diff options
author | Matt Caswell <matt@openssl.org> | 2015-08-04 17:36:02 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-09-07 10:45:38 +0100 |
commit | 50932c4af2fdd1da01203e9fabe176f9c106882b (patch) | |
tree | ced91433db18898536f2282a590ca50f13101749 /ssl/t1_reneg.c | |
parent | 0e2d091103ed5846c72a5c9e8b10e25ead4bf152 (diff) |
PACKETise ServerHello processing
Process ServerHello messages using the PACKET API
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl/t1_reneg.c')
-rw-r--r-- | ssl/t1_reneg.c | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/ssl/t1_reneg.c b/ssl/t1_reneg.c index 22a71fed49..3fb6a96a4d 100644 --- a/ssl/t1_reneg.c +++ b/ssl/t1_reneg.c @@ -220,29 +220,27 @@ int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, /* * Parse the server's renegotiation binding and abort if it's not right */ -int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, - int *al) +int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al) { - int expected_len = s->s3->previous_client_finished_len + unsigned int expected_len = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len; - int ilen; + unsigned int ilen; + unsigned char *data; /* Check for logic errors */ OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len); OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len); /* Parse the length byte */ - if (len < 1) { + if (!PACKET_get_1(pkt, &ilen)) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; } - ilen = *d; - d++; /* Consistency check */ - if (ilen + 1 != len) { + if (PACKET_remaining(pkt) != ilen) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; @@ -257,17 +255,18 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, return 0; } - if (memcmp(d, s->s3->previous_client_finished, - s->s3->previous_client_finished_len)) { + if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len) + || memcmp(data, s->s3->previous_client_finished, + s->s3->previous_client_finished_len) != 0) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; } - d += s->s3->previous_client_finished_len; - if (memcmp(d, s->s3->previous_server_finished, - s->s3->previous_server_finished_len)) { + if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len) + || memcmp(data, s->s3->previous_server_finished, + s->s3->previous_server_finished_len) != 0) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_ILLEGAL_PARAMETER; |