#include <openssl/objects.h>
#include "ssl_locl.h"
-/* Add the client's renegotiation binding */
-int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
- int maxlen)
-{
- if (p) {
- if ((s->s3->previous_client_finished_len + 1) > maxlen) {
- SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,
- SSL_R_RENEGOTIATE_EXT_TOO_LONG);
- return 0;
- }
-
- /* Length byte */
- *p = s->s3->previous_client_finished_len;
- p++;
-
- memcpy(p, s->s3->previous_client_finished,
- s->s3->previous_client_finished_len);
- }
-
- *len = s->s3->previous_client_finished_len + 1;
-
- return 1;
-}
-
/*
* Parse the client's renegotiation binding and abort if it's not right
*/
/* Parse the length byte */
if (!PACKET_get_1(pkt, &ilen)
- || !PACKET_get_bytes(pkt, &d, ilen)) {
+ || !PACKET_get_bytes(pkt, &d, ilen)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*al = SSL_AD_ILLEGAL_PARAMETER;
}
/* Add the server's renegotiation binding */
-int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
- int maxlen)
+int ssl_add_serverhello_renegotiate_ext(SSL *s, WPACKET *pkt)
{
- if (p) {
- if ((s->s3->previous_client_finished_len +
- s->s3->previous_server_finished_len + 1) > maxlen) {
- SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,
- SSL_R_RENEGOTIATE_EXT_TOO_LONG);
- return 0;
- }
-
- /* Length byte */
- *p = s->s3->previous_client_finished_len +
- s->s3->previous_server_finished_len;
- p++;
-
- memcpy(p, s->s3->previous_client_finished,
- s->s3->previous_client_finished_len);
- p += s->s3->previous_client_finished_len;
-
- memcpy(p, s->s3->previous_server_finished,
- s->s3->previous_server_finished_len);
- }
-
- *len = s->s3->previous_client_finished_len
- + s->s3->previous_server_finished_len + 1;
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate)
+ || !WPACKET_start_sub_packet_u16(pkt)
+ || !WPACKET_start_sub_packet_u8(pkt)
+ || !WPACKET_memcpy(pkt, s->s3->previous_client_finished,
+ s->s3->previous_client_finished_len)
+ || !WPACKET_memcpy(pkt, s->s3->previous_server_finished,
+ s->s3->previous_server_finished_len)
+ || !WPACKET_close(pkt)
+ || !WPACKET_close(pkt))
+ return 0;
return 1;
}
*/
int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
{
- unsigned int expected_len = s->s3->previous_client_finished_len
+ size_t expected_len = s->s3->previous_client_finished_len
+ s->s3->previous_server_finished_len;
- unsigned int ilen;
+ size_t ilen;
const unsigned char *data;
/* Check for logic errors */
OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
/* Parse the length byte */
- if (!PACKET_get_1(pkt, &ilen)) {
+ if (!PACKET_get_1_len(pkt, &ilen)) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*al = SSL_AD_ILLEGAL_PARAMETER;
}
if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len)
- || memcmp(data, s->s3->previous_client_finished,
- s->s3->previous_client_finished_len) != 0) {
+ || memcmp(data, s->s3->previous_client_finished,
+ s->s3->previous_client_finished_len) != 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE;
}
if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len)
- || memcmp(data, s->s3->previous_server_finished,
- s->s3->previous_server_finished_len) != 0) {
+ || memcmp(data, s->s3->previous_server_finished,
+ s->s3->previous_server_finished_len) != 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_ILLEGAL_PARAMETER;
projects / openssl.git / blobdiff