int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, int *al) { size_t len; /* We must have requested it. */ if (!s->s3->alpn_sent) { *al = SSL_AD_UNSUPPORTED_EXTENSION; return 0; } /*- * The extension data consists of: * uint16 list_length * uint8 proto_length; * uint8 proto[proto_length]; */ if (!PACKET_get_net_2_len(pkt, &len) || PACKET_remaining(pkt) != len || !PACKET_get_1_len(pkt, &len) || PACKET_remaining(pkt) != len) { *al = SSL_AD_DECODE_ERROR; return 0; } OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = OPENSSL_malloc(len); if (s->s3->alpn_selected == NULL) { *al = SSL_AD_INTERNAL_ERROR; return 0; } if (!PACKET_copy_bytes(pkt, s->s3->alpn_selected, len)) { *al = SSL_AD_DECODE_ERROR; return 0; } s->s3->alpn_selected_len = len; return 1; }
/* * Parse the server's renegotiation binding and abort if it's not right */ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al) { size_t expected_len = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len; size_t ilen; const unsigned char *data; /* Check for logic errors */ assert(expected_len == 0 || s->s3->previous_client_finished_len != 0); assert(expected_len == 0 || s->s3->previous_server_finished_len != 0); /* Parse the length byte */ if (!PACKET_get_1_len(pkt, &ilen)) { SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; } /* Consistency check */ if (PACKET_remaining(pkt) != ilen) { SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; } /* Check that the extension matches */ if (ilen != expected_len) { SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; } if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len) || memcmp(data, s->s3->previous_client_finished, s->s3->previous_client_finished_len) != 0) { SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; } if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len) || memcmp(data, s->s3->previous_server_finished, s->s3->previous_server_finished_len) != 0) { SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; } s->s3->send_connection_binding = 1; return 1; }