diff options
| author |   djm <djm@openbsd.org> | 2011-11-03 02:34:28 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2011-11-03 02:34:28 +0000 |
| commit | c32db552feb5310e2f4b27f02d313cfbf0b82a8a (patch) | |
| tree | b7b6074be11e20dcb5106c8a27f96bcb3fcdf5c2 /lib/libssl/src/ssl/t1_lib.c | |
| parent | import OpenSSL 1.0.0e (diff) | |
| download | wireguard-openbsd-c32db552feb5310e2f4b27f02d313cfbf0b82a8a.tar.xz wireguard-openbsd-c32db552feb5310e2f4b27f02d313cfbf0b82a8a.zip | |
openssl-1.0.0e: resolve conflicts
Diffstat (limited to 'lib/libssl/src/ssl/t1_lib.c')
| -rw-r--r-- | lib/libssl/src/ssl/t1_lib.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c index 0baa70663aa..85371c87b8e 100644 --- a/lib/libssl/src/ssl/t1_lib.c +++ b/lib/libssl/src/ssl/t1_lib.c @@ -1013,9 +1013,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) { + unsigned short length; unsigned short type; unsigned short size; - unsigned short len; unsigned char *data = *p; int tlsext_servername = 0; int renegotiate_seen = 0; @@ -1023,7 +1023,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in if (data >= (d+n-2)) goto ri_check; - n2s(data,len); + n2s(data,length); + if (data+length != d+n) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } while(data <= (d+n-4)) { @@ -1453,23 +1458,20 @@ int ssl_check_serverhello_tlsext(SSL *s) int al = SSL_AD_UNRECOGNIZED_NAME; #ifndef OPENSSL_NO_EC - /* If we are client and using an elliptic curve cryptography cipher suite, then server - * must return a an EC point formats lists containing uncompressed. + /* If we are client and using an elliptic curve cryptography cipher + * suite, then if server returns an EC point formats lists extension + * it must contain uncompressed. */ unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && + (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) { /* we are using an ECC cipher */ size_t i; unsigned char *list; int found_uncompressed = 0; - if ((s->session->tlsext_ecpointformatlist == NULL) || (s->session->tlsext_ecpointformatlist_length == 0)) - { - SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); - return -1; - } list = s->session->tlsext_ecpointformatlist; for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) { |