Loading include/openssl/ssl.h +1 −0 Original line number Diff line number Diff line Loading @@ -2232,6 +2232,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358 # define SSL_F_TLS_CONSTRUCT_FINISHED 359 # define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 # define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 426 # define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374 # define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375 # define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376 Loading ssl/ssl_err.c +1 −0 Original line number Diff line number Diff line Loading @@ -257,6 +257,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST), "tls_construct_hello_request"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEXT_PROTO), "tls_construct_next_proto"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE), "tls_construct_server_certificate"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"}, Loading ssl/statem/statem_clnt.c +31 −11 Original line number Diff line number Diff line Loading @@ -2895,22 +2895,42 @@ int ssl3_check_cert_and_algorithm(SSL *s) #ifndef OPENSSL_NO_NEXTPROTONEG int tls_construct_next_proto(SSL *s) { unsigned int len, padding_len; unsigned char *d; size_t len, padding_len; unsigned char *padding = NULL; WPACKET pkt; if (!WPACKET_init(&pkt, s->init_buf)) { /* Should not happen */ SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR); goto err; } if (!ssl_set_handshake_header2(s, &pkt, SSL3_MT_NEXT_PROTO)) { SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR); goto err; } len = s->next_proto_negotiated_len; padding_len = 32 - ((len + 2) % 32); d = (unsigned char *)s->init_buf->data; d[4] = len; memcpy(d + 5, s->next_proto_negotiated, len); d[5 + len] = padding_len; memset(d + 6 + len, 0, padding_len); *(d++) = SSL3_MT_NEXT_PROTO; l2n3(2 + len + padding_len, d); s->init_num = 4 + 2 + len + padding_len; s->init_off = 0; if (!WPACKET_sub_memcpy_u8(&pkt, s->next_proto_negotiated, len) || !WPACKET_sub_allocate_bytes_u8(&pkt, padding_len, &padding)) { SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR); goto err; } memset(padding, 0, padding_len); if (!ssl_close_construct_packet(s, &pkt)) { SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR); goto err; } return 1; err: WPACKET_cleanup(&pkt); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); return 0; } #endif Loading Loading
include/openssl/ssl.h +1 −0 Original line number Diff line number Diff line Loading @@ -2232,6 +2232,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358 # define SSL_F_TLS_CONSTRUCT_FINISHED 359 # define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 # define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 426 # define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374 # define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375 # define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376 Loading
ssl/ssl_err.c +1 −0 Original line number Diff line number Diff line Loading @@ -257,6 +257,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST), "tls_construct_hello_request"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEXT_PROTO), "tls_construct_next_proto"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE), "tls_construct_server_certificate"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"}, Loading
ssl/statem/statem_clnt.c +31 −11 Original line number Diff line number Diff line Loading @@ -2895,22 +2895,42 @@ int ssl3_check_cert_and_algorithm(SSL *s) #ifndef OPENSSL_NO_NEXTPROTONEG int tls_construct_next_proto(SSL *s) { unsigned int len, padding_len; unsigned char *d; size_t len, padding_len; unsigned char *padding = NULL; WPACKET pkt; if (!WPACKET_init(&pkt, s->init_buf)) { /* Should not happen */ SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR); goto err; } if (!ssl_set_handshake_header2(s, &pkt, SSL3_MT_NEXT_PROTO)) { SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR); goto err; } len = s->next_proto_negotiated_len; padding_len = 32 - ((len + 2) % 32); d = (unsigned char *)s->init_buf->data; d[4] = len; memcpy(d + 5, s->next_proto_negotiated, len); d[5 + len] = padding_len; memset(d + 6 + len, 0, padding_len); *(d++) = SSL3_MT_NEXT_PROTO; l2n3(2 + len + padding_len, d); s->init_num = 4 + 2 + len + padding_len; s->init_off = 0; if (!WPACKET_sub_memcpy_u8(&pkt, s->next_proto_negotiated, len) || !WPACKET_sub_allocate_bytes_u8(&pkt, padding_len, &padding)) { SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR); goto err; } memset(padding, 0, padding_len); if (!ssl_close_construct_packet(s, &pkt)) { SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR); goto err; } return 1; err: WPACKET_cleanup(&pkt); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); return 0; } #endif Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>