static int test_PACKET_move_funcs(PACKET *pkt, size_t start)
{
unsigned char *byte;
size_t bm;
if ( !PACKET_goto_bookmark(pkt, start)
|| PACKET_back(pkt, 1)
|| !PACKET_forward(pkt, 1)
|| !PACKET_get_bytes(pkt, &byte, 1)
|| byte[0] != 4
|| !PACKET_get_bookmark(pkt, &bm)
|| !PACKET_forward(pkt, BUF_LEN - 2)
|| PACKET_forward(pkt, 1)
|| !PACKET_back(pkt, 1)
|| !PACKET_get_bytes(pkt, &byte, 1)
|| byte[0] != 0xfe
|| !PACKET_goto_bookmark(pkt, bm)
|| !PACKET_get_bytes(pkt, &byte, 1)
|| byte[0] != 6) {
fprintf(stderr, "test_PACKET_move_funcs() failed\n");
return 0;
}
return 1;
}
/*
* Parse the server's renegotiation binding and abort if it's not right
*/
int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
{
unsigned int expected_len = s->s3->previous_client_finished_len
+ s->s3->previous_server_finished_len;
unsigned int ilen;
const unsigned char *data;
/* Check for logic errors */
OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
/* Parse the length byte */
if (!PACKET_get_1(pkt, &ilen)) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*al = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
/* Consistency check */
if (PACKET_remaining(pkt) != ilen) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*al = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
/* Check that the extension matches */
if (ilen != expected_len) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len)
|| memcmp(data, s->s3->previous_client_finished,
s->s3->previous_client_finished_len) != 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len)
|| memcmp(data, s->s3->previous_server_finished,
s->s3->previous_server_finished_len) != 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
#ifdef OPENSSL_RI_DEBUG
fprintf(stderr, "%s RI extension received by client\n",
ilen ? "Non-empty" : "Empty");
#endif
s->s3->send_connection_binding = 1;
return 1;
}
/*
* Parse the server's renegotiation binding and abort if it's not right
*/
int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al)
{
size_t expected_len = s->s3->previous_client_finished_len
+ s->s3->previous_server_finished_len;
size_t ilen;
const unsigned char *data;
/* Check for logic errors */
assert(expected_len == 0 || s->s3->previous_client_finished_len != 0);
assert(expected_len == 0 || s->s3->previous_server_finished_len != 0);
/* Parse the length byte */
if (!PACKET_get_1_len(pkt, &ilen)) {
SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*al = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
/* Consistency check */
if (PACKET_remaining(pkt) != ilen) {
SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*al = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
/* Check that the extension matches */
if (ilen != expected_len) {
SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len)
|| memcmp(data, s->s3->previous_client_finished,
s->s3->previous_client_finished_len) != 0) {
SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len)
|| memcmp(data, s->s3->previous_server_finished,
s->s3->previous_server_finished_len) != 0) {
SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
s->s3->send_connection_binding = 1;
return 1;
}
/*
* Parse the client's renegotiation binding and abort if it's not right
*/
int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al)
{
unsigned int ilen;
const unsigned char *data;
/* Parse the length byte */
if (!PACKET_get_1(pkt, &ilen)
|| !PACKET_get_bytes(pkt, &data, ilen)) {
SSLerr(SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*al = SSL_AD_DECODE_ERROR;
return 0;
}
/* Check that the extension matches */
if (ilen != s->s3->previous_client_finished_len) {
SSLerr(SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
if (memcmp(data, s->s3->previous_client_finished,
s->s3->previous_client_finished_len)) {
SSLerr(SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
s->s3->send_connection_binding = 1;
return 1;
}
/*
* Parse the client's renegotiation binding and abort if it's not right
*/
int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
{
unsigned int ilen;
const unsigned char *d;
/* Parse the length byte */
if (!PACKET_get_1(pkt, &ilen)
|| !PACKET_get_bytes(pkt, &d, ilen)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*al = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
/* Check that the extension matches */
if (ilen != s->s3->previous_client_finished_len) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
if (memcmp(d, s->s3->previous_client_finished,
s->s3->previous_client_finished_len)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
s->s3->send_connection_binding = 1;
return 1;
}
static int test_PACKET_forward()
{
const unsigned char *byte;
PACKET pkt;
if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN))
|| !TEST_true(PACKET_forward(&pkt, 1))
|| !TEST_true(PACKET_get_bytes(&pkt, &byte, 1))
|| !TEST_uchar_eq(byte[0], 4)
|| !TEST_true(PACKET_forward(&pkt, BUF_LEN - 3))
|| !TEST_true(PACKET_get_bytes(&pkt, &byte, 1))
|| !TEST_uchar_eq(byte[0], 0xfe))
return 0;
return 1;
}
static int test_PACKET_forward(unsigned char buf[BUF_LEN])
{
unsigned char *byte;
PACKET pkt;
if ( !PACKET_buf_init(&pkt, buf, BUF_LEN)
|| !PACKET_forward(&pkt, 1)
|| !PACKET_get_bytes(&pkt, &byte, 1)
|| byte[0] != 4
|| !PACKET_forward(&pkt, BUF_LEN - 3)
|| !PACKET_get_bytes(&pkt, &byte, 1)
|| byte[0] != 0xfe) {
fprintf(stderr, "test_PACKET_forward() failed\n");
return 0;
}
return 1;
}
static int test_PACKET_get_bytes(PACKET *pkt, size_t start)
{
unsigned char *bytes;
if ( !PACKET_goto_bookmark(pkt, start)
|| !PACKET_get_bytes(pkt, &bytes, 4)
|| bytes[0] != 2 || bytes[1] != 4
|| bytes[2] != 6 || bytes[3] != 8
|| PACKET_remaining(pkt) != BUF_LEN -4
|| !PACKET_forward(pkt, BUF_LEN - 8)
|| !PACKET_get_bytes(pkt, &bytes, 4)
|| bytes[0] != 0xf8 || bytes[1] != 0xfa
|| bytes[2] != 0xfc || bytes[3] != 0xfe
|| PACKET_remaining(pkt)) {
fprintf(stderr, "test_PACKET_get_bytes() failed\n");
return 0;
}
return 1;
}
static int test_PACKET_get_bytes(unsigned char buf[BUF_LEN])
{
unsigned char *bytes;
PACKET pkt;
if ( !PACKET_buf_init(&pkt, buf, BUF_LEN)
|| !PACKET_get_bytes(&pkt, &bytes, 4)
|| bytes[0] != 2 || bytes[1] != 4
|| bytes[2] != 6 || bytes[3] != 8
|| PACKET_remaining(&pkt) != BUF_LEN -4
|| !PACKET_forward(&pkt, BUF_LEN - 8)
|| !PACKET_get_bytes(&pkt, &bytes, 4)
|| bytes[0] != 0xf8 || bytes[1] != 0xfa
|| bytes[2] != 0xfc || bytes[3] != 0xfe
|| PACKET_remaining(&pkt)) {
fprintf(stderr, "test_PACKET_get_bytes() failed\n");
return 0;
}
return 1;
}
static int test_PACKET_get_bytes()
{
const unsigned char *bytes;
PACKET pkt;
if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN))
|| !TEST_true(PACKET_get_bytes(&pkt, &bytes, 4))
|| !TEST_uchar_eq(bytes[0], 2)
|| !TEST_uchar_eq(bytes[1], 4)
|| !TEST_uchar_eq(bytes[2], 6)
|| !TEST_uchar_eq(bytes[3], 8)
|| !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN -4)
|| !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8))
|| !TEST_true(PACKET_get_bytes(&pkt, &bytes, 4))
|| !TEST_uchar_eq(bytes[0], 0xf8)
|| !TEST_uchar_eq(bytes[1], 0xfa)
|| !TEST_uchar_eq(bytes[2], 0xfc)
|| !TEST_uchar_eq(bytes[3], 0xfe)
|| !TEST_false(PACKET_remaining(&pkt)))
return 0;
return 1;
}
/*
* Parse the client's renegotiation binding and abort if it's not right
*/
int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
{
unsigned int ilen;
unsigned char *d;
/* Parse the length byte */
if (!PACKET_get_1(pkt, &ilen)
|| !PACKET_get_bytes(pkt, &d, ilen)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*al = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
/* Check that the extension matches */
if (ilen != s->s3->previous_client_finished_len) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
if (memcmp(d, s->s3->previous_client_finished,
s->s3->previous_client_finished_len)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
#ifdef OPENSSL_RI_DEBUG
fprintf(stderr, "%s RI extension received by server\n",
ilen ? "Non-empty" : "Empty");
#endif
s->s3->send_connection_binding = 1;
return 1;
}
