int ssl3_get_client_hello(SSL *s)
{
int i, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1;
- unsigned int j, cipherlen, complen;
- unsigned int cookie_len = 0;
+ unsigned int j, complen = 0;
long n;
unsigned long id;
SSL_CIPHER *c;
#ifndef OPENSSL_NO_COMP
- unsigned char *q = NULL;
SSL_COMP *comp = NULL;
#endif
STACK_OF(SSL_CIPHER) *ciphers = NULL;
int protverr = 1;
- PACKET pkt;
- unsigned char *sess, *cdata;
+ PACKET pkt, cipher_suite, compression;
if (s->state == SSL3_ST_SR_CLNT_HELLO_C && !s->first_packet)
goto retry_cert;
if (!ok)
return ((int)n);
s->first_packet = 0;
- PACKET_buf_init(&pkt, s->init_msg, n);
+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ al = SSL_AD_INTERNAL_ERROR;
+ goto f_err;
+ }
/* First lets get s->client_version set correctly */
if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
* Note, this is only for SSLv3+ using the backward compatible format.
* Real SSLv2 is not supported, and is rejected above.
*/
- unsigned int csl, sil, cl;
+ unsigned int cipher_len, session_id_len, challenge_len;
- if (!PACKET_get_net_2(&pkt, &csl)
- || !PACKET_get_net_2(&pkt, &sil)
- || !PACKET_get_net_2(&pkt, &cl)) {
+ if (!PACKET_get_net_2(&pkt, &cipher_len)
+ || !PACKET_get_net_2(&pkt, &session_id_len)
+ || !PACKET_get_net_2(&pkt, &challenge_len)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
}
- if (csl == 0) {
+ if (cipher_len == 0) {
/* we need at least one cipher */
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED);
goto f_err;
}
- if (!PACKET_get_bytes(&pkt, &cdata, csl)) {
+ if (!PACKET_get_sub_packet(&pkt, &cipher_suite, cipher_len)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR;
goto f_err;
}
- if (ssl_bytes_to_cipher_list(s, cdata, csl, &(ciphers), 1) == NULL) {
+ if (ssl_bytes_to_cipher_list(s, PACKET_data(&cipher_suite),
+ cipher_len, &(ciphers), 1) == NULL) {
goto err;
}
* Ignore any session id. We don't allow resumption in a backwards
* compatible ClientHello
*/
- if (!PACKET_forward(&pkt, sil)) {
+ if (!PACKET_forward(&pkt, session_id_len)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR;
goto f_err;
goto err;
/* Load the client random */
- i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl;
+ i = challenge_len > SSL3_RANDOM_SIZE ? SSL3_RANDOM_SIZE : challenge_len;
memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE);
- if (!PACKET_peek_copy_bytes(&pkt, s->s3->client_random, i)
- || !PACKET_forward(&pkt, cl)
- || !PACKET_remaining(&pkt) == 0) {
+ if (!PACKET_peek_copy_bytes(&pkt,
+ s->s3->client_random + SSL3_RANDOM_SIZE - i,
+ i)
+ || !PACKET_forward(&pkt, challenge_len)
+ || PACKET_remaining(&pkt) != 0) {
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR;
goto f_err;
}
-
- /* No compression, so set complen to 0 */
- complen = 0;
} else {
/* If we get here we've got SSLv3+ in an SSLv3+ record */
-
+ PACKET session_id;
+ unsigned int cookie_len;
/* load the client random and get the session-id */
if (!PACKET_copy_bytes(&pkt, s->s3->client_random, SSL3_RANDOM_SIZE)
- || !PACKET_get_1(&pkt, &j)
- || !PACKET_get_bytes(&pkt, &sess, j)) {
+ || !PACKET_get_length_prefixed_1(&pkt, &session_id)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
if (!ssl_get_new_session(s, 1))
goto err;
} else {
- i = ssl_get_prev_session(s, &pkt, sess, j);
+ /*
+ * TODO(openssl-team): ssl_get_prev_session passes a non-const
+ * 'unsigned char*' session id to a user callback. Grab a copy of
+ * the data?
+ */
+ i = ssl_get_prev_session(s, &pkt, PACKET_data(&session_id),
+ PACKET_remaining(&session_id));
/*
* Only resume if the session's version matches the negotiated
* version.
}
if (SSL_IS_DTLS(s)) {
- if (!PACKET_get_1(&pkt, &cookie_len)) {
+ PACKET cookie;
+ if (!PACKET_get_length_prefixed_1(&pkt, &cookie)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
+ cookie_len = PACKET_remaining(&cookie);
/*
* The ClientHello may contain a cookie even if the
* HelloVerify message has not been sent--make sure that it
if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)
&& cookie_len > 0) {
/* Get cookie */
- if (!PACKET_copy_bytes(&pkt, s->d1->rcvd_cookie,
- cookie_len)) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+ /*
+ * TODO(openssl-team): rcvd_cookie appears unused outside this
+ * function. Remove the field?
+ */
+ if (!PACKET_copy_bytes(&cookie, s->d1->rcvd_cookie, cookie_len)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
goto f_err;
}
}
/* Set to -2 so if successful we return 2 */
ret = -2;
- } else {
- /* Skip over cookie */
- if (!PACKET_forward(&pkt, cookie_len)) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
}
-
if (s->method->version == DTLS_ANY_VERSION) {
/* Select version to use */
if (s->client_version <= DTLS1_2_VERSION &&
}
}
- if (!PACKET_get_net_2(&pkt, &cipherlen)) {
+ if (!PACKET_get_length_prefixed_2(&pkt, &cipher_suite)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
- if (cipherlen == 0) {
+ if (PACKET_remaining(&cipher_suite) == 0) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED);
goto f_err;
}
- if (!PACKET_get_bytes(&pkt, &cdata, cipherlen)) {
- /* not enough data */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
-
- if (ssl_bytes_to_cipher_list(s, cdata, cipherlen, &(ciphers), 0) == NULL) {
+ if (ssl_bytes_to_cipher_list(s, PACKET_data(&cipher_suite),
+ PACKET_remaining(&cipher_suite),
+ &(ciphers), 0) == NULL) {
goto err;
}
}
/* compression */
- if (!PACKET_get_1(&pkt, &complen)
- || !PACKET_get_bytes(&pkt, &cdata, complen)) {
+ if (!PACKET_get_length_prefixed_1(&pkt, &compression)) {
/* not enough data */
al = SSL_AD_DECODE_ERROR;
+ /*
+ * TODO(openssl-team):
+ * SSL_R_LENGTH_TOO_SHORT and SSL_R_LENGTH_MISMATCH are used
+ * interchangeably. Pick one.
+ */
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
-#ifndef OPENSSL_NO_COMP
- q = cdata;
-#endif
+ complen = PACKET_remaining(&compression);
for (j = 0; j < complen; j++) {
- if (cdata[j] == 0)
+ if (PACKET_data(&compression)[j] == 0)
break;
}
}
/* Look for resumed method in compression list */
for (k = 0; k < complen; k++) {
- if (q[k] == comp_id)
+ if (PACKET_data(&compression)[k] == comp_id)
break;
}
if (k >= complen) {
comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
v = comp->id;
for (o = 0; o < complen; o++) {
- if (v == q[o]) {
+ if (v == PACKET_data(&compression)[o]) {
done = 1;
break;
}
int ssl3_get_client_key_exchange(SSL *s)
{
- int i, al, ok;
+ unsigned int i;
+ int al, ok;
long n;
unsigned long alg_k;
- unsigned char *p;
#ifndef OPENSSL_NO_RSA
RSA *rsa = NULL;
EVP_PKEY *pkey = NULL;
EC_POINT *clnt_ecpoint = NULL;
BN_CTX *bn_ctx = NULL;
#endif
+ PACKET pkt;
+ unsigned char *data;
+ size_t remain;
n = s->method->ssl_get_message(s,
SSL3_ST_SR_KEY_EXCH_A,
if (!ok)
return ((int)n);
- p = (unsigned char *)s->init_msg;
+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
if (alg_k & SSL_PSK) {
unsigned char psk[PSK_MAX_PSK_LEN];
size_t psklen;
- if (n < 2) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- n2s(p, i);
- if (i + 2 > n) {
+
+ if (!PACKET_get_net_2(&pkt, &i)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
OPENSSL_free(s->session->psk_identity);
- s->session->psk_identity = BUF_strndup((char *)p, i);
-
+ s->session->psk_identity = OPENSSL_malloc(i + 1);
if (s->session->psk_identity == NULL) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
ERR_R_MALLOC_FAILURE);
goto f_err;
}
+ if (!PACKET_copy_bytes(&pkt, (unsigned char *)s->session->psk_identity,
+ i)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ s->session->psk_identity[i] = '\0';
psklen = s->psk_server_callback(s, s->session->psk_identity,
psk, sizeof(psk));
}
s->s3->tmp.psklen = psklen;
-
- n -= i + 2;
- p += i;
}
if (alg_k & SSL_kPSK) {
/* Identity extracted earlier: should be nothing left */
- if (n != 0) {
+ if (PACKET_remaining(&pkt) != 0) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
goto f_err;
/* TLS and [incidentally] DTLS{0xFEFF} */
if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) {
- n2s(p, i);
- if (n != i + 2) {
+ if (!PACKET_get_net_2(&pkt, &i)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ remain = PACKET_remaining(&pkt);
+ if (remain != i) {
if (!(s->options & SSL_OP_TLS_D5_BUG)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
goto f_err;
- } else
- p -= 2;
- } else
- n = i;
+ } else {
+ remain += 2;
+ if (!PACKET_back(&pkt, 2)) {
+ /*
+ * We already read these 2 bytes so this should never
+ * fail
+ */
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+ }
+ }
+ } else {
+ remain = PACKET_remaining(&pkt);
}
/*
* actual expected size is larger due to RSA padding, but the
* bound is sufficient to be safe.
*/
- if (n < SSL_MAX_MASTER_KEY_LENGTH) {
+
+ if (remain < SSL_MAX_MASTER_KEY_LENGTH) {
al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
goto f_err;
}
+ if (!PACKET_get_bytes(&pkt, &data, remain)) {
+ /* We already checked we had enough data so this shouldn't happen */
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
/*
* We must not leak whether a decryption failure occurs because of
* Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
sizeof(rand_premaster_secret)) <= 0)
goto err;
decrypt_len =
- RSA_private_decrypt((int)n, p, p, rsa, RSA_PKCS1_PADDING);
+ RSA_private_decrypt(remain, data, data, rsa, RSA_PKCS1_PADDING);
ERR_clear_error();
/*
* constant time and are treated like any other decryption error.
*/
version_good =
- constant_time_eq_8(p[0], (unsigned)(s->client_version >> 8));
+ constant_time_eq_8(data[0], (unsigned)(s->client_version >> 8));
version_good &=
- constant_time_eq_8(p[1], (unsigned)(s->client_version & 0xff));
+ constant_time_eq_8(data[1], (unsigned)(s->client_version & 0xff));
/*
* The premaster secret must contain the same version number as the
if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {
unsigned char workaround_good;
workaround_good =
- constant_time_eq_8(p[0], (unsigned)(s->version >> 8));
+ constant_time_eq_8(data[0], (unsigned)(s->version >> 8));
workaround_good &=
- constant_time_eq_8(p[1], (unsigned)(s->version & 0xff));
+ constant_time_eq_8(data[1], (unsigned)(s->version & 0xff));
version_good |= workaround_good;
}
* it is still sufficiently large to read from.
*/
for (j = 0; j < sizeof(rand_premaster_secret); j++) {
- p[j] = constant_time_select_8(decrypt_good, p[j],
+ data[j] = constant_time_select_8(decrypt_good, data[j],
rand_premaster_secret[j]);
}
- if (!ssl_generate_master_secret(s, p, sizeof(rand_premaster_secret), 0)) {
+ if (!ssl_generate_master_secret(s, data, sizeof(rand_premaster_secret),
+ 0)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd | SSL_kDHEPSK)) {
int idx = -1;
EVP_PKEY *skey = NULL;
- if (n > 1) {
- n2s(p, i);
- } else {
+ size_t bookm;
+ unsigned char shared[(OPENSSL_DH_MAX_MODULUS_BITS + 7) / 8];
+
+ if (!PACKET_get_bookmark(&pkt, &bookm)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+ if (!PACKET_get_net_2(&pkt, &i)) {
if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
}
i = 0;
}
- if (n && n != i + 2) {
+ if (PACKET_remaining(&pkt) != i) {
if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
goto err;
} else {
- p -= 2;
- i = (int)n;
+ if (!PACKET_goto_bookmark(&pkt, bookm)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+ i = PACKET_remaining(&pkt);
}
}
if (alg_k & SSL_kDHr)
}
EVP_PKEY_free(clkey);
pub = dh_clnt->pub_key;
- } else
- pub = BN_bin2bn(p, i, NULL);
+ } else {
+ if (!PACKET_get_bytes(&pkt, &data, i)) {
+ /* We already checked we have enough data */
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+ pub = BN_bin2bn(data, i, NULL);
+ }
if (pub == NULL) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
goto err;
}
- i = DH_compute_key(p, pub, dh_srvr);
+ i = DH_compute_key(shared, pub, dh_srvr);
if (i <= 0) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
else
BN_clear_free(pub);
pub = NULL;
- if (!ssl_generate_master_secret(s, p, i, 0)) {
+ if (!ssl_generate_master_secret(s, shared, i, 0)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
const EC_KEY *tkey;
const EC_GROUP *group;
const BIGNUM *priv_key;
+ unsigned char *shared;
/* initialize structures for server's ECDH key pair */
if ((srvr_ecdh = EC_KEY_new()) == NULL) {
}
/* Get encoded point length */
- i = *p;
- p += 1;
- if (n != 1 + i) {
+ if (!PACKET_get_1(&pkt, &i)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ if (!PACKET_get_bytes(&pkt, &data, i)
+ || PACKET_remaining(&pkt) != 0) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
goto err;
}
- if (EC_POINT_oct2point(group, clnt_ecpoint, p, i, bn_ctx) == 0) {
+ if (EC_POINT_oct2point(group, clnt_ecpoint, data, i, bn_ctx) == 0) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
goto err;
}
- /*
- * p is pointing to somewhere in the buffer currently, so set it
- * to the start
- */
- p = (unsigned char *)s->init_buf->data;
}
/* Compute the shared pre-master secret */
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
goto err;
}
- i = ECDH_compute_key(p, (field_size + 7) / 8, clnt_ecpoint, srvr_ecdh,
- NULL);
+ shared = OPENSSL_malloc((field_size + 7) / 8);
+ if (shared == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ i = ECDH_compute_key(shared, (field_size + 7) / 8, clnt_ecpoint,
+ srvr_ecdh, NULL);
if (i <= 0) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+ OPENSSL_free(shared);
goto err;
}
EC_KEY_free(s->s3->tmp.ecdh);
s->s3->tmp.ecdh = NULL;
- if (!ssl_generate_master_secret(s, p, i, 0)) {
+ if (!ssl_generate_master_secret(s, shared, i, 1)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
#endif
#ifndef OPENSSL_NO_SRP
if (alg_k & SSL_kSRP) {
- int param_len;
-
- n2s(p, i);
- param_len = i + 2;
- if (param_len > n) {
+ if (!PACKET_get_net_2(&pkt, &i)
+ || !PACKET_get_bytes(&pkt, &data, i)) {
al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_BAD_SRP_A_LENGTH);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_SRP_A_LENGTH);
goto f_err;
}
- if ((s->srp_ctx.A = BN_bin2bn(p, i, NULL)) == NULL) {
+ if ((s->srp_ctx.A = BN_bin2bn(data, i, NULL)) == NULL) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_BN_LIB);
goto err;
}
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}
-
- p += i;
} else
#endif /* OPENSSL_NO_SRP */
if (alg_k & SSL_kGOST) {
/* Get our certificate private key */
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
- if (alg_a & SSL_aGOST94)
- pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
- else if (alg_a & SSL_aGOST01)
+ if (alg_a & SSL_aGOST01)
pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
ERR_clear_error();
}
/* Decrypt session key */
+ if (!PACKET_get_bytes(&pkt, &data, n)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
if (ASN1_get_object
- ((const unsigned char **)&p, &Tlen, &Ttag, &Tclass,
+ ((const unsigned char **)&data, &Tlen, &Ttag, &Tclass,
n) != V_ASN1_CONSTRUCTED || Ttag != V_ASN1_SEQUENCE
|| Tclass != V_ASN1_UNIVERSAL) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED);
goto gerr;
}
- start = p;
+ start = data;
inlen = Tlen;
if (EVP_PKEY_decrypt
(pkey_ctx, premaster_secret, &outlen, start, inlen) <= 0) {
int ssl3_get_cert_verify(SSL *s)
{
EVP_PKEY *pkey = NULL;
- unsigned char *p;
+ unsigned char *sig, *data;
int al, ok, ret = 0;
long n;
int type = 0, i, j;
+ unsigned int len;
X509 *peer;
const EVP_MD *md = NULL;
EVP_MD_CTX mctx;
+ PACKET pkt;
EVP_MD_CTX_init(&mctx);
/*
}
/* we now have a signature that we need to verify */
- p = (unsigned char *)s->init_msg;
+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
+ al = SSL_AD_INTERNAL_ERROR;
+ goto f_err;
+ }
/* Check for broken implementations of GOST ciphersuites */
/*
* If key is GOST and n is exactly 64, it is bare signature without
* length field
*/
- if (n == 64 && (pkey->type == NID_id_GostR3410_94 ||
- pkey->type == NID_id_GostR3410_2001)) {
- i = 64;
+ if (n == 64 && pkey->type == NID_id_GostR3410_2001) {
+ len = 64;
} else {
if (SSL_USE_SIGALGS(s)) {
- int rv = tls12_check_peer_sigalg(&md, s, p, pkey);
+ int rv;
+
+ if (!PACKET_get_bytes(&pkt, &sig, 2)) {
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }
+ rv = tls12_check_peer_sigalg(&md, s, sig, pkey);
if (rv == -1) {
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
#ifdef SSL_DEBUG
fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
#endif
- p += 2;
- n -= 2;
}
- n2s(p, i);
- n -= 2;
- if (i > n) {
+ if (!PACKET_get_net_2(&pkt, &len)) {
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR;
goto f_err;
}
}
j = EVP_PKEY_size(pkey);
- if ((i > j) || (n > j) || (n <= 0)) {
+ if (((int)len > j) || ((int)PACKET_remaining(&pkt) > j) || (n <= 0)) {
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE);
al = SSL_AD_DECODE_ERROR;
goto f_err;
}
+ if (!PACKET_get_bytes(&pkt, &data, len)) {
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }
if (SSL_USE_SIGALGS(s)) {
long hdatalen = 0;
goto f_err;
}
- if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) {
+ if (EVP_VerifyFinal(&mctx, data, len, pkey) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_SIGNATURE);
goto f_err;
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA) {
i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
- MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i,
+ MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, data, len,
pkey->pkey.rsa);
if (i < 0) {
al = SSL_AD_DECRYPT_ERROR;
if (pkey->type == EVP_PKEY_DSA) {
j = DSA_verify(pkey->save_type,
&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa);
+ SHA_DIGEST_LENGTH, data, len, pkey->pkey.dsa);
if (j <= 0) {
/* bad signature */
al = SSL_AD_DECRYPT_ERROR;
if (pkey->type == EVP_PKEY_EC) {
j = ECDSA_verify(pkey->save_type,
&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH, p, i, pkey->pkey.ec);
+ SHA_DIGEST_LENGTH, data, len, pkey->pkey.ec);
if (j <= 0) {
/* bad signature */
al = SSL_AD_DECRYPT_ERROR;
}
} else
#endif
- if (pkey->type == NID_id_GostR3410_94
- || pkey->type == NID_id_GostR3410_2001) {
+ if (pkey->type == NID_id_GostR3410_2001) {
unsigned char signature[64];
int idx;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
EVP_PKEY_verify_init(pctx);
- if (i != 64) {
- fprintf(stderr, "GOST signature length is %d", i);
+ if (len != 64) {
+ fprintf(stderr, "GOST signature length is %d", len);
}
for (idx = 0; idx < 64; idx++) {
- signature[63 - idx] = p[idx];
+ signature[63 - idx] = data[idx];
}
j = EVP_PKEY_verify(pctx, signature, 64, s->s3->tmp.cert_verify_md,
32);
{
int i, ok, al, ret = -1;
X509 *x = NULL;
- unsigned long l, nc, llen, n;
- const unsigned char *p, *q;
- unsigned char *d;
+ unsigned long l, llen, n;
+ const unsigned char *certstart;
+ unsigned char *certbytes;
STACK_OF(X509) *sk = NULL;
+ PACKET pkt, spkt;
n = s->method->ssl_get_message(s,
SSL3_ST_SR_CERT_A,
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, SSL_R_WRONG_MESSAGE_TYPE);
goto f_err;
}
- p = d = (unsigned char *)s->init_msg;
+
+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
if ((sk = sk_X509_new_null()) == NULL) {
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
goto done;
}
- n2l3(p, llen);
- if (llen + 3 != n) {
+ if (!PACKET_get_net_3(&pkt, &llen)
+ || !PACKET_get_sub_packet(&pkt, &spkt, llen)
+ || PACKET_remaining(&pkt) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
- for (nc = 0; nc < llen;) {
- n2l3(p, l);
- if ((l + nc + 3) > llen) {
+
+ while (PACKET_remaining(&spkt) > 0) {
+ if (!PACKET_get_net_3(&spkt, &l)
+ || !PACKET_get_bytes(&spkt, &certbytes, l)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
SSL_R_CERT_LENGTH_MISMATCH);
goto f_err;
}
- q = p;
- x = d2i_X509(NULL, &p, l);
+ certstart = certbytes;
+ x = d2i_X509(NULL, (const unsigned char **)&certbytes, l);
if (x == NULL) {
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB);
goto done;
}
- if (p != (q + l)) {
+ if (certbytes != (certstart + l)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
SSL_R_CERT_LENGTH_MISMATCH);
goto done;
}
x = NULL;
- nc += l + 3;
}
if (sk_X509_num(sk) <= 0) {
int ssl3_get_next_proto(SSL *s)
{
int ok;
- int proto_len, padding_len;
+ unsigned int proto_len, padding_len;
long n;
- const unsigned char *p;
+ PACKET pkt;
/*
* Clients cannot send a NextProtocol message if we didn't see the
}
if (n < 2) {
- s->state = SSL_ST_ERR;
- return 0; /* The body must be > 1 bytes long */
+ goto err; /* The body must be > 1 bytes long */
}
- p = (unsigned char *)s->init_msg;
+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
/*-
* The payload looks like:
* uint8 padding_len;
* uint8 padding[padding_len];
*/
- proto_len = p[0];
- if (proto_len + 2 > s->init_num) {
- s->state = SSL_ST_ERR;
- return 0;
- }
- padding_len = p[proto_len + 1];
- if (proto_len + padding_len + 2 != s->init_num) {
- s->state = SSL_ST_ERR;
- return 0;
+ if (!PACKET_get_1(&pkt, &proto_len)){
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_LENGTH_MISMATCH);
+ goto err;
}
s->next_proto_negotiated = OPENSSL_malloc(proto_len);
- if (!s->next_proto_negotiated) {
+ if (s->next_proto_negotiated == NULL) {
SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE);
- s->state = SSL_ST_ERR;
- return 0;
+ goto err;
+ }
+
+ if (!PACKET_copy_bytes(&pkt, s->next_proto_negotiated, proto_len)
+ || !PACKET_get_1(&pkt, &padding_len)
+ || PACKET_remaining(&pkt) != padding_len) {
+ OPENSSL_free(s->next_proto_negotiated);
+ s->next_proto_negotiated = NULL;
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_LENGTH_MISMATCH);
+ goto err;
}
- memcpy(s->next_proto_negotiated, p + 1, proto_len);
- s->next_proto_negotiated_len = proto_len;
return 1;
+err:
+ s->state = SSL_ST_ERR;
+ return 0;
}
#endif