From 162ad01b5f1eb98ef384cfda2674fc828d1a4321 Mon Sep 17 00:00:00 2001 From: Doug Hogan Date: Sat, 20 Jun 2015 04:04:37 +0000 Subject: Convert ssl_parse_clienthello_renegotiate_ext to CBS. ok miod@, tweak + ok jsing@ --- lib/libssl/src/ssl/ssl_locl.h | 4 ++-- lib/libssl/src/ssl/t1_reneg.c | 25 ++++++++++++------------- 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index 794769b79cc..b55e8265afd 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.91 2015/06/18 22:51:05 doug Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.92 2015/06/20 04:04:35 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -839,7 +839,7 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, int *al); int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, int maxlen); -int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, +int ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len, int *al); long ssl_get_algorithm2(SSL *s); int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize); diff --git a/lib/libssl/src/ssl/t1_reneg.c b/lib/libssl/src/ssl/t1_reneg.c index c93105ef4dd..52d1754d94b 100644 --- a/lib/libssl/src/ssl/t1_reneg.c +++ b/lib/libssl/src/ssl/t1_reneg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_reneg.c,v 1.9 2014/11/16 14:12:47 jsing Exp $ */ +/* $OpenBSD: t1_reneg.c,v 1.10 2015/06/20 04:04:36 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -114,6 +114,7 @@ #include #include "ssl_locl.h" +#include "bytestring.h" /* Add the client's renegotiation binding */ int @@ -144,23 +145,22 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, /* Parse the client's renegotiation binding and abort if it's not right */ int -ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, +ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len, int *al) { - int ilen; + CBS cbs, reneg; - /* Parse the length byte */ - if (len < 1) { + if (len < 0) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; } - ilen = *d; - d++; - /* Consistency check */ - if ((ilen + 1) != len) { + CBS_init(&cbs, d, len); + if (!CBS_get_u8_length_prefixed(&cbs, &reneg) || + /* Consistency check */ + CBS_len(&cbs) != 0) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; @@ -168,22 +168,21 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, } /* Check that the extension matches */ - if (ilen != s->s3->previous_client_finished_len) { + if (CBS_len(&reneg) != s->s3->previous_client_finished_len) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; } - if (timingsafe_memcmp(d, s->s3->previous_client_finished, - s->s3->previous_client_finished_len) != 0) { + if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; } - s->s3->send_connection_binding = 1; return 1; -- cgit v1.2.3