ssl/t1_reneg.c

   1 /*
   2  * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the OpenSSL license (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdio.h>
  11 #include <openssl/objects.h>
  12 #include "ssl_locl.h"
  13
  14 /*
  15  * Parse the client's renegotiation binding and abort if it's not right
  16  */
  17 int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
  18 {
  19     unsigned int ilen;
  20     const unsigned char *d;
  21
  22     /* Parse the length byte */
  23     if (!PACKET_get_1(pkt, &ilen)
  24         || !PACKET_get_bytes(pkt, &d, ilen)) {
  25         SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
  26                SSL_R_RENEGOTIATION_ENCODING_ERR);
  27         *al = SSL_AD_ILLEGAL_PARAMETER;
  28         return 0;
  29     }
  30
  31     /* Check that the extension matches */
  32     if (ilen != s->s3->previous_client_finished_len) {
  33         SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
  34                SSL_R_RENEGOTIATION_MISMATCH);
  35         *al = SSL_AD_HANDSHAKE_FAILURE;
  36         return 0;
  37     }
  38
  39     if (memcmp(d, s->s3->previous_client_finished,
  40                s->s3->previous_client_finished_len)) {
  41         SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
  42                SSL_R_RENEGOTIATION_MISMATCH);
  43         *al = SSL_AD_HANDSHAKE_FAILURE;
  44         return 0;
  45     }
  46
  47     s->s3->send_connection_binding = 1;
  48
  49     return 1;
  50 }
  51
  52 /* Add the server's renegotiation binding */
  53 int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
  54                                         int maxlen)
  55 {
  56     if (p) {
  57         if ((s->s3->previous_client_finished_len +
  58              s->s3->previous_server_finished_len + 1) > maxlen) {
  59             SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,
  60                    SSL_R_RENEGOTIATE_EXT_TOO_LONG);
  61             return 0;
  62         }
  63
  64         /* Length byte */
  65         *p = s->s3->previous_client_finished_len +
  66             s->s3->previous_server_finished_len;
  67         p++;
  68
  69         memcpy(p, s->s3->previous_client_finished,
  70                s->s3->previous_client_finished_len);
  71         p += s->s3->previous_client_finished_len;
  72
  73         memcpy(p, s->s3->previous_server_finished,
  74                s->s3->previous_server_finished_len);
  75     }
  76
  77     *len = s->s3->previous_client_finished_len
  78         + s->s3->previous_server_finished_len + 1;
  79
  80     return 1;
  81 }
  82
  83 /*
  84  * Parse the server's renegotiation binding and abort if it's not right
  85  */
  86 int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
  87 {
  88     unsigned int expected_len = s->s3->previous_client_finished_len
  89         + s->s3->previous_server_finished_len;
  90     unsigned int ilen;
  91     const unsigned char *data;
  92
  93     /* Check for logic errors */
  94     OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
  95     OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
  96
  97     /* Parse the length byte */
  98     if (!PACKET_get_1(pkt, &ilen)) {
  99         SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
 100                SSL_R_RENEGOTIATION_ENCODING_ERR);
 101         *al = SSL_AD_ILLEGAL_PARAMETER;
 102         return 0;
 103     }
 104
 105     /* Consistency check */
 106     if (PACKET_remaining(pkt) != ilen) {
 107         SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
 108                SSL_R_RENEGOTIATION_ENCODING_ERR);
 109         *al = SSL_AD_ILLEGAL_PARAMETER;
 110         return 0;
 111     }
 112
 113     /* Check that the extension matches */
 114     if (ilen != expected_len) {
 115         SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
 116                SSL_R_RENEGOTIATION_MISMATCH);
 117         *al = SSL_AD_HANDSHAKE_FAILURE;
 118         return 0;
 119     }
 120
 121     if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len)
 122         || memcmp(data, s->s3->previous_client_finished,
 123                   s->s3->previous_client_finished_len) != 0) {
 124         SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
 125                SSL_R_RENEGOTIATION_MISMATCH);
 126         *al = SSL_AD_HANDSHAKE_FAILURE;
 127         return 0;
 128     }
 129
 130     if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len)
 131         || memcmp(data, s->s3->previous_server_finished,
 132                   s->s3->previous_server_finished_len) != 0) {
 133         SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
 134                SSL_R_RENEGOTIATION_MISMATCH);
 135         *al = SSL_AD_ILLEGAL_PARAMETER;
 136         return 0;
 137     }
 138     s->s3->send_connection_binding = 1;
 139
 140     return 1;
 141 }