/* * Save the ALPN extension in a ClientHello.|pkt| holds the contents of the ALPN * extension, not including type and length. |al| is a pointer to the alert * value to send in the event of a failure. Returns: 1 on success, 0 on error. */ int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al) { PACKET protocol_list, save_protocol_list, protocol; if (!SSL_IS_FIRST_HANDSHAKE(s)) return 1; if (!PACKET_as_length_prefixed_2(pkt, &protocol_list) || PACKET_remaining(&protocol_list) < 2) { *al = SSL_AD_DECODE_ERROR; return 0; } save_protocol_list = protocol_list; do { /* Protocol names can't be empty. */ if (!PACKET_get_length_prefixed_1(&protocol_list, &protocol) || PACKET_remaining(&protocol) == 0) { *al = SSL_AD_DECODE_ERROR; return 0; } } while (PACKET_remaining(&protocol_list) != 0); OPENSSL_free(s->s3->alpn_proposed); s->s3->alpn_proposed = NULL; s->s3->alpn_proposed_len = 0; if (!PACKET_memdup(&save_protocol_list, &s->s3->alpn_proposed, &s->s3->alpn_proposed_len)) { *al = SSL_AD_INTERNAL_ERROR; return 0; } return 1; }
int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al) { PACKET supported_groups_list; /* Each group is 2 bytes and we must have at least 1. */ if (!PACKET_as_length_prefixed_2(pkt, &supported_groups_list) || PACKET_remaining(&supported_groups_list) == 0 || (PACKET_remaining(&supported_groups_list) % 2) != 0) { *al = SSL_AD_DECODE_ERROR; return 0; } if (!s->hit || SSL_IS_TLS13(s)) { OPENSSL_free(s->session->ext.supportedgroups); s->session->ext.supportedgroups = NULL; s->session->ext.supportedgroups_len = 0; if (!PACKET_memdup(&supported_groups_list, &s->session->ext.supportedgroups, &s->session->ext.supportedgroups_len)) { *al = SSL_AD_INTERNAL_ERROR; return 0; } } return 1; }
/* * Save the ALPN extension in a ClientHello.|pkt| holds the contents of the ALPN * extension, not including type and length. |al| is a pointer to the alert * value to send in the event of a failure. Returns: 1 on success, 0 on error. */ int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, int *al) { PACKET protocol_list, save_protocol_list, protocol; if (s->s3->tmp.finish_md_len != 0) return 1; if (!PACKET_as_length_prefixed_2(pkt, &protocol_list) || PACKET_remaining(&protocol_list) < 2) { *al = SSL_AD_DECODE_ERROR; return 0; } save_protocol_list = protocol_list; do { /* Protocol names can't be empty. */ if (!PACKET_get_length_prefixed_1(&protocol_list, &protocol) || PACKET_remaining(&protocol) == 0) { *al = SSL_AD_DECODE_ERROR; return 0; } } while (PACKET_remaining(&protocol_list) != 0); if (!PACKET_memdup(&save_protocol_list, &s->s3->alpn_proposed, &s->s3->alpn_proposed_len)) { *al = TLS1_AD_INTERNAL_ERROR; return 0; } return 1; }
static int test_PACKET_memdup() { unsigned char *data = NULL; size_t len; PACKET pkt; int result = 0; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) || !TEST_true(PACKET_memdup(&pkt, &data, &len)) || !TEST_size_t_eq(len, BUF_LEN) || !TEST_mem_eq(data, len, PACKET_data(&pkt), len) || !TEST_true(PACKET_forward(&pkt, 10)) || !TEST_true(PACKET_memdup(&pkt, &data, &len)) || !TEST_size_t_eq(len, BUF_LEN - 10) || !TEST_mem_eq(data, len, PACKET_data(&pkt), len)) goto end; result = 1; end: OPENSSL_free(data); return result; }
static int test_PACKET_memdup(unsigned char buf[BUF_LEN]) { unsigned char *data = NULL; size_t len; PACKET pkt; if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) || !PACKET_memdup(&pkt, &data, &len) || len != BUF_LEN || memcmp(data, PACKET_data(&pkt), len) || !PACKET_forward(&pkt, 10) || !PACKET_memdup(&pkt, &data, &len) || len != BUF_LEN - 10 || memcmp(data, PACKET_data(&pkt), len)) { fprintf(stderr, "test_PACKET_memdup() failed\n"); OPENSSL_free(data); return 0; } OPENSSL_free(data); return 1; }
int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, int *al) { PACKET ec_point_format_list; if (!PACKET_as_length_prefixed_1(pkt, &ec_point_format_list) || PACKET_remaining(&ec_point_format_list) == 0) { *al = SSL_AD_DECODE_ERROR; return 0; } if (!s->hit) { if (!PACKET_memdup(&ec_point_format_list, &s->session->tlsext_ecpointformatlist, &s->session->tlsext_ecpointformatlist_length)) { *al = TLS1_AD_INTERNAL_ERROR; return 0; } } return 1; }
int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al) { PACKET ec_point_format_list; if (!PACKET_as_length_prefixed_1(pkt, &ec_point_format_list) || PACKET_remaining(&ec_point_format_list) == 0) { *al = SSL_AD_DECODE_ERROR; return 0; } if (!s->hit) { if (!PACKET_memdup(&ec_point_format_list, &s->session->ext.ecpointformats, &s->session->ext.ecpointformats_len)) { *al = SSL_AD_INTERNAL_ERROR; return 0; } } return 1; }
int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, int *al) { PACKET supported_groups_list; /* Each group is 2 bytes and we must have at least 1. */ if (!PACKET_as_length_prefixed_2(pkt, &supported_groups_list) || PACKET_remaining(&supported_groups_list) == 0 || (PACKET_remaining(&supported_groups_list) % 2) != 0) { *al = SSL_AD_DECODE_ERROR; return 0; } if (!s->hit && !PACKET_memdup(&supported_groups_list, &s->session->tlsext_supportedgroupslist, &s->session->tlsext_supportedgroupslist_length)) { *al = SSL_AD_DECODE_ERROR; return 0; } return 1; }
int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { PACKET ec_point_format_list; if (!PACKET_as_length_prefixed_1(pkt, &ec_point_format_list) || PACKET_remaining(&ec_point_format_list) == 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS, SSL_R_BAD_EXTENSION); return 0; } if (!s->hit) { if (!PACKET_memdup(&ec_point_format_list, &s->session->ext.ecpointformats, &s->session->ext.ecpointformats_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR); return 0; } } return 1; }