for (j = 0; j <= 1; j++) {
if (!tls1_get_curvelist(s, j, &pcurves, &num_curves))
return 0;
+ if (j == 1 && num_curves == 0) {
+ /*
+ * If we've not received any curves then skip this check.
+ * RFC 4492 does not require the supported elliptic curves extension
+ * so if it is not sent we can just choose any curve.
+ * It is invalid to send an empty list in the elliptic curves
+ * extension, so num_curves == 0 always means no extension.
+ */
+ break;
+ }
for (i = 0; i < num_curves; i++, pcurves += 2) {
if (pcurves[0] == curve_id[0] && pcurves[1] == curve_id[1])
break;
return rv;
}
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
/* Check EC temporary key is compatible with client extensions */
int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
{
return tls1_check_ec_key(s, curve_id, NULL);
# endif
}
-# endif /* OPENSSL_NO_ECDH */
+# endif /* OPENSSL_NO_EC */
#else
# define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
# endif
-# ifdef OPENSSL_NO_ECDSA
-# define tlsext_sigalg_ecdsa(md)
- /* */
+# ifdef OPENSSL_NO_EC
+# define tlsext_sigalg_ecdsa(md) /* */
# else
# define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa,
# endif
tlsext_sigalg(TLSEXT_hash_sha1)
};
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
static const unsigned char suiteb_sigalgs[] = {
tlsext_sigalg_ecdsa(TLSEXT_hash_sha256)
tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
int el;
- ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);
+ /* Returns 0 on success!! */
+ if (ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0)) {
+ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+ return NULL;
+ }
if ((limit - ret - 4 - el) < 0)
return NULL;
if (SSL_IS_DTLS(s) && s->srtp_profile) {
int el;
- ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);
-
+ /* Returns 0 on success!! */
+ if(ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0)) {
+ SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+ return NULL;
+ }
if ((limit - ret - 4 - el) < 0)
return NULL;
if (data + size > (d + n))
goto ri_check;
-# if 0
- fprintf(stderr, "Received extension type %d size %d\n", type, size);
-# endif
if (s->tlsext_debug_cb)
s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg);
if (type == TLSEXT_TYPE_renegotiate) {
memcpy(s->session->tlsext_ecpointformatlist, sdata,
ecpointformatlist_length);
}
-# if 0
- fprintf(stderr,
- "ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ",
- s->session->tlsext_ecpointformatlist_length);
- sdata = s->session->tlsext_ecpointformatlist;
- for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
- fprintf(stderr, "%i ", *(sdata++));
- fprintf(stderr, "\n");
-# endif
} else if (type == TLSEXT_TYPE_elliptic_curves) {
unsigned char *sdata = data;
int ellipticcurvelist_length = (*(sdata++) << 8);
memcpy(s->session->tlsext_ellipticcurvelist, sdata,
ellipticcurvelist_length);
}
-# if 0
- fprintf(stderr,
- "ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ",
- s->session->tlsext_ellipticcurvelist_length);
- sdata = s->session->tlsext_ellipticcurvelist;
- for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++)
- fprintf(stderr, "%i ", *(sdata++));
- fprintf(stderr, "\n");
-# endif
}
# endif /* OPENSSL_NO_EC */
else if (type == TLSEXT_TYPE_session_ticket) {
memcpy(s->session->tlsext_ecpointformatlist, sdata,
ecpointformatlist_length);
}
-# if 0
- fprintf(stderr,
- "ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist ");
- sdata = s->session->tlsext_ecpointformatlist;
- for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
- fprintf(stderr, "%i ", *(sdata++));
- fprintf(stderr, "\n");
-# endif
}
# endif /* OPENSSL_NO_EC */
if (s->cert->shared_sigalgs) {
OPENSSL_free(s->cert->shared_sigalgs);
s->cert->shared_sigalgs = NULL;
+ s->cert->shared_sigalgslen = 0;
}
/* Clear certificate digests and validity flags */
for (i = 0; i < SSL_PKEY_NUM; i++) {
case TLSEXT_signature_dsa:
return SSL_PKEY_DSA_SIGN;
# endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
case TLSEXT_signature_ecdsa:
return SSL_PKEY_ECC;
# endif
have_dsa = 1;
break;
# endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
case TLSEXT_signature_ecdsa:
if (!have_ecdsa && tls12_sigalg_allowed(s, op, sigalgs))
have_ecdsa = 1;
if (c->shared_sigalgs) {
OPENSSL_free(c->shared_sigalgs);
c->shared_sigalgs = NULL;
+ c->shared_sigalgslen = 0;
}
/* If client use client signature algorithms if not NULL */
if (!s->server && c->client_sigalgs && !is_suiteb) {
preflen = c->peer_sigalgslen;
}
nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen);
- if (!nmatch)
- return 1;
- salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
- if (!salgs)
- return 0;
- nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen);
+ if (nmatch) {
+ salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
+ if (!salgs)
+ return 0;
+ nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen);
+ } else {
+ salgs = NULL;
+ }
c->shared_sigalgs = salgs;
c->shared_sigalgslen = nmatch;
return 1;
c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
}
# endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
if (!c->pkeys[SSL_PKEY_ECC].digest)
c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
# endif
}
# ifndef OPENSSL_NO_HEARTBEATS
-int tls1_process_heartbeat(SSL *s)
+int tls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length)
{
- unsigned char *p = &s->s3->rrec.data[0], *pl;
+ unsigned char *pl;
unsigned short hbtype;
unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */
if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
- &s->s3->rrec.data[0], s->s3->rrec.length,
+ p, length,
s, s->msg_callback_arg);
/* Read type and payload length first */
- if (1 + 2 + 16 > s->s3->rrec.length)
+ if (1 + 2 + 16 > length)
return 0; /* silently discard */
hbtype = *p++;
n2s(p, payload);
- if (1 + 2 + payload + 16 > s->s3->rrec.length)
+ if (1 + 2 + payload + 16 > length)
return 0; /* silently discard per RFC 6520 sec. 4 */
pl = p;
memcpy(bp, pl, payload);
bp += payload;
/* Random padding */
- RAND_pseudo_bytes(bp, padding);
+ if (RAND_bytes(bp, padding) <= 0) {
+ OPENSSL_free(buffer);
+ return -1;
+ }
r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer,
3 + payload + padding);
int tls1_heartbeat(SSL *s)
{
unsigned char *buf, *p;
- int ret;
+ int ret = -1;
unsigned int payload = 18; /* Sequence number + random bytes */
unsigned int padding = 16; /* Use minimum padding */
/* Sequence number */
s2n(s->tlsext_hb_seq, p);
/* 16 random bytes */
- RAND_pseudo_bytes(p, 16);
+ if (RAND_bytes(p, 16) <= 0) {
+ SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
p += 16;
/* Random padding */
- RAND_pseudo_bytes(p, padding);
+ if (RAND_bytes(p, padding) <= 0) {
+ SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
if (ret >= 0) {
s->tlsext_hb_pending = 1;
}
+ err:
OPENSSL_free(buf);
-
return ret;
}
# endif
# endif
} else {
if (!x || !pk)
- goto end;
+ return 0;
idx = ssl_cert_type(x, pk);
if (idx == -1)
- goto end;
+ return 0;
cpk = c->pkeys + idx;
if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
check_flags = CERT_PKEY_STRICT_FLAGS;