Various style updates following extensions refactor (1266eefd) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/statem/extensions.c

+168 −235

File changed.

Preview size limit exceeded, changes collapsed.

ssl/statem/extensions_clnt.c

+70 −64

Original line number	Diff line number	Diff line
		@@ -12,7 +12,7 @@
		#include "../ssl_locl.h"
		#include "statem_locl.h"

		int tls_construct_client_renegotiate(SSL s, WPACKET pkt, int *al)
		int tls_construct_ctos_renegotiate(SSL s, WPACKET pkt, int *al)
		{
		/* Add RI if renegotiating */
		if (!s->renegotiate)
		@@ -30,7 +30,7 @@ int tls_construct_client_renegotiate(SSL s, WPACKET pkt, int *al)
		return 1;
		}

		int tls_construct_client_server_name(SSL s, WPACKET pkt, int *al)
		int tls_construct_ctos_server_name(SSL s, WPACKET pkt, int *al)
		{
		if (s->tlsext_hostname == NULL)
		return 1;
		@@ -54,7 +54,7 @@ int tls_construct_client_server_name(SSL s, WPACKET pkt, int *al)
		}

		#ifndef OPENSSL_NO_SRP
		int tls_construct_client_srp(SSL s, WPACKET pkt, int *al)
		int tls_construct_ctos_srp(SSL s, WPACKET pkt, int *al)
		{
		/* Add SRP username if there is one */
		if (s->srp_ctx.login == NULL)
		@@ -81,8 +81,7 @@ int tls_construct_client_srp(SSL s, WPACKET pkt, int *al)
		#ifndef OPENSSL_NO_EC
		static int use_ecc(SSL *s)
		{
		int using_ecc = 0;
		int i;
		int i, end;
		unsigned long alg_k, alg_a;
		STACK_OF(SSL_CIPHER) *cipher_stack = NULL;

		@@ -90,26 +89,23 @@ static int use_ecc(SSL *s)
		if (s->version == SSL3_VERSION)
		return 0;


		cipher_stack = SSL_get_ciphers(s);

		for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) {
		end = sk_SSL_CIPHER_num(cipher_stack);
		for (i = 0; i < end; i++) {
		const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);

		alg_k = c->algorithm_mkey;
		alg_a = c->algorithm_auth;
		if ((alg_k & (SSL_kECDHE \| SSL_kECDHEPSK))
		\|\| (alg_a & SSL_aECDSA)
		\|\| c->min_tls >= TLS1_3_VERSION) {
		using_ecc = 1;
		\|\| c->min_tls >= TLS1_3_VERSION)
		break;
		}
		}

		return using_ecc;
		return i < end;
		}

		int tls_construct_client_ec_pt_formats(SSL s, WPACKET pkt, int *al)
		int tls_construct_ctos_ec_pt_formats(SSL s, WPACKET pkt, int *al)
		{
		const unsigned char *pformats;
		size_t num_formats;
		@@ -118,7 +114,6 @@ int tls_construct_client_ec_pt_formats(SSL s, WPACKET pkt, int *al)
		return 1;

		/* Add TLS extension ECPointFormats to the ClientHello message */

		tls1_get_formatlist(s, &pformats, &num_formats);

		if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats)
		@@ -134,7 +129,7 @@ int tls_construct_client_ec_pt_formats(SSL s, WPACKET pkt, int *al)
		}


		int tls_construct_client_supported_groups(SSL s, WPACKET pkt, int *al)
		int tls_construct_ctos_supported_groups(SSL s, WPACKET pkt, int *al)
		{
		const unsigned char pcurves = NULL, pcurvestmp;
		size_t num_curves = 0, i;
		@@ -183,7 +178,7 @@ int tls_construct_client_supported_groups(SSL s, WPACKET pkt, int *al)
		}
		#endif

		int tls_construct_client_session_ticket(SSL s, WPACKET pkt, int *al)
		int tls_construct_ctos_session_ticket(SSL s, WPACKET pkt, int *al)
		{
		size_t ticklen;

		@@ -222,7 +217,7 @@ int tls_construct_client_session_ticket(SSL s, WPACKET pkt, int *al)
		return 1;
		}

		int tls_construct_client_sig_algs(SSL s, WPACKET pkt, int *al)
		int tls_construct_ctos_sig_algs(SSL s, WPACKET pkt, int *al)
		{
		size_t salglen;
		const unsigned char *salg;
		@@ -231,7 +226,6 @@ int tls_construct_client_sig_algs(SSL s, WPACKET pkt, int *al)
		return 1;

		salglen = tls12_get_psigalgs(s, &salg);

		if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signature_algorithms)
		/* Sub-packet for sig-algs extension */
		\|\| !WPACKET_start_sub_packet_u16(pkt)
		@@ -248,7 +242,7 @@ int tls_construct_client_sig_algs(SSL s, WPACKET pkt, int *al)
		}

		#ifndef OPENSSL_NO_OCSP
		int tls_construct_client_status_request(SSL s, WPACKET pkt, int *al)
		int tls_construct_ctos_status_request(SSL s, WPACKET pkt, int *al)
		{
		int i;

		@@ -266,11 +260,9 @@ int tls_construct_client_status_request(SSL s, WPACKET pkt, int *al)
		}
		for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
		unsigned char *idbytes;
		int idlen;
		OCSP_RESPID *id;
		OCSP_RESPID *id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
		int idlen = i2d_OCSP_RESPID(id, NULL);

		id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
		idlen = i2d_OCSP_RESPID(id, NULL);
		if (idlen <= 0
		/* Sub-packet for an individual id */
		\|\| !WPACKET_sub_allocate_bytes_u16(pkt, idlen, &idbytes)
		@@ -312,7 +304,7 @@ int tls_construct_client_status_request(SSL s, WPACKET pkt, int *al)
		#endif

		#ifndef OPENSSL_NO_NEXTPROTONEG
		int tls_construct_client_npn(SSL s, WPACKET pkt, int *al)
		int tls_construct_ctos_npn(SSL s, WPACKET pkt, int *al)
		{
		if (s->ctx->next_proto_select_cb == NULL \|\| s->s3->tmp.finish_md_len != 0)
		return 1;
		@@ -331,7 +323,7 @@ int tls_construct_client_npn(SSL s, WPACKET pkt, int *al)
		}
		#endif

		int tls_construct_client_alpn(SSL s, WPACKET pkt, int *al)
		int tls_construct_ctos_alpn(SSL s, WPACKET pkt, int *al)
		{
		s->s3->alpn_sent = 0;

		@@ -359,11 +351,10 @@ int tls_construct_client_alpn(SSL s, WPACKET pkt, int *al)


		#ifndef OPENSSL_NO_SRTP
		int tls_construct_client_use_srtp(SSL s, WPACKET pkt, int *al)
		int tls_construct_ctos_use_srtp(SSL s, WPACKET pkt, int *al)
		{
		STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(s);
		SRTP_PROTECTION_PROFILE *prof;
		int i, ct;
		int i, end;

		if (clnt == NULL)
		return 1;
		@@ -376,9 +367,12 @@ int tls_construct_client_use_srtp(SSL s, WPACKET pkt, int *al)
		SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_USE_SRTP, ERR_R_INTERNAL_ERROR);
		return 0;
		}
		ct = sk_SRTP_PROTECTION_PROFILE_num(clnt);
		for (i = 0; i < ct; i++) {
		prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);

		end = sk_SRTP_PROTECTION_PROFILE_num(clnt);
		for (i = 0; i < end; i++) {
		const SRTP_PROTECTION_PROFILE *prof =
		sk_SRTP_PROTECTION_PROFILE_value(clnt, i);

		if (prof == NULL \|\| !WPACKET_put_bytes_u16(pkt, prof->id)) {
		SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_USE_SRTP, ERR_R_INTERNAL_ERROR);
		return 0;
		@@ -396,7 +390,7 @@ int tls_construct_client_use_srtp(SSL s, WPACKET pkt, int *al)
		}
		#endif

		int tls_construct_client_etm(SSL s, WPACKET pkt, int *al)
		int tls_construct_ctos_etm(SSL s, WPACKET pkt, int *al)
		{
		if (s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
		return 1;
		@@ -411,7 +405,7 @@ int tls_construct_client_etm(SSL s, WPACKET pkt, int *al)
		}

		#ifndef OPENSSL_NO_CT
		int tls_construct_client_sct(SSL s, WPACKET pkt, int *al)
		int tls_construct_ctos_sct(SSL s, WPACKET pkt, int *al)
		{
		if (s->ct_validation_callback == NULL)
		return 1;
		@@ -426,7 +420,7 @@ int tls_construct_client_sct(SSL s, WPACKET pkt, int *al)
		}
		#endif

		int tls_construct_client_ems(SSL s, WPACKET pkt, int *al)
		int tls_construct_ctos_ems(SSL s, WPACKET pkt, int *al)
		{
		if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
		\|\| !WPACKET_put_bytes_u16(pkt, 0)) {
		@@ -437,7 +431,7 @@ int tls_construct_client_ems(SSL s, WPACKET pkt, int *al)
		return 1;
		}

		int tls_construct_client_supported_versions(SSL s, WPACKET pkt, int *al)
		int tls_construct_ctos_supported_versions(SSL s, WPACKET pkt, int *al)
		{
		int currv, min_version, max_version, reason;

		@@ -484,7 +478,7 @@ int tls_construct_client_supported_versions(SSL s, WPACKET pkt, int *al)
		}


		int tls_construct_client_key_share(SSL s, WPACKET pkt, int *al)
		int tls_construct_ctos_key_share(SSL s, WPACKET pkt, int *al)
		{
		size_t i, sharessent = 0, num_curves = 0;
		const unsigned char *pcurves = NULL;
		@@ -569,7 +563,10 @@ int tls_construct_client_key_share(SSL s, WPACKET pkt, int *al)
		return 1;
		}

		int tls_construct_client_padding(SSL s, WPACKET pkt, int *al)
		#define F5_WORKAROUND_MIN_MSG_LEN 0xff
		#define F5_WORKAROUND_MAX_MSG_LEN 0x200

		int tls_construct_ctos_padding(SSL s, WPACKET pkt, int *al)
		{
		unsigned char *padbytes;
		size_t hlen;
		@@ -580,7 +577,7 @@ int tls_construct_client_padding(SSL s, WPACKET pkt, int *al)
		/*
		* Add padding to workaround bugs in F5 terminators. See
		* https://tools.ietf.org/html/draft-agl-tls-padding-03 NB: because this
		* code works out the length of all existing extensions it MUST always
		* code calculates the length of all existing extensions it MUST always
		* appear last.
		*/
		if (!WPACKET_get_total_written(pkt, &hlen)) {
		@@ -588,8 +585,14 @@ int tls_construct_client_padding(SSL s, WPACKET pkt, int *al)
		return 0;
		}

		if (hlen > 0xff && hlen < 0x200) {
		hlen = 0x200 - hlen;
		if (hlen > F5_WORKAROUND_MIN_MSG_LEN && hlen < F5_WORKAROUND_MAX_MSG_LEN) {
		/* Calculate the amond of padding we need to add */
		hlen = F5_WORKAROUND_MAX_MSG_LEN - hlen;

		/*
		* Take off the size of extension header itself (2 bytes for type and
		* 2 bytes for length bytes)
		*/
		if (hlen >= 4)
		hlen -= 4;
		else
		@@ -609,7 +612,7 @@ int tls_construct_client_padding(SSL s, WPACKET pkt, int *al)
		/*
		* Parse the server's renegotiation binding and abort if it's not right
		*/
		int tls_parse_server_renegotiate(SSL s, PACKET pkt, int *al)
		int tls_parse_stoc_renegotiate(SSL s, PACKET pkt, int *al)
		{
		size_t expected_len = s->s3->previous_client_finished_len
		+ s->s3->previous_server_finished_len;
		@@ -666,7 +669,7 @@ int tls_parse_server_renegotiate(SSL s, PACKET pkt, int *al)
		return 1;
		}

		int tls_parse_server_server_name(SSL s, PACKET pkt, int *al)
		int tls_parse_stoc_server_name(SSL s, PACKET pkt, int *al)
		{
		if (s->tlsext_hostname == NULL \|\| PACKET_remaining(pkt) > 0) {
		*al = SSL_AD_UNRECOGNIZED_NAME;
		@@ -689,7 +692,7 @@ int tls_parse_server_server_name(SSL s, PACKET pkt, int *al)
		}

		#ifndef OPENSSL_NO_EC
		int tls_parse_server_ec_pt_formats(SSL s, PACKET pkt, int *al)
		int tls_parse_stoc_ec_pt_formats(SSL s, PACKET pkt, int *al)
		{
		unsigned int ecpointformatlist_length;
		PACKET ecptformatlist;
		@@ -724,26 +727,28 @@ int tls_parse_server_ec_pt_formats(SSL s, PACKET pkt, int *al)
		}
		#endif

		int tls_parse_server_session_ticket(SSL s, PACKET pkt, int *al)
		int tls_parse_stoc_session_ticket(SSL s, PACKET pkt, int *al)
		{
		if (s->tls_session_ticket_ext_cb &&
		if (s->tls_session_ticket_ext_cb != NULL &&
		!s->tls_session_ticket_ext_cb(s, PACKET_data(pkt),
		PACKET_remaining(pkt),
		s->tls_session_ticket_ext_cb_arg)) {
		*al = SSL_AD_INTERNAL_ERROR;
		return 0;
		}

		if (!tls_use_ticket(s) \|\| PACKET_remaining(pkt) > 0) {
		*al = SSL_AD_UNSUPPORTED_EXTENSION;
		return 0;
		}

		s->tlsext_ticket_expected = 1;

		return 1;
		}

		#ifndef OPENSSL_NO_OCSP
		int tls_parse_server_status_request(SSL s, PACKET pkt, int *al)
		int tls_parse_stoc_status_request(SSL s, PACKET pkt, int *al)
		{
		/*
		* MUST be empty and only sent if we've requested a status
		@@ -762,7 +767,7 @@ int tls_parse_server_status_request(SSL s, PACKET pkt, int *al)


		#ifndef OPENSSL_NO_CT
		int tls_parse_server_sct(SSL s, PACKET pkt, int *al)
		int tls_parse_stoc_sct(SSL s, PACKET pkt, int *al)
		{
		/*
		* Only take it if we asked for it - i.e if there is no CT validation
		@@ -773,10 +778,9 @@ int tls_parse_server_sct(SSL s, PACKET pkt, int *al)
		size_t size = PACKET_remaining(pkt);

		/* Simply copy it off for later processing */
		if (s->tlsext_scts != NULL) {
		OPENSSL_free(s->tlsext_scts);
		s->tlsext_scts = NULL;
		}

		s->tlsext_scts_len = size;
		if (size > 0) {
		s->tlsext_scts = OPENSSL_malloc(size);
		@@ -816,12 +820,13 @@ static int ssl_next_proto_validate(PACKET *pkt)
		return 1;
		}

		int tls_parse_server_npn(SSL s, PACKET pkt, int *al)
		int tls_parse_stoc_npn(SSL s, PACKET pkt, int *al)
		{
		unsigned char *selected;
		unsigned char selected_len;
		PACKET tmppkt;

		/* Check if we are in a renegotiation. If so ignore this extension */
		if (s->s3->tmp.finish_md_len != 0)
		return 1;

		@@ -830,6 +835,7 @@ int tls_parse_server_npn(SSL s, PACKET pkt, int *al)
		*al = SSL_AD_UNSUPPORTED_EXTENSION;
		return 0;
		}

		/* The data must be valid */
		tmppkt = *pkt;
		if (!ssl_next_proto_validate(&tmppkt)) {
		@@ -844,6 +850,7 @@ int tls_parse_server_npn(SSL s, PACKET pkt, int *al)
		*al = SSL_AD_INTERNAL_ERROR;
		return 0;
		}

		/*
		* Could be non-NULL if server has sent multiple NPN extensions in
		* a single Serverhello
		@@ -863,7 +870,7 @@ int tls_parse_server_npn(SSL s, PACKET pkt, int *al)
		}
		#endif

		int tls_parse_server_alpn(SSL s, PACKET pkt, int *al)
		int tls_parse_stoc_alpn(SSL s, PACKET pkt, int *al)
		{
		size_t len;

		@@ -900,15 +907,15 @@ int tls_parse_server_alpn(SSL s, PACKET pkt, int *al)
		}

		#ifndef OPENSSL_NO_SRTP
		int tls_parse_server_use_srtp(SSL s, PACKET pkt, int *al)
		int tls_parse_stoc_use_srtp(SSL s, PACKET pkt, int *al)
		{
		unsigned int id, ct, mki;
		int i;
		STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
		SRTP_PROTECTION_PROFILE *prof;

		if (!PACKET_get_net_2(pkt, &ct)
		\|\| ct != 2 \|\| !PACKET_get_net_2(pkt, &id)
		if (!PACKET_get_net_2(pkt, &ct) \|\| ct != 2
		\|\| !PACKET_get_net_2(pkt, &id)
		\|\| !PACKET_get_1(pkt, &mki)
		\|\| PACKET_remaining(pkt) != 0) {
		SSLerr(SSL_F_TLS_PARSE_SERVER_USE_SRTP,
		@@ -924,9 +931,8 @@ int tls_parse_server_use_srtp(SSL s, PACKET pkt, int *al)
		return 0;
		}

		clnt = SSL_get_srtp_profiles(s);

		/* Throw an error if the server gave us an unsolicited extension */
		clnt = SSL_get_srtp_profiles(s);
		if (clnt == NULL) {
		SSLerr(SSL_F_TLS_PARSE_SERVER_USE_SRTP, SSL_R_NO_SRTP_PROFILES);
		*al = SSL_AD_DECODE_ERROR;
		@@ -954,7 +960,7 @@ int tls_parse_server_use_srtp(SSL s, PACKET pkt, int *al)
		}
		#endif

		int tls_parse_server_etm(SSL s, PACKET pkt, int *al)
		int tls_parse_stoc_etm(SSL s, PACKET pkt, int *al)
		{
		/* Ignore if inappropriate ciphersuite */
		if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
		@@ -965,7 +971,7 @@ int tls_parse_server_etm(SSL s, PACKET pkt, int *al)
		return 1;
		}

		int tls_parse_server_ems(SSL s, PACKET pkt, int *al)
		int tls_parse_stoc_ems(SSL s, PACKET pkt, int *al)
		{
		s->s3->flags \|= TLS1_FLAGS_RECEIVED_EXTMS;
		if (!s->hit)
		@@ -974,7 +980,7 @@ int tls_parse_server_ems(SSL s, PACKET pkt, int *al)
		return 1;
		}

		int tls_parse_server_key_share(SSL s, PACKET pkt, int *al)
		int tls_parse_stoc_key_share(SSL s, PACKET pkt, int *al)
		{
		unsigned int group_id;
		PACKET encoded_pt;

ssl/statem/extensions_srvr.c

+149 −151

Original line number	Diff line number	Diff line
		@@ -14,7 +14,7 @@
		/*
		* Parse the client's renegotiation binding and abort if it's not right
		*/
		int tls_parse_client_renegotiate(SSL s, PACKET pkt, int *al)
		int tls_parse_ctos_renegotiate(SSL s, PACKET pkt, int *al)
		{
		unsigned int ilen;
		const unsigned char *data;
		@@ -49,11 +49,6 @@ int tls_parse_client_renegotiate(SSL s, PACKET pkt, int *al)
		return 1;
		}

		int tls_parse_client_server_name(SSL s, PACKET pkt, int *al)
		{
		unsigned int servname_type;
		PACKET sni, hostname;

		/*-
		* The servername extension is treated as follows:
		*
		@@ -76,8 +71,12 @@ int tls_parse_client_server_name(SSL s, PACKET pkt, int *al)
		* session, i.e. when the session has been established with a servername
		* extension.
		* - On session reconnect, the servername extension may be absent.
		*
		*/
		int tls_parse_ctos_server_name(SSL s, PACKET pkt, int *al)
		{
		unsigned int servname_type;
		PACKET sni, hostname;

		if (!PACKET_as_length_prefixed_2(pkt, &sni)
		/* ServerNameList must be at least 1 byte long. */
		\|\| PACKET_remaining(&sni) == 0) {
		@@ -88,7 +87,7 @@ int tls_parse_client_server_name(SSL s, PACKET pkt, int *al)
		/*
		* Although the server_name extension was intended to be
		* extensible to new name types, RFC 4366 defined the
		* syntax inextensibility and OpenSSL 1.0.x parses it as
		* syntax inextensibly and OpenSSL 1.0.x parses it as
		* such.
		* RFC 6066 corrected the mistake but adding new name types
		* is nevertheless no longer feasible, so act as if no other
		@@ -135,7 +134,7 @@ int tls_parse_client_server_name(SSL s, PACKET pkt, int *al)
		}

		#ifndef OPENSSL_NO_SRP
		int tls_parse_client_srp(SSL s, PACKET pkt, int *al)
		int tls_parse_ctos_srp(SSL s, PACKET pkt, int *al)
		{
		PACKET srp_I;

		@@ -159,7 +158,7 @@ int tls_parse_client_srp(SSL s, PACKET pkt, int *al)
		#endif

		#ifndef OPENSSL_NO_EC
		int tls_parse_client_ec_pt_formats(SSL s, PACKET pkt, int *al)
		int tls_parse_ctos_ec_pt_formats(SSL s, PACKET pkt, int *al)
		{
		PACKET ec_point_format_list;

		@@ -182,7 +181,7 @@ int tls_parse_client_ec_pt_formats(SSL s, PACKET pkt, int *al)
		}
		#endif /* OPENSSL_NO_EC */

		int tls_parse_client_session_ticket(SSL s, PACKET pkt, int *al)
		int tls_parse_ctos_session_ticket(SSL s, PACKET pkt, int *al)
		{
		if (s->tls_session_ticket_ext_cb &&
		!s->tls_session_ticket_ext_cb(s, PACKET_data(pkt),
		@@ -195,7 +194,7 @@ int tls_parse_client_session_ticket(SSL s, PACKET pkt, int *al)
		return 1;
		}

		int tls_parse_client_sig_algs(SSL s, PACKET pkt, int *al)
		int tls_parse_ctos_sig_algs(SSL s, PACKET pkt, int *al)
		{
		PACKET supported_sig_algs;

		@@ -216,16 +215,23 @@ int tls_parse_client_sig_algs(SSL s, PACKET pkt, int *al)
		}

		#ifndef OPENSSL_NO_OCSP
		int tls_parse_client_status_request(SSL s, PACKET pkt, int *al)
		int tls_parse_ctos_status_request(SSL s, PACKET pkt, int *al)
		{
		PACKET responder_id_list, exts;

		if (!PACKET_get_1(pkt, (unsigned int *)&s->tlsext_status_type)) {
		*al = SSL_AD_DECODE_ERROR;
		return 0;
		}

		if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
		const unsigned char *ext_data;
		PACKET responder_id_list, exts;
		if (s->tlsext_status_type != TLSEXT_STATUSTYPE_ocsp) {
		/*
		* We don't know what to do with any other type so ignore it.
		*/
		s->tlsext_status_type = -1;
		return 1;
		}

		if (!PACKET_get_length_prefixed_2 (pkt, &responder_id_list)) {
		*al = SSL_AD_DECODE_ERROR;
		return 0;
		@@ -251,8 +257,7 @@ int tls_parse_client_status_request(SSL s, PACKET pkt, int *al)
		PACKET responder_id;
		const unsigned char *id_data;

		if (!PACKET_get_length_prefixed_2(&responder_id_list,
		&responder_id)
		if (!PACKET_get_length_prefixed_2(&responder_id_list, &responder_id)
		\|\| PACKET_remaining(&responder_id) == 0) {
		*al = SSL_AD_DECODE_ERROR;
		return 0;
		@@ -287,33 +292,26 @@ int tls_parse_client_status_request(SSL s, PACKET pkt, int *al)
		}

		if (PACKET_remaining(&exts) > 0) {
		ext_data = PACKET_data(&exts);
		const unsigned char *ext_data = PACKET_data(&exts);

		sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
		X509_EXTENSION_free);
		s->tlsext_ocsp_exts =
		d2i_X509_EXTENSIONS(NULL, &ext_data,
		(int)PACKET_remaining(&exts));
		d2i_X509_EXTENSIONS(NULL, &ext_data, (int)PACKET_remaining(&exts));
		if (s->tlsext_ocsp_exts == NULL \|\| ext_data != PACKET_end(&exts)) {
		*al = SSL_AD_DECODE_ERROR;
		return 0;
		}
		}
		} else {
		/*
		* We don't know what to do with any other type so ignore it.
		*/
		s->tlsext_status_type = -1;
		}

		return 1;
		}
		#endif

		#ifndef OPENSSL_NO_NEXTPROTONEG
		int tls_parse_client_npn(SSL s, PACKET pkt, int *al)
		int tls_parse_ctos_npn(SSL s, PACKET pkt, int *al)
		{
		if (s->s3->tmp.finish_md_len == 0) {
		/*-
		/*
		* We shouldn't accept this extension on a
		* renegotiation.
		*
		@@ -330,20 +328,19 @@ int tls_parse_client_npn(SSL s, PACKET pkt, int *al)
		* in the Hello protocol round, well before a new
		* Finished message could have been computed.)
		*/
		if (s->s3->tmp.finish_md_len == 0)
		s->s3->next_proto_neg_seen = 1;
		}

		return 1;
		}
		#endif

		/*
		* Save the ALPN extension in a ClientHello.
		* pkt: the contents of the ALPN extension, not including type and length.
		* al: a pointer to the alert value to send in the event of a failure.
		* returns: 1 on success, 0 on error.
		* Save the ALPN extension in a ClientHello.\|pkt\| holds the contents of the ALPN
		* extension, not including type and length. \|al\| is a pointer to the alert
		* value to send in the event of a failure. Returns: 1 on success, 0 on error.
		*/
		int tls_parse_client_alpn(SSL s, PACKET pkt, int *al)
		int tls_parse_ctos_alpn(SSL s, PACKET pkt, int *al)
		{
		PACKET protocol_list, save_protocol_list, protocol;

		@@ -376,9 +373,8 @@ int tls_parse_client_alpn(SSL s, PACKET pkt, int *al)
		}

		#ifndef OPENSSL_NO_SRTP
		int tls_parse_client_use_srtp(SSL s, PACKET pkt, int *al)
		int tls_parse_ctos_use_srtp(SSL s, PACKET pkt, int *al)
		{
		SRTP_PROTECTION_PROFILE *sprof;
		STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
		unsigned int ct, mki_len, id;
		int i, srtp_pref;
		@@ -389,8 +385,8 @@ int tls_parse_client_use_srtp(SSL s, PACKET pkt, int *al)
		return 1;

		/* Pull off the length of the cipher suite list and check it is even */
		if (!PACKET_get_net_2(pkt, &ct)
		\|\| (ct & 1) != 0 \|\| !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
		if (!PACKET_get_net_2(pkt, &ct) \|\| (ct & 1) != 0
		\|\| !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
		SSLerr(SSL_F_TLS_PARSE_CLIENT_USE_SRTP,
		SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
		*al = SSL_AD_DECODE_ERROR;
		@@ -417,7 +413,9 @@ int tls_parse_client_use_srtp(SSL s, PACKET pkt, int *al)
		* does nothing.
		*/
		for (i = 0; i < srtp_pref; i++) {
		sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
		const SRTP_PROTECTION_PROFILE *sprof =
		sk_SRTP_PROTECTION_PROFILE_value(srvr, i);

		if (sprof->id == id) {
		s->srtp_profile = sprof;
		srtp_pref = i;
		@@ -426,9 +424,7 @@ int tls_parse_client_use_srtp(SSL s, PACKET pkt, int *al)
		}
		}

		/*
		* Now extract the MKI value as a sanity check, but discard it for now
		*/
		/* Now extract the MKI value as a sanity check, but discard it for now */
		if (!PACKET_get_1(pkt, &mki_len)) {
		SSLerr(SSL_F_TLS_PARSE_CLIENT_USE_SRTP,
		SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
		@@ -447,7 +443,7 @@ int tls_parse_client_use_srtp(SSL s, PACKET pkt, int *al)
		}
		#endif

		int tls_parse_client_etm(SSL s, PACKET pkt, int *al)
		int tls_parse_ctos_etm(SSL s, PACKET pkt, int *al)
		{
		if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC))
		s->s3->flags \|= TLS1_FLAGS_ENCRYPT_THEN_MAC;
		@@ -474,8 +470,8 @@ static int check_in_list(SSL *s, unsigned int group_id,
		unsigned int share_id = (groups[0] << 8) \| (groups[1]);

		if (group_id == share_id
		&& (!checkallow \|\| tls_curve_allowed(s, groups,
		SSL_SECOP_CURVE_CHECK))) {
		&& (!checkallow
		\|\| tls_curve_allowed(s, groups, SSL_SECOP_CURVE_CHECK))) {
		break;
		}
		}
		@@ -489,7 +485,7 @@ static int check_in_list(SSL *s, unsigned int group_id,
		* the raw PACKET data for the extension. Returns 1 on success or 0 on failure.
		* If a failure occurs then \|*al\| is set to an appropriate alert value.
		*/
		int tls_parse_client_key_share(SSL s, PACKET pkt, int *al)
		int tls_parse_ctos_key_share(SSL s, PACKET pkt, int *al)
		{
		unsigned int group_id;
		PACKET key_share_list, encoded_pt;
		@@ -585,6 +581,7 @@ int tls_parse_client_key_share(SSL s, PACKET pkt, int *al)
		} else {
		/* Set up EVP_PKEY with named curve as parameters */
		EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);

		if (pctx == NULL
		\|\| EVP_PKEY_paramgen_init(pctx) <= 0
		\|\| EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
		@@ -615,7 +612,7 @@ int tls_parse_client_key_share(SSL s, PACKET pkt, int *al)
		}

		#ifndef OPENSSL_NO_EC
		int tls_parse_client_supported_groups(SSL s, PACKET pkt, int *al)
		int tls_parse_ctos_supported_groups(SSL s, PACKET pkt, int *al)
		{
		PACKET supported_groups_list;

		@@ -639,7 +636,7 @@ int tls_parse_client_supported_groups(SSL s, PACKET pkt, int *al)
		}
		#endif

		int tls_parse_client_ems(SSL s, PACKET pkt, int *al)
		int tls_parse_ctos_ems(SSL s, PACKET pkt, int *al)
		{
		/* The extension must always be empty */
		if (PACKET_remaining(pkt) != 0) {
		@@ -652,8 +649,10 @@ int tls_parse_client_ems(SSL s, PACKET pkt, int *al)
		return 1;
		}

		/* Add the server's renegotiation binding */
		int tls_construct_server_renegotiate(SSL s, WPACKET pkt, int *al)
		/*
		* Add the server's renegotiation binding
		*/
		int tls_construct_stoc_renegotiate(SSL s, WPACKET pkt, int *al)
		{
		if (!s->s3->send_connection_binding)
		return 1;
		@@ -674,7 +673,7 @@ int tls_construct_server_renegotiate(SSL s, WPACKET pkt, int *al)
		return 1;
		}

		int tls_construct_server_server_name(SSL s, WPACKET pkt, int *al)
		int tls_construct_stoc_server_name(SSL s, WPACKET pkt, int *al)
		{
		if (s->hit \|\| s->servername_done != 1
		\|\| s->session->tlsext_hostname == NULL)
		@@ -690,7 +689,7 @@ int tls_construct_server_server_name(SSL s, WPACKET pkt, int *al)
		}

		#ifndef OPENSSL_NO_EC
		int tls_construct_server_ec_pt_formats(SSL s, WPACKET pkt, int *al)
		int tls_construct_stoc_ec_pt_formats(SSL s, WPACKET pkt, int *al)
		{
		unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
		unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
		@@ -703,7 +702,6 @@ int tls_construct_server_ec_pt_formats(SSL s, WPACKET pkt, int *al)
		return 1;

		tls1_get_formatlist(s, &plist, &plistlen);

		if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats)
		\|\| !WPACKET_start_sub_packet_u16(pkt)
		\|\| !WPACKET_sub_memcpy_u8(pkt, plist, plistlen)
		@@ -716,7 +714,7 @@ int tls_construct_server_ec_pt_formats(SSL s, WPACKET pkt, int *al)
		}
		#endif

		int tls_construct_server_session_ticket(SSL s, WPACKET pkt, int *al)
		int tls_construct_stoc_session_ticket(SSL s, WPACKET pkt, int *al)
		{
		if (!s->tlsext_ticket_expected \|\| !tls_use_ticket(s)) {
		s->tlsext_ticket_expected = 0;
		@@ -733,7 +731,7 @@ int tls_construct_server_session_ticket(SSL s, WPACKET pkt, int *al)
		}

		#ifndef OPENSSL_NO_OCSP
		int tls_construct_server_status_request(SSL s, WPACKET pkt, int *al)
		int tls_construct_stoc_status_request(SSL s, WPACKET pkt, int *al)
		{
		if (!s->tlsext_status_expected)
		return 1;
		@@ -750,7 +748,7 @@ int tls_construct_server_status_request(SSL s, WPACKET pkt, int *al)


		#ifndef OPENSSL_NO_NEXTPROTONEG
		int tls_construct_server_next_proto_neg(SSL s, WPACKET pkt, int *al)
		int tls_construct_stoc_next_proto_neg(SSL s, WPACKET pkt, int *al)
		{
		const unsigned char *npa;
		unsigned int npalen;
		@@ -777,7 +775,7 @@ int tls_construct_server_next_proto_neg(SSL s, WPACKET pkt, int *al)
		}
		#endif

		int tls_construct_server_alpn(SSL s, WPACKET pkt, int *al)
		int tls_construct_stoc_alpn(SSL s, WPACKET pkt, int *al)
		{
		if (s->s3->alpn_selected == NULL)
		return 1;
		@@ -798,7 +796,7 @@ int tls_construct_server_alpn(SSL s, WPACKET pkt, int *al)
		}

		#ifndef OPENSSL_NO_SRTP
		int tls_construct_server_use_srtp(SSL s, WPACKET pkt, int *al)
		int tls_construct_stoc_use_srtp(SSL s, WPACKET pkt, int *al)
		{
		if (s->srtp_profile == NULL)
		return 1;
		@@ -817,7 +815,7 @@ int tls_construct_server_use_srtp(SSL s, WPACKET pkt, int *al)
		}
		#endif

		int tls_construct_server_etm(SSL s, WPACKET pkt, int *al)
		int tls_construct_stoc_etm(SSL s, WPACKET pkt, int *al)
		{
		if ((s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) == 0)
		return 1;
		@@ -843,7 +841,7 @@ int tls_construct_server_etm(SSL s, WPACKET pkt, int *al)
		return 1;
		}

		int tls_construct_server_ems(SSL s, WPACKET pkt, int *al)
		int tls_construct_stoc_ems(SSL s, WPACKET pkt, int *al)
		{
		if ((s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
		return 1;
		@@ -857,7 +855,7 @@ int tls_construct_server_ems(SSL s, WPACKET pkt, int *al)
		return 1;
		}

		int tls_construct_server_key_share(SSL s, WPACKET pkt, int *al)
		int tls_construct_stoc_key_share(SSL s, WPACKET pkt, int *al)
		{
		unsigned char *encodedPoint;
		size_t encoded_pt_len = 0;
		@@ -911,7 +909,7 @@ int tls_construct_server_key_share(SSL s, WPACKET pkt, int *al)
		return 1;
		}

		int tls_construct_server_cryptopro_bug(SSL s, WPACKET pkt, int *al)
		int tls_construct_stoc_cryptopro_bug(SSL s, WPACKET pkt, int *al)
		{
		const unsigned char cryptopro_ext[36] = {
		0xfd, 0xe8, /* 65000 */

ssl/statem/statem_clnt.c

+4 −3

Original line number	Diff line number	Diff line
		@@ -1132,7 +1132,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL s, PACKET pkt)
		* server wants to resume.
		*/
		if (s->version >= TLS1_VERSION && !SSL_IS_TLS13(s)
		&& s->tls_session_secret_cb && s->session->tlsext_tick) {
		&& s->tls_session_secret_cb != NULL && s->session->tlsext_tick) {
		const SSL_CIPHER *pref_cipher = NULL;
		/*
		* s->session->master_key_length is a size_t, but this is an int for
		@@ -3112,7 +3112,8 @@ static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL s, PACKET pkt)
		*/
		if (!tls_collect_extensions(s, &extensions,
		EXT_TLS1_3_ENCRYPTED_EXTENSIONS
		\| EXT_TLS1_3_CERTIFICATE, &rawexts, &al)
		\| EXT_TLS1_3_CERTIFICATE,
		&rawexts, &al)
		\|\| !tls_parse_all_extensions(s,
		EXT_TLS1_3_ENCRYPTED_EXTENSIONS
		\| EXT_TLS1_3_CERTIFICATE,

ssl/statem/statem_locl.h

+55 −55

File changed.

Preview size limit exceeded, changes collapsed.