static int test_PACKET_move_funcs(PACKET *pkt, size_t start) { unsigned char *byte; size_t bm; if ( !PACKET_goto_bookmark(pkt, start) || PACKET_back(pkt, 1) || !PACKET_forward(pkt, 1) || !PACKET_get_bytes(pkt, &byte, 1) || byte[0] != 4 || !PACKET_get_bookmark(pkt, &bm) || !PACKET_forward(pkt, BUF_LEN - 2) || PACKET_forward(pkt, 1) || !PACKET_back(pkt, 1) || !PACKET_get_bytes(pkt, &byte, 1) || byte[0] != 0xfe || !PACKET_goto_bookmark(pkt, bm) || !PACKET_get_bytes(pkt, &byte, 1) || byte[0] != 6) { fprintf(stderr, "test_PACKET_move_funcs() failed\n"); return 0; } return 1; }
/* * Parse the server's renegotiation binding and abort if it's not right */ int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al) { unsigned int expected_len = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len; unsigned int ilen; const unsigned char *data; /* Check for logic errors */ OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len); OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len); /* Parse the length byte */ if (!PACKET_get_1(pkt, &ilen)) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; } /* Consistency check */ if (PACKET_remaining(pkt) != ilen) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; } /* Check that the extension matches */ if (ilen != expected_len) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; } if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len) || memcmp(data, s->s3->previous_client_finished, s->s3->previous_client_finished_len) != 0) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; } if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len) || memcmp(data, s->s3->previous_server_finished, s->s3->previous_server_finished_len) != 0) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; } #ifdef OPENSSL_RI_DEBUG fprintf(stderr, "%s RI extension received by client\n", ilen ? "Non-empty" : "Empty"); #endif s->s3->send_connection_binding = 1; return 1; }
/* * Parse the server's renegotiation binding and abort if it's not right */ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al) { size_t expected_len = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len; size_t ilen; const unsigned char *data; /* Check for logic errors */ assert(expected_len == 0 || s->s3->previous_client_finished_len != 0); assert(expected_len == 0 || s->s3->previous_server_finished_len != 0); /* Parse the length byte */ if (!PACKET_get_1_len(pkt, &ilen)) { SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; } /* Consistency check */ if (PACKET_remaining(pkt) != ilen) { SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; } /* Check that the extension matches */ if (ilen != expected_len) { SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; } if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len) || memcmp(data, s->s3->previous_client_finished, s->s3->previous_client_finished_len) != 0) { SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; } if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len) || memcmp(data, s->s3->previous_server_finished, s->s3->previous_server_finished_len) != 0) { SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; } s->s3->send_connection_binding = 1; return 1; }
/* * Parse the client's renegotiation binding and abort if it's not right */ int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al) { unsigned int ilen; const unsigned char *data; /* Parse the length byte */ if (!PACKET_get_1(pkt, &ilen) || !PACKET_get_bytes(pkt, &data, ilen)) { SSLerr(SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_DECODE_ERROR; return 0; } /* Check that the extension matches */ if (ilen != s->s3->previous_client_finished_len) { SSLerr(SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; } if (memcmp(data, s->s3->previous_client_finished, s->s3->previous_client_finished_len)) { SSLerr(SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; } s->s3->send_connection_binding = 1; return 1; }
/* * Parse the client's renegotiation binding and abort if it's not right */ int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al) { unsigned int ilen; const unsigned char *d; /* Parse the length byte */ if (!PACKET_get_1(pkt, &ilen) || !PACKET_get_bytes(pkt, &d, ilen)) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; } /* Check that the extension matches */ if (ilen != s->s3->previous_client_finished_len) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; } if (memcmp(d, s->s3->previous_client_finished, s->s3->previous_client_finished_len)) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; } s->s3->send_connection_binding = 1; return 1; }
static int test_PACKET_forward() { const unsigned char *byte; PACKET pkt; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) || !TEST_true(PACKET_forward(&pkt, 1)) || !TEST_true(PACKET_get_bytes(&pkt, &byte, 1)) || !TEST_uchar_eq(byte[0], 4) || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 3)) || !TEST_true(PACKET_get_bytes(&pkt, &byte, 1)) || !TEST_uchar_eq(byte[0], 0xfe)) return 0; return 1; }
static int test_PACKET_forward(unsigned char buf[BUF_LEN]) { unsigned char *byte; PACKET pkt; if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) || !PACKET_forward(&pkt, 1) || !PACKET_get_bytes(&pkt, &byte, 1) || byte[0] != 4 || !PACKET_forward(&pkt, BUF_LEN - 3) || !PACKET_get_bytes(&pkt, &byte, 1) || byte[0] != 0xfe) { fprintf(stderr, "test_PACKET_forward() failed\n"); return 0; } return 1; }
static int test_PACKET_get_bytes(PACKET *pkt, size_t start) { unsigned char *bytes; if ( !PACKET_goto_bookmark(pkt, start) || !PACKET_get_bytes(pkt, &bytes, 4) || bytes[0] != 2 || bytes[1] != 4 || bytes[2] != 6 || bytes[3] != 8 || PACKET_remaining(pkt) != BUF_LEN -4 || !PACKET_forward(pkt, BUF_LEN - 8) || !PACKET_get_bytes(pkt, &bytes, 4) || bytes[0] != 0xf8 || bytes[1] != 0xfa || bytes[2] != 0xfc || bytes[3] != 0xfe || PACKET_remaining(pkt)) { fprintf(stderr, "test_PACKET_get_bytes() failed\n"); return 0; } return 1; }
static int test_PACKET_get_bytes(unsigned char buf[BUF_LEN]) { unsigned char *bytes; PACKET pkt; if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) || !PACKET_get_bytes(&pkt, &bytes, 4) || bytes[0] != 2 || bytes[1] != 4 || bytes[2] != 6 || bytes[3] != 8 || PACKET_remaining(&pkt) != BUF_LEN -4 || !PACKET_forward(&pkt, BUF_LEN - 8) || !PACKET_get_bytes(&pkt, &bytes, 4) || bytes[0] != 0xf8 || bytes[1] != 0xfa || bytes[2] != 0xfc || bytes[3] != 0xfe || PACKET_remaining(&pkt)) { fprintf(stderr, "test_PACKET_get_bytes() failed\n"); return 0; } return 1; }
static int test_PACKET_get_bytes() { const unsigned char *bytes; PACKET pkt; if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) || !TEST_true(PACKET_get_bytes(&pkt, &bytes, 4)) || !TEST_uchar_eq(bytes[0], 2) || !TEST_uchar_eq(bytes[1], 4) || !TEST_uchar_eq(bytes[2], 6) || !TEST_uchar_eq(bytes[3], 8) || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN -4) || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) || !TEST_true(PACKET_get_bytes(&pkt, &bytes, 4)) || !TEST_uchar_eq(bytes[0], 0xf8) || !TEST_uchar_eq(bytes[1], 0xfa) || !TEST_uchar_eq(bytes[2], 0xfc) || !TEST_uchar_eq(bytes[3], 0xfe) || !TEST_false(PACKET_remaining(&pkt))) return 0; return 1; }
/* * Parse the client's renegotiation binding and abort if it's not right */ int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al) { unsigned int ilen; unsigned char *d; /* Parse the length byte */ if (!PACKET_get_1(pkt, &ilen) || !PACKET_get_bytes(pkt, &d, ilen)) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; return 0; } /* Check that the extension matches */ if (ilen != s->s3->previous_client_finished_len) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; } if (memcmp(d, s->s3->previous_client_finished, s->s3->previous_client_finished_len)) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); *al = SSL_AD_HANDSHAKE_FAILURE; return 0; } #ifdef OPENSSL_RI_DEBUG fprintf(stderr, "%s RI extension received by server\n", ilen ? "Non-empty" : "Empty"); #endif s->s3->send_connection_binding = 1; return 1; }