id)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
ossl_statem_set_error(s); goto err;
return 0;
} }
*(p++) = sl;
memcpy(p, s->session->session_id, sl);
p += sl;
/* put the cipher */
i = ssl3_put_cipher_by_char_old(s->s3->tmp.new_cipher, p);
p += i;
/* put the compression method */ /* set up the compression method */
#ifdef OPENSSL_NO_COMP #ifdef OPENSSL_NO_COMP
*(p++) = 0; compm = 0;
#else #else
if (s->s3->tmp.new_compression == NULL) if (s->s3->tmp.new_compression == NULL)
*(p++) = 0; compm = 0;
else else
*(p++) = s->s3->tmp.new_compression->id; compm = s->s3->tmp.new_compression->id;
#endif #endif
if (ssl_prepare_serverhello_tlsext(s) <= 0) { if (!WPACKET_sub_memcpy_u8(&pkt, s->session->session_id, sl)
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, &pkt, &len)
ossl_statem_set_error(s); || !WPACKET_put_bytes_u8(&pkt, compm)
return 0; || !ssl_prepare_serverhello_tlsext(s)
} || !ssl_add_serverhello_tlsext(s, &pkt, &al)
if ((p = || !ssl_close_construct_packet(s, &pkt)) {
ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH,
&al)) == NULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, al);
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
ossl_statem_set_error(s); goto err;
return 0;
} }
/* do the header */ return 1;
l = (p - d); err:
if (!ssl_set_handshake_header(s, SSL3_MT_SERVER_HELLO, l)) { WPACKET_cleanup(&pkt);
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s); ossl_statem_set_error(s);
return 0; return 0;
}
return 1;
} }
int tls_construct_server_done(SSL *s) int tls_construct_server_done(SSL *s)
......
ssl/t1_lib.c
浏览文件 @ 8157d44b
...@@ -1392,12 +1392,8 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) ...@@ -1392,12 +1392,8 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
return 1; return 1;
} }
unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, int ssl_add_serverhello_tlsext(SSL *s, WPACKET *pkt, int *al)
unsigned char *limit, int *al)
{ {
int extdatalen = 0;
unsigned char *orig = buf;
unsigned char *ret = buf;
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
int next_proto_neg_seen; int next_proto_neg_seen;
#endif #endif
...@@ -1408,30 +1404,16 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, ...@@ -1408,30 +1404,16 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
#endif #endif
ret += 2; if (!WPACKET_start_sub_packet_u16(pkt)
if (ret >= limit) || !WPACKET_set_flags(pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH)) {
return NULL; /* this really never occurs, but ... */
if (s->s3->send_connection_binding) {
int el;
if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) {
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL; return 0;
} }
if ((limit - ret - 4 - el) < 0) if (s->s3->send_connection_binding &&
return NULL; !ssl_add_serverhello_renegotiate_ext(s, pkt)) {
s2n(TLSEXT_TYPE_renegotiate, ret);
s2n(el, ret);
if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) {
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL; return 0;
}
ret += el;
} }
/* Only add RI for SSLv3 */ /* Only add RI for SSLv3 */
...@@ -1440,11 +1422,11 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, ...@@ -1440,11 +1422,11 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
if (!s->hit && s->servername_done == 1 if (!s->hit && s->servername_done == 1
&& s->session->tlsext_hostname != NULL) { && s->session->tlsext_hostname != NULL) {
if ((long)(limit - ret - 4) < 0) if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name)
return NULL; || !WPACKET_put_bytes_u16(pkt, 0)) {
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
s2n(TLSEXT_TYPE_server_name, ret); return 0;
s2n(0, ret); }
} }
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
if (using_ecc) { if (using_ecc) {
...@@ -1453,25 +1435,15 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, ...@@ -1453,25 +1435,15 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
/* /*
* Add TLS extension ECPointFormats to the ServerHello message * Add TLS extension ECPointFormats to the ServerHello message
*/ */
long lenmax;
tls1_get_formatlist(s, &plist, &plistlen); tls1_get_formatlist(s, &plist, &plistlen);
if ((lenmax = limit - ret - 5) < 0) if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats)
return NULL; || !WPACKET_start_sub_packet_u16(pkt)
if (plistlen > (size_t)lenmax) || !WPACKET_sub_memcpy_u8(pkt, plist, plistlen)
return NULL; || !WPACKET_close(pkt)) {
if (plistlen > 255) {
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL; return 0;
} }
s2n(TLSEXT_TYPE_ec_point_formats, ret);
s2n(plistlen + 1, ret);
*(ret++) = (unsigned char)plistlen;
memcpy(ret, plist, plistlen);
ret += plistlen;
} }
/* /*
* Currently the server should not respond with a SupportedCurves * Currently the server should not respond with a SupportedCurves
...@@ -1480,10 +1452,11 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, ...@@ -1480,10 +1452,11 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
if (s->tlsext_ticket_expected && tls_use_ticket(s)) { if (s->tlsext_ticket_expected && tls_use_ticket(s)) {
if ((long)(limit - ret - 4) < 0) if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket)
return NULL; || !WPACKET_put_bytes_u16(pkt, 0)) {
s2n(TLSEXT_TYPE_session_ticket, ret); SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
s2n(0, ret); return 0;
}
} else { } else {
/* /*
* if we don't add the above TLSEXT, we can't add a session ticket * if we don't add the above TLSEXT, we can't add a session ticket
...@@ -1493,31 +1466,23 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, ...@@ -1493,31 +1466,23 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
} }
if (s->tlsext_status_expected) { if (s->tlsext_status_expected) {
if ((long)(limit - ret - 4) < 0) if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request)
return NULL; || !WPACKET_put_bytes_u16(pkt, 0)) {
s2n(TLSEXT_TYPE_status_request, ret); SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
s2n(0, ret); return 0;
}
} }
#ifndef OPENSSL_NO_SRTP #ifndef OPENSSL_NO_SRTP
if (SSL_IS_DTLS(s) && s->srtp_profile) { if (SSL_IS_DTLS(s) && s->srtp_profile) {
int el; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp)
|| !WPACKET_start_sub_packet_u16(pkt)
/* Returns 0 on success!! */ || !WPACKET_put_bytes_u16(pkt, 2)
if (ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0)) { || !WPACKET_put_bytes_u16(pkt, s->srtp_profile->id)
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); || !WPACKET_put_bytes_u8(pkt, 0)
return NULL; || !WPACKET_close(pkt)) {
}
if ((limit - ret - 4 - el) < 0)
return NULL;
s2n(TLSEXT_TYPE_use_srtp, ret);
s2n(el, ret);
if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) {
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL; return 0;
} }
ret += el;
} }
#endif #endif
...@@ -1532,28 +1497,31 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, ...@@ -1532,28 +1497,31 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
}; };
if (limit - ret < 36) if (!WPACKET_memcpy(pkt, cryptopro_ext, sizeof(cryptopro_ext))) {
return NULL; SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
memcpy(ret, cryptopro_ext, 36); return 0;
ret += 36; }
} }
#ifndef OPENSSL_NO_HEARTBEATS #ifndef OPENSSL_NO_HEARTBEATS
/* Add Heartbeat extension if we've received one */ /* Add Heartbeat extension if we've received one */
if (SSL_IS_DTLS(s) && (s->tlsext_heartbeat & SSL_DTLSEXT_HB_ENABLED)) { if (SSL_IS_DTLS(s) && (s->tlsext_heartbeat & SSL_DTLSEXT_HB_ENABLED)) {
if ((limit - ret - 4 - 1) < 0)
return NULL;
s2n(TLSEXT_TYPE_heartbeat, ret);
s2n(1, ret);
/*- /*-
* Set mode: * Set mode:
* 1: peer may send requests * 1: peer may send requests
* 2: peer not allowed to send requests * 2: peer not allowed to send requests
*/ */
if (s->tlsext_heartbeat & SSL_DTLSEXT_HB_DONT_RECV_REQUESTS) if (s->tlsext_heartbeat & SSL_DTLSEXT_HB_DONT_RECV_REQUESTS)
*(ret++) = SSL_DTLSEXT_HB_DONT_SEND_REQUESTS; mode = SSL_DTLSEXT_HB_DONT_SEND_REQUESTS;
else else
*(ret++) = SSL_DTLSEXT_HB_ENABLED; mode = SSL_DTLSEXT_HB_ENABLED;
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_heartbeat)
|| !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_put_bytes_u8(pkt, mode)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
} }
#endif #endif
...@@ -1570,18 +1538,20 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, ...@@ -1570,18 +1538,20 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
s-> s->
ctx->next_protos_advertised_cb_arg); ctx->next_protos_advertised_cb_arg);
if (r == SSL_TLSEXT_ERR_OK) { if (r == SSL_TLSEXT_ERR_OK) {
if ((long)(limit - ret - 4 - npalen) < 0) if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg)
return NULL; || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) {
s2n(TLSEXT_TYPE_next_proto_neg, ret); SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
s2n(npalen, ret); return 0;
memcpy(ret, npa, npalen); }
ret += npalen;
s->s3->next_proto_neg_seen = 1; s->s3->next_proto_neg_seen = 1;
} }
} }
#endif #endif
if (!custom_ext_add_old(s, 1, &ret, limit, al)) if (!custom_ext_add(s, 1, pkt, al)) {
return NULL; SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) { if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) {
/* /*
* Don't use encrypt_then_mac if AEAD or RC4 might want to disable * Don't use encrypt_then_mac if AEAD or RC4 might want to disable
...@@ -1593,36 +1563,41 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, ...@@ -1593,36 +1563,41 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
|| s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12) || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12)
s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC; s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
else { else {
s2n(TLSEXT_TYPE_encrypt_then_mac, ret); if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac)
s2n(0, ret); || !WPACKET_put_bytes_u16(pkt, 0)) {
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
} }
} }
if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) { if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
s2n(TLSEXT_TYPE_extended_master_secret, ret); if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
s2n(0, ret); || !WPACKET_put_bytes_u16(pkt, 0)) {
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
} }
if (s->s3->alpn_selected != NULL) { if (s->s3->alpn_selected != NULL) {
const unsigned char *selected = s->s3->alpn_selected; if (!WPACKET_put_bytes_u16(pkt,
unsigned int len = s->s3->alpn_selected_len; TLSEXT_TYPE_application_layer_protocol_negotiation)
|| !WPACKET_start_sub_packet_u16(pkt)
if ((long)(limit - ret - 4 - 2 - 1 - len) < 0) || !WPACKET_start_sub_packet_u16(pkt)
return NULL; || !WPACKET_sub_memcpy_u8(pkt, s->s3->alpn_selected,
s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret); s->s3->alpn_selected_len)
s2n(3 + len, ret); || !WPACKET_close(pkt)
s2n(1 + len, ret); || !WPACKET_close(pkt)) {
*ret++ = len; SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
memcpy(ret, selected, len); return 0;
ret += len; }
} }
done: done:
if (!WPACKET_close(pkt)) {
if ((extdatalen = ret - orig - 2) == 0) SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return orig; return 0;
}
s2n(extdatalen, orig); return 1;
return ret;
} }
/* /*
......
ssl/t1_reneg.c
浏览文件 @ 8157d44b
...@@ -50,32 +50,18 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al) ...@@ -50,32 +50,18 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
} }
/* Add the server's renegotiation binding */ /* Add the server's renegotiation binding */
int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, int ssl_add_serverhello_renegotiate_ext(SSL *s, WPACKET *pkt)
int maxlen)
{ {
if (p) { if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate)
if ((s->s3->previous_client_finished_len + || !WPACKET_start_sub_packet_u16(pkt)
s->s3->previous_server_finished_len + 1) > maxlen) { || !WPACKET_start_sub_packet_u8(pkt)
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, || !WPACKET_memcpy(pkt, s->s3->previous_client_finished,
SSL_R_RENEGOTIATE_EXT_TOO_LONG); s->s3->previous_client_finished_len)
|| !WPACKET_memcpy(pkt, s->s3->previous_server_finished,
s->s3->previous_server_finished_len)
|| !WPACKET_close(pkt)
|| !WPACKET_close(pkt))
return 0; return 0;
}
/* Length byte */
*p = s->s3->previous_client_finished_len +
s->s3->previous_server_finished_len;
p++;
memcpy(p, s->s3->previous_client_finished,
s->s3->previous_client_finished_len);
p += s->s3->previous_client_finished_len;
memcpy(p, s->s3->previous_server_finished,
s->s3->previous_server_finished_len);
}
*len = s->s3->previous_client_finished_len
+ s->s3->previous_server_finished_len + 1;
return 1; return 1;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册