s->init_num = 0;
s->s3->flags &= ~TLS1_FLAGS_SKIP_CERT_VERIFY;
- s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
/*
* Should have been reset by ssl3_get_finished, too.
*/
* not sent. Also for GOST ciphersuites when the client uses
* its key from the certificate for key exchange.
*/
-#if defined(OPENSSL_NO_NEXTPROTONEG)
- s->state = SSL3_ST_SR_FINISHED_A;
-#else
- if (s->s3->next_proto_neg_seen)
- s->state = SSL3_ST_SR_NEXT_PROTO_A;
- else
- s->state = SSL3_ST_SR_FINISHED_A;
-#endif
+ s->state = SSL3_ST_SR_CHANGE_A;
s->init_num = 0;
} else if (SSL_USE_SIGALGS(s)) {
s->state = SSL3_ST_SR_CERT_VRFY_A;
if (ret <= 0)
goto end;
-#if defined(OPENSSL_NO_NEXTPROTONEG)
- s->state = SSL3_ST_SR_FINISHED_A;
-#else
- if (s->s3->next_proto_neg_seen)
- s->state = SSL3_ST_SR_NEXT_PROTO_A;
- else
- s->state = SSL3_ST_SR_FINISHED_A;
-#endif
+ s->state = SSL3_ST_SR_CHANGE_A;
s->init_num = 0;
break;
#if !defined(OPENSSL_NO_NEXTPROTONEG)
case SSL3_ST_SR_NEXT_PROTO_A:
case SSL3_ST_SR_NEXT_PROTO_B:
- /*
- * Enable CCS for NPN. Receiving a CCS clears the flag, so make
- * sure not to re-enable it to ban duplicates. This *should* be the
- * first time we have received one - but we check anyway to be
- * cautious.
- * s->s3->change_cipher_spec is set when a CCS is
- * processed in s3_pkt.c, and remains set until
- * the client's Finished message is read.
- */
- if (!s->s3->change_cipher_spec)
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
-
ret = ssl3_get_next_proto(s);
if (ret <= 0)
goto end;
break;
#endif
+
+ case SSL3_ST_SR_CHANGE_A:
+ case SSL3_ST_SR_CHANGE_B:
+ ret = ssl3_get_change_cipher_spec(s, SSL3_ST_SR_CHANGE_A,
+ SSL3_ST_SR_CHANGE_B);
+ if (ret <= 0)
+ goto end;
+
+#if defined(OPENSSL_NO_NEXTPROTONEG)
+ s->state = SSL3_ST_SR_FINISHED_A;
+#else
+ if (s->s3->next_proto_neg_seen)
+ s->state = SSL3_ST_SR_NEXT_PROTO_A;
+ else
+ s->state = SSL3_ST_SR_FINISHED_A;
+#endif
+ s->init_num = 0;
+ break;
+
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
- /*
- * Enable CCS for handshakes without NPN. In NPN the CCS flag has
- * already been set. Receiving a CCS clears the flag, so make
- * sure not to re-enable it to ban duplicates.
- * s->s3->change_cipher_spec is set when a CCS is
- * processed in s3_pkt.c, and remains set until
- * the client's Finished message is read.
- */
- if (!s->s3->change_cipher_spec)
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
if (ret <= 0)
goto end;
s->state = SSL3_ST_SW_FLUSH;
if (s->hit) {
-#if defined(OPENSSL_NO_NEXTPROTONEG)
- s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
-#else
- if (s->s3->next_proto_neg_seen) {
- s->s3->tmp.next_state = SSL3_ST_SR_NEXT_PROTO_A;
- } else
- s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
-#endif
+ s->s3->tmp.next_state = SSL3_ST_SR_CHANGE_A;
} else
s->s3->tmp.next_state = SSL_ST_OK;
s->init_num = 0;
int ssl3_get_client_hello(SSL *s)
{
- int i, complen, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1;
- unsigned int cookie_len;
+ int i, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1;
+ unsigned int j, cipherlen, complen;
+ unsigned int cookie_len = 0;
long n;
unsigned long id;
- unsigned char *p, *d;
SSL_CIPHER *c;
#ifndef OPENSSL_NO_COMP
unsigned char *q = NULL;
#endif
STACK_OF(SSL_CIPHER) *ciphers = NULL;
int protverr = 1;
+ PACKET pkt;
+ unsigned char *sess, *cdata;
if (s->state == SSL3_ST_SR_CLNT_HELLO_C && !s->first_packet)
goto retry_cert;
if (!ok)
return ((int)n);
s->first_packet = 0;
- d = p = (unsigned char *)s->init_msg;
+ PACKET_buf_init(&pkt, s->init_msg, n);
/* First lets get s->client_version set correctly */
if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
+ unsigned int version;
+ unsigned int mt;
/*-
* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
* header is sent directly on the wire, not wrapped as a TLS
* ... ...
*/
- if (p[0] != SSL2_MT_CLIENT_HELLO) {
+ if (!PACKET_get_1(&pkt, &mt)
+ || mt != SSL2_MT_CLIENT_HELLO) {
/*
* Should never happen. We should have tested this in the record
* layer in order to have determined that this is a SSLv2 record
goto err;
}
- if ((p[1] == 0x00) && (p[2] == 0x02)) {
+ if (!PACKET_get_net_2(&pkt, &version)) {
+ /* No protocol version supplied! */
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
+ goto err;
+ }
+ if (version == 0x0002) {
/* This is real SSLv2. We don't support it. */
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
goto err;
- } else if (p[1] == SSL3_VERSION_MAJOR) {
+ } else if ((version & 0xff00) == (SSL3_VERSION_MAJOR << 8)) {
/* SSLv3/TLS */
- s->client_version = (((int)p[1]) << 8) | (int)p[2];
+ s->client_version = version;
} else {
/* No idea what protocol this is */
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
}
} else {
/*
- * 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte
- * for session id length
+ * use version from inside client hello, not from record header (may
+ * differ: see RFC 2246, Appendix E, second paragraph)
*/
- if (n < 2 + SSL3_RANDOM_SIZE + 1) {
+ if(!PACKET_get_net_2(&pkt, (unsigned int *)&s->client_version)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
-
- /*
- * use version from inside client hello, not from record header (may
- * differ: see RFC 2246, Appendix E, second paragraph)
- */
- s->client_version = (((int)p[0]) << 8) | (int)p[1];
}
/* Do SSL/TLS version negotiation if applicable */
*/
unsigned int csl, sil, cl;
- p += 3;
- n2s(p, csl);
- n2s(p, sil);
- n2s(p, cl);
-
- if (csl + sil + cl + MIN_SSL2_RECORD_LEN != (unsigned int) n) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
- al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ if (!PACKET_get_net_2(&pkt, &csl)
+ || !PACKET_get_net_2(&pkt, &sil)
+ || !PACKET_get_net_2(&pkt, &cl)) {
}
if (csl == 0) {
goto f_err;
}
- if (ssl_bytes_to_cipher_list(s, p, csl, &(ciphers), 1) == NULL) {
+ if (!PACKET_get_bytes(&pkt, &cdata, csl)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }
+
+ if (ssl_bytes_to_cipher_list(s, cdata, csl, &(ciphers), 1) == NULL) {
goto err;
}
* Ignore any session id. We don't allow resumption in a backwards
* compatible ClientHello
*/
+ if (!PACKET_forward(&pkt, sil)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }
s->hit = 0;
if (!ssl_get_new_session(s, 1))
/* Load the client random */
i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl;
memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE);
- memcpy(s->s3->client_random, &(p[csl + sil]), i);
-
- /* Set p to end of packet to ensure we don't look for extensions */
- p = d + n;
+ if (!PACKET_peek_copy_bytes(&pkt, s->s3->client_random, i)
+ || !PACKET_forward(&pkt, cl)
+ || !PACKET_remaining(&pkt) == 0) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }
/* No compression, so set complen to 0 */
complen = 0;
} else {
/* If we get here we've got SSLv3+ in an SSLv3+ record */
- p += 2;
+ /* load the client random and get the session-id */
+ if (!PACKET_copy_bytes(&pkt, s->s3->client_random, SSL3_RANDOM_SIZE)
+ || !PACKET_get_1(&pkt, &j)
+ || !PACKET_get_bytes(&pkt, &sess, j)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
/*
* If we require cookies and this ClientHello doesn't contain one, just
* cookie length...
*/
if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
- unsigned int session_length, cookie_length;
- session_length = *(p + SSL3_RANDOM_SIZE);
-
- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
+ if (!PACKET_peek_1(&pkt, &cookie_len)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
- cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
- if (cookie_length == 0)
+ if (cookie_len == 0)
return 1;
}
- /* load the client random */
- memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE);
- p += SSL3_RANDOM_SIZE;
-
- /* get the session-id */
- j = *(p++);
-
- if (p + j > d + n) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
-
s->hit = 0;
/*
* Versions before 0.9.7 always allow clients to resume sessions in
if (!ssl_get_new_session(s, 1))
goto err;
} else {
- i = ssl_get_prev_session(s, p, j, d + n);
+ i = ssl_get_prev_session(s, &pkt, sess, j);
/*
* Only resume if the session's version matches the negotiated
* version.
}
}
- p += j;
-
if (SSL_IS_DTLS(s)) {
- /* cookie stuff */
- if (p + 1 > d + n) {
+ if (!PACKET_get_1(&pkt, &cookie_len)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
- cookie_len = *(p++);
-
- if (p + cookie_len > d + n) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
-
/*
* The ClientHello may contain a cookie even if the
* HelloVerify message has not been sent--make sure that it
/* verify the cookie if appropriate option is set. */
if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)
&& cookie_len > 0) {
- memcpy(s->d1->rcvd_cookie, p, cookie_len);
+ /* Get cookie */
+ if (!PACKET_copy_bytes(&pkt, s->d1->rcvd_cookie,
+ cookie_len)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
if (s->ctx->app_verify_cookie_cb != NULL) {
if (s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
}
/* Set to -2 so if successful we return 2 */
ret = -2;
+ } else {
+ /* Skip over cookie */
+ if (!PACKET_forward(&pkt, cookie_len)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
}
- p += cookie_len;
if (s->method->version == DTLS_ANY_VERSION) {
/* Select version to use */
if (s->client_version <= DTLS1_2_VERSION &&
}
}
- if (p + 2 > d + n) {
+ if (!PACKET_get_net_2(&pkt, &cipherlen)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
- n2s(p, i);
- if (i == 0) {
+ if (cipherlen == 0) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED);
goto f_err;
}
- /* i bytes of cipher data + 1 byte for compression length later */
- if ((p + i + 1) > (d + n)) {
+ if (!PACKET_get_bytes(&pkt, &cdata, cipherlen)) {
/* not enough data */
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
- if (ssl_bytes_to_cipher_list(s, p, i, &(ciphers), 0) == NULL) {
+
+ if (ssl_bytes_to_cipher_list(s, cdata, cipherlen, &(ciphers), 0) == NULL) {
goto err;
}
- p += i;
/* If it is a hit, check that the cipher is in the list */
if (s->hit) {
}
/* compression */
- complen = *(p++);
- if ((p + complen) > (d + n)) {
+ if (!PACKET_get_1(&pkt, &complen)
+ || !PACKET_get_bytes(&pkt, &cdata, complen)) {
/* not enough data */
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
+
#ifndef OPENSSL_NO_COMP
- q = p;
+ q = cdata;
#endif
for (j = 0; j < complen; j++) {
- if (p[j] == 0)
+ if (cdata[j] == 0)
break;
}
- p += complen;
if (j >= complen) {
/* no compress */
al = SSL_AD_DECODE_ERROR;
/* TLS extensions */
if (s->version >= SSL3_VERSION) {
- if (!ssl_parse_clienthello_tlsext(s, &p, d, n)) {
+ if (!ssl_parse_clienthello_tlsext(s, &pkt)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT);
goto err;
}
/* This only happens if we have a cache hit */
if (s->session->compress_meth != 0) {
int m, comp_id = s->session->compress_meth;
+ unsigned int k;
/* Perform sanity checks on resumed compression algorithm */
/* Can't disable compression */
if (!ssl_allow_compression(s)) {
goto f_err;
}
/* Look for resumed method in compression list */
- for (m = 0; m < complen; m++) {
- if (q[m] == comp_id)
+ for (k = 0; k < complen; k++) {
+ if (q[k] == comp_id)
break;
}
- if (m >= complen) {
+ if (k >= complen) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
comp = NULL;
else if (ssl_allow_compression(s) && s->ctx->comp_methods) {
/* See if we have a match */
- int m, nn, o, v, done = 0;
+ int m, nn, v, done = 0;
+ unsigned int o;
nn = sk_SSL_COMP_num(s->ctx->comp_methods);
for (m = 0; m < nn; m++) {
int ssl3_get_cert_verify(SSL *s)
{
EVP_PKEY *pkey = NULL;
- unsigned char *p;
+ unsigned char *sig, *data;
int al, ok, ret = 0;
long n;
int type = 0, i, j;
+ unsigned int len;
X509 *peer;
const EVP_MD *md = NULL;
EVP_MD_CTX mctx;
+ PACKET pkt;
EVP_MD_CTX_init(&mctx);
/*
}
/* we now have a signature that we need to verify */
- p = (unsigned char *)s->init_msg;
+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
+ al = SSL_AD_INTERNAL_ERROR;
+ goto f_err;
+ }
/* Check for broken implementations of GOST ciphersuites */
/*
* If key is GOST and n is exactly 64, it is bare signature without
*/
if (n == 64 && (pkey->type == NID_id_GostR3410_94 ||
pkey->type == NID_id_GostR3410_2001)) {
- i = 64;
+ len = 64;
} else {
if (SSL_USE_SIGALGS(s)) {
- int rv = tls12_check_peer_sigalg(&md, s, p, pkey);
+ int rv;
+
+ if (!PACKET_get_bytes(&pkt, &sig, 2)) {
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }
+ rv = tls12_check_peer_sigalg(&md, s, sig, pkey);
if (rv == -1) {
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
#ifdef SSL_DEBUG
fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
#endif
- p += 2;
- n -= 2;
}
- n2s(p, i);
- n -= 2;
- if (i > n) {
+ if (!PACKET_get_net_2(&pkt, &len)) {
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR;
goto f_err;
}
}
j = EVP_PKEY_size(pkey);
- if ((i > j) || (n > j) || (n <= 0)) {
+ if (((int)len > j) || ((int)PACKET_remaining(&pkt) > j) || (n <= 0)) {
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE);
al = SSL_AD_DECODE_ERROR;
goto f_err;
}
+ if (!PACKET_get_bytes(&pkt, &data, len)) {
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }
if (SSL_USE_SIGALGS(s)) {
long hdatalen = 0;
goto f_err;
}
- if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) {
+ if (EVP_VerifyFinal(&mctx, data, len, pkey) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_SIGNATURE);
goto f_err;
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA) {
i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
- MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i,
+ MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, data, len,
pkey->pkey.rsa);
if (i < 0) {
al = SSL_AD_DECRYPT_ERROR;
if (pkey->type == EVP_PKEY_DSA) {
j = DSA_verify(pkey->save_type,
&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa);
+ SHA_DIGEST_LENGTH, data, len, pkey->pkey.dsa);
if (j <= 0) {
/* bad signature */
al = SSL_AD_DECRYPT_ERROR;
if (pkey->type == EVP_PKEY_EC) {
j = ECDSA_verify(pkey->save_type,
&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH, p, i, pkey->pkey.ec);
+ SHA_DIGEST_LENGTH, data, len, pkey->pkey.ec);
if (j <= 0) {
/* bad signature */
al = SSL_AD_DECRYPT_ERROR;
int idx;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
EVP_PKEY_verify_init(pctx);
- if (i != 64) {
- fprintf(stderr, "GOST signature length is %d", i);
+ if (len != 64) {
+ fprintf(stderr, "GOST signature length is %d", len);
}
for (idx = 0; idx < 64; idx++) {
- signature[63 - idx] = p[idx];
+ signature[63 - idx] = data[idx];
}
j = EVP_PKEY_verify(pctx, signature, 64, s->s3->tmp.cert_verify_md,
32);
{
int i, ok, al, ret = -1;
X509 *x = NULL;
- unsigned long l, nc, llen, n;
- const unsigned char *p, *q;
- unsigned char *d;
+ unsigned long l, llen, n;
+ const unsigned char *certstart;
+ unsigned char *certbytes;
STACK_OF(X509) *sk = NULL;
+ PACKET pkt, spkt;
n = s->method->ssl_get_message(s,
SSL3_ST_SR_CERT_A,
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, SSL_R_WRONG_MESSAGE_TYPE);
goto f_err;
}
- p = d = (unsigned char *)s->init_msg;
+
+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
if ((sk = sk_X509_new_null()) == NULL) {
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
goto done;
}
- n2l3(p, llen);
- if (llen + 3 != n) {
+ if (!PACKET_get_net_3(&pkt, &llen)
+ || !PACKET_get_sub_packet(&pkt, &spkt, llen)
+ || PACKET_remaining(&pkt) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
- for (nc = 0; nc < llen;) {
- n2l3(p, l);
- if ((l + nc + 3) > llen) {
+
+ while (PACKET_remaining(&spkt) > 0) {
+ if (!PACKET_get_net_3(&spkt, &l)
+ || !PACKET_get_bytes(&spkt, &certbytes, l)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
SSL_R_CERT_LENGTH_MISMATCH);
goto f_err;
}
- q = p;
- x = d2i_X509(NULL, &p, l);
+ certstart = certbytes;
+ x = d2i_X509(NULL, (const unsigned char **)&certbytes, l);
if (x == NULL) {
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB);
goto done;
}
- if (p != (q + l)) {
+ if (certbytes != (certstart + l)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
SSL_R_CERT_LENGTH_MISMATCH);
goto done;
}
x = NULL;
- nc += l + 3;
}
if (sk_X509_num(sk) <= 0) {
int ssl3_get_next_proto(SSL *s)
{
int ok;
- int proto_len, padding_len;
+ unsigned int proto_len, padding_len;
long n;
- const unsigned char *p;
+ PACKET pkt;
/*
* Clients cannot send a NextProtocol message if we didn't see the
}
if (n < 2) {
- s->state = SSL_ST_ERR;
- return 0; /* The body must be > 1 bytes long */
+ goto err; /* The body must be > 1 bytes long */
}
- p = (unsigned char *)s->init_msg;
+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
/*-
* The payload looks like:
* uint8 padding_len;
* uint8 padding[padding_len];
*/
- proto_len = p[0];
- if (proto_len + 2 > s->init_num) {
- s->state = SSL_ST_ERR;
- return 0;
- }
- padding_len = p[proto_len + 1];
- if (proto_len + padding_len + 2 != s->init_num) {
- s->state = SSL_ST_ERR;
- return 0;
+ if (!PACKET_get_1(&pkt, &proto_len)){
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_LENGTH_MISMATCH);
+ goto err;
}
s->next_proto_negotiated = OPENSSL_malloc(proto_len);
- if (!s->next_proto_negotiated) {
+ if (s->next_proto_negotiated == NULL) {
SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE);
- s->state = SSL_ST_ERR;
- return 0;
+ goto err;
+ }
+
+ if (!PACKET_copy_bytes(&pkt, s->next_proto_negotiated, proto_len)
+ || !PACKET_get_1(&pkt, &padding_len)
+ || PACKET_remaining(&pkt) != padding_len) {
+ OPENSSL_free(s->next_proto_negotiated);
+ s->next_proto_negotiated = NULL;
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_LENGTH_MISMATCH);
+ goto err;
}
- memcpy(s->next_proto_negotiated, p + 1, proto_len);
- s->next_proto_negotiated_len = proto_len;
return 1;
+err:
+ s->state = SSL_ST_ERR;
+ return 0;
}
#endif