X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Ft1_ext.c;h=ae6e978595bd44aafb1f52f7bcf87a76de703877;hp=3bbe1fd82697560e96c76286f996ae4d87951ce0;hb=e72040c1dcd61d6669762a60924b8fa3a48c37fc;hpb=1595ca029cbc1f76971843d89ed06b6ffbf17c84 diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index 3bbe1fd826..ae6e978595 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -1,55 +1,10 @@ -/* ==================================================================== - * Copyright (c) 2014 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ /* Custom extension utility functions */ @@ -57,7 +12,6 @@ #include #include "ssl_locl.h" - /* Find a custom extension from the list. */ static custom_ext_method *custom_ext_find(const custom_ext_methods *exts, unsigned int ext_type) @@ -113,25 +67,23 @@ int custom_ext_parse(SSL *s, int server, if (!meth->parse_cb) return 1; - return meth->parse_cb(s, ext_type, ext_data, ext_size, al, - meth->parse_arg); + return meth->parse_cb(s, ext_type, ext_data, ext_size, al, meth->parse_arg); } /* * Request custom extension data from the application and add to the return * buffer. */ -int custom_ext_add(SSL *s, int server, - unsigned char **pret, unsigned char *limit, int *al) +int custom_ext_add(SSL *s, int server, WPACKET *pkt, int *al) { custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext; custom_ext_method *meth; - unsigned char *ret = *pret; size_t i; for (i = 0; i < exts->meths_count; i++) { const unsigned char *out = NULL; size_t outlen = 0; + meth = exts->meths + i; if (server) { @@ -153,13 +105,13 @@ int custom_ext_add(SSL *s, int server, if (cb_retval == 0) continue; /* skip this extension */ } - if (4 > limit - ret || outlen > (size_t)(limit - ret - 4)) + + if (!WPACKET_put_bytes_u16(pkt, meth->ext_type) + || !WPACKET_start_sub_packet_u16(pkt) + || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen)) + || !WPACKET_close(pkt)) { + *al = SSL_AD_INTERNAL_ERROR; return 0; - s2n(meth->ext_type, ret); - s2n(outlen, ret); - if (outlen) { - memcpy(ret, out, outlen); - ret += outlen; } /* * We can't send duplicates: code logic should prevent this. @@ -174,7 +126,6 @@ int custom_ext_add(SSL *s, int server, if (meth->free_cb) meth->free_cb(s, meth->ext_type, out, meth->add_arg); } - *pret = ret; return 1; } @@ -184,7 +135,7 @@ int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src) if (src->meths_count) { dst->meths = OPENSSL_memdup(src->meths, - sizeof(custom_ext_method) * src->meths_count); + sizeof(custom_ext_method) * src->meths_count); if (dst->meths == NULL) return 0; dst->meths_count = src->meths_count; @@ -205,7 +156,7 @@ static int custom_ext_meth_add(custom_ext_methods *exts, void *add_arg, custom_ext_parse_cb parse_cb, void *parse_arg) { - custom_ext_method *meth; + custom_ext_method *meth, *tmp; /* * Check application error: if add_cb is not set free_cb will never be * called. @@ -225,15 +176,17 @@ static int custom_ext_meth_add(custom_ext_methods *exts, /* Search for duplicate */ if (custom_ext_find(exts, ext_type)) return 0; - exts->meths = OPENSSL_realloc(exts->meths, - (exts->meths_count + - 1) * sizeof(custom_ext_method)); + tmp = OPENSSL_realloc(exts->meths, + (exts->meths_count + 1) * sizeof(custom_ext_method)); - if (!exts->meths) { + if (tmp == NULL) { + OPENSSL_free(exts->meths); + exts->meths = NULL; exts->meths_count = 0; return 0; } + exts->meths = tmp; meth = exts->meths + exts->meths_count; memset(meth, 0, sizeof(*meth)); meth->parse_cb = parse_cb; @@ -257,8 +210,7 @@ int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, custom_ext_add_cb add_cb, custom_ext_free_cb free_cb, void *add_arg, - custom_ext_parse_cb parse_cb, - void *parse_arg) + custom_ext_parse_cb parse_cb, void *parse_arg) { #ifndef OPENSSL_NO_CT /* @@ -278,8 +230,7 @@ int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, custom_ext_add_cb add_cb, custom_ext_free_cb free_cb, void *add_arg, - custom_ext_parse_cb parse_cb, - void *parse_arg) + custom_ext_parse_cb parse_cb, void *parse_arg) { return custom_ext_meth_add(&ctx->cert->srv_ext, ext_type, add_cb, free_cb, add_arg, parse_cb, parse_arg); @@ -291,8 +242,7 @@ int SSL_extension_supported(unsigned int ext_type) /* Internally supported extensions. */ case TLSEXT_TYPE_application_layer_protocol_negotiation: case TLSEXT_TYPE_ec_point_formats: - case TLSEXT_TYPE_elliptic_curves: - case TLSEXT_TYPE_heartbeat: + case TLSEXT_TYPE_supported_groups: #ifndef OPENSSL_NO_NEXTPROTONEG case TLSEXT_TYPE_next_proto_neg: #endif