diff options
| author | Doug Hogan <doug@cvs.openbsd.org> | 2015-07-24 02:39:44 +0000 |
|---|---|---|
| committer | Doug Hogan <doug@cvs.openbsd.org> | 2015-07-24 02:39:44 +0000 |
| commit | 3f719f9da3635ec86996c57fa9985cac1b014d9c (patch) | |
| tree | caeb083830af9b1768da486fe561eb7bbb20e7b3 /lib/libssl | |
| parent | ea120dbf1e02417fc37804866f52374d86227aeb (diff) | |
Convert ssl3_get_record to CBS.
ok miod@ jsing@
Diffstat (limited to 'lib/libssl')
| -rw-r--r-- | lib/libssl/s3_pkt.c | 51 |
1 files changed, 29 insertions, 22 deletions
diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c index 1e94bf437ed..33fee732d1f 100644 --- a/lib/libssl/s3_pkt.c +++ b/lib/libssl/s3_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_pkt.c,v 1.55 2015/07/18 19:41:54 doug Exp $ */ +/* $OpenBSD: s3_pkt.c,v 1.56 2015/07/24 02:39:43 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -117,6 +117,8 @@ #include <openssl/buffer.h> #include <openssl/evp.h> +#include "bytestring.h" + static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment); static int ssl3_get_record(SSL *s); @@ -276,13 +278,11 @@ ssl3_read_n(SSL *s, int n, int max, int extend) static int ssl3_get_record(SSL *s) { - int ssl_major, ssl_minor, al; + int al; int enc_err, n, i, ret = -1; SSL3_RECORD *rr; SSL_SESSION *sess; - unsigned char *p; unsigned char md[EVP_MAX_MD_SIZE]; - short version; unsigned mac_size, orig_len; rr = &(s->s3->rrec); @@ -292,35 +292,42 @@ again: /* check if we have the header */ if ((s->rstate != SSL_ST_READ_BODY) || (s->packet_length < SSL3_RT_HEADER_LENGTH)) { + CBS header; + uint16_t len, ssl_version; + uint8_t type; + n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); if (n <= 0) return(n); /* error or non-blocking */ s->rstate = SSL_ST_READ_BODY; - p = s->packet; + CBS_init(&header, s->packet, n); /* Pull apart the header into the SSL3_RECORD */ - rr->type= *(p++); - ssl_major= *(p++); - ssl_minor= *(p++); - version = (ssl_major << 8)|ssl_minor; - n2s(p, rr->length); + if (!CBS_get_u8(&header, &type) || + !CBS_get_u16(&header, &ssl_version) || + !CBS_get_u16(&header, &len)) { + SSLerr(SSL_F_SSL3_GET_RECORD, + SSL_R_BAD_PACKET_LENGTH); + goto err; + } + + rr->type = type; + rr->length = len; /* Lets check version */ - if (!s->first_packet) { - if (version != s->version) { - SSLerr(SSL_F_SSL3_GET_RECORD, - SSL_R_WRONG_VERSION_NUMBER); - if ((s->version & 0xFF00) == (version & 0xFF00) && - !s->enc_write_ctx && !s->write_hash) - /* Send back error using their minor version number :-) */ - s->version = (unsigned short)version; - al = SSL_AD_PROTOCOL_VERSION; - goto f_err; - } + if (!s->first_packet && ssl_version != s->version) { + SSLerr(SSL_F_SSL3_GET_RECORD, + SSL_R_WRONG_VERSION_NUMBER); + if ((s->version & 0xFF00) == (ssl_version & 0xFF00) && + !s->enc_write_ctx && !s->write_hash) + /* Send back error using their minor version number :-) */ + s->version = ssl_version; + al = SSL_AD_PROTOCOL_VERSION; + goto f_err; } - if ((version >> 8) != SSL3_VERSION_MAJOR) { + if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) { SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); goto err; |