diff options
Diffstat (limited to 'ssl/statem/extensions_clnt.c')
-rw-r--r-- | ssl/statem/extensions_clnt.c | 48 |
1 files changed, 43 insertions, 5 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 381a6c9d7b..ef51c61ef3 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -16,10 +16,37 @@ EXT_RETURN tls_construct_ctos_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - /* Add RI if renegotiating */ - if (!s->renegotiate) - return EXT_RETURN_NOT_SENT; + if (!s->renegotiate) { + /* If not renegotiating, send an empty RI extension to indicate support */ + +#if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION +# error Internal DTLS version error +#endif + + if (!SSL_CONNECTION_IS_DTLS(s) + && (s->min_proto_version >= TLS1_3_VERSION + || (ssl_security(s, SSL_SECOP_VERSION, 0, TLS1_VERSION, NULL) + && s->min_proto_version <= TLS1_VERSION))) { + /* + * For TLS <= 1.0 SCSV is used instead, and for TLS 1.3 this + * extension isn't used at all. + */ + return EXT_RETURN_NOT_SENT; + } + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, 0) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; + } + + /* Add a complete RI extension if renegotiating */ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_sub_memcpy_u8(pkt, s->s3.previous_client_finished, @@ -952,8 +979,12 @@ EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt, * Add the fixed PSK overhead, the identity length and the binder * length. */ + int md_size = EVP_MD_get_size(md); + + if (md_size <= 0) + return EXT_RETURN_FAIL; hlen += PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen - + EVP_MD_get_size(md); + + md_size; } } @@ -992,7 +1023,8 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, { #ifndef OPENSSL_NO_TLS1_3 uint32_t agesec, agems = 0; - size_t reshashsize = 0, pskhashsize = 0, binderoffset, msglen; + size_t binderoffset, msglen; + int reshashsize = 0, pskhashsize = 0; unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL; const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL; int dores = 0; @@ -1088,6 +1120,8 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, agems += s->session->ext.tick_age_add; reshashsize = EVP_MD_get_size(mdres); + if (reshashsize <= 0) + goto dopsksess; s->ext.tick_identity++; dores = 1; } @@ -1117,6 +1151,10 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, } pskhashsize = EVP_MD_get_size(mdpsk); + if (pskhashsize <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_PSK); + return EXT_RETURN_FAIL; + } } /* Create the extension, but skip over the binder for now */ |