/src/openssl/ssl/t1_reneg.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* ssl/t1_reneg.c */ |
2 | | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | | * All rights reserved. |
4 | | * |
5 | | * This package is an SSL implementation written |
6 | | * by Eric Young (eay@cryptsoft.com). |
7 | | * The implementation was written so as to conform with Netscapes SSL. |
8 | | * |
9 | | * This library is free for commercial and non-commercial use as long as |
10 | | * the following conditions are aheared to. The following conditions |
11 | | * apply to all code found in this distribution, be it the RC4, RSA, |
12 | | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
13 | | * included with this distribution is covered by the same copyright terms |
14 | | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
15 | | * |
16 | | * Copyright remains Eric Young's, and as such any Copyright notices in |
17 | | * the code are not to be removed. |
18 | | * If this package is used in a product, Eric Young should be given attribution |
19 | | * as the author of the parts of the library used. |
20 | | * This can be in the form of a textual message at program startup or |
21 | | * in documentation (online or textual) provided with the package. |
22 | | * |
23 | | * Redistribution and use in source and binary forms, with or without |
24 | | * modification, are permitted provided that the following conditions |
25 | | * are met: |
26 | | * 1. Redistributions of source code must retain the copyright |
27 | | * notice, this list of conditions and the following disclaimer. |
28 | | * 2. Redistributions in binary form must reproduce the above copyright |
29 | | * notice, this list of conditions and the following disclaimer in the |
30 | | * documentation and/or other materials provided with the distribution. |
31 | | * 3. All advertising materials mentioning features or use of this software |
32 | | * must display the following acknowledgement: |
33 | | * "This product includes cryptographic software written by |
34 | | * Eric Young (eay@cryptsoft.com)" |
35 | | * The word 'cryptographic' can be left out if the rouines from the library |
36 | | * being used are not cryptographic related :-). |
37 | | * 4. If you include any Windows specific code (or a derivative thereof) from |
38 | | * the apps directory (application code) you must include an acknowledgement: |
39 | | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
40 | | * |
41 | | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
42 | | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
43 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
44 | | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
45 | | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
46 | | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
47 | | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
48 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
49 | | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
50 | | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
51 | | * SUCH DAMAGE. |
52 | | * |
53 | | * The licence and distribution terms for any publically available version or |
54 | | * derivative of this code cannot be changed. i.e. this code cannot simply be |
55 | | * copied and put under another distribution licence |
56 | | * [including the GNU Public Licence.] |
57 | | */ |
58 | | /* ==================================================================== |
59 | | * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved. |
60 | | * |
61 | | * Redistribution and use in source and binary forms, with or without |
62 | | * modification, are permitted provided that the following conditions |
63 | | * are met: |
64 | | * |
65 | | * 1. Redistributions of source code must retain the above copyright |
66 | | * notice, this list of conditions and the following disclaimer. |
67 | | * |
68 | | * 2. Redistributions in binary form must reproduce the above copyright |
69 | | * notice, this list of conditions and the following disclaimer in |
70 | | * the documentation and/or other materials provided with the |
71 | | * distribution. |
72 | | * |
73 | | * 3. All advertising materials mentioning features or use of this |
74 | | * software must display the following acknowledgment: |
75 | | * "This product includes software developed by the OpenSSL Project |
76 | | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
77 | | * |
78 | | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
79 | | * endorse or promote products derived from this software without |
80 | | * prior written permission. For written permission, please contact |
81 | | * openssl-core@openssl.org. |
82 | | * |
83 | | * 5. Products derived from this software may not be called "OpenSSL" |
84 | | * nor may "OpenSSL" appear in their names without prior written |
85 | | * permission of the OpenSSL Project. |
86 | | * |
87 | | * 6. Redistributions of any form whatsoever must retain the following |
88 | | * acknowledgment: |
89 | | * "This product includes software developed by the OpenSSL Project |
90 | | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
91 | | * |
92 | | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
93 | | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
94 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
95 | | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
96 | | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
97 | | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
98 | | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
99 | | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
100 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
101 | | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
102 | | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
103 | | * OF THE POSSIBILITY OF SUCH DAMAGE. |
104 | | * ==================================================================== |
105 | | * |
106 | | * This product includes cryptographic software written by Eric Young |
107 | | * (eay@cryptsoft.com). This product includes software written by Tim |
108 | | * Hudson (tjh@cryptsoft.com). |
109 | | * |
110 | | */ |
111 | | #include <stdio.h> |
112 | | #include <openssl/objects.h> |
113 | | #include "ssl_locl.h" |
114 | | |
115 | | /* Add the client's renegotiation binding */ |
116 | | int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, |
117 | | int maxlen) |
118 | 0 | { |
119 | 0 | if (p) { |
120 | 0 | if ((s->s3->previous_client_finished_len + 1) > maxlen) { |
121 | 0 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, |
122 | 0 | SSL_R_RENEGOTIATE_EXT_TOO_LONG); |
123 | 0 | return 0; |
124 | 0 | } |
125 | | |
126 | | /* Length byte */ |
127 | 0 | *p = s->s3->previous_client_finished_len; |
128 | 0 | p++; |
129 | |
|
130 | 0 | memcpy(p, s->s3->previous_client_finished, |
131 | 0 | s->s3->previous_client_finished_len); |
132 | | #ifdef OPENSSL_RI_DEBUG |
133 | | fprintf(stderr, "%s RI extension sent by client\n", |
134 | | s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); |
135 | | #endif |
136 | 0 | } |
137 | | |
138 | 0 | *len = s->s3->previous_client_finished_len + 1; |
139 | |
|
140 | 0 | return 1; |
141 | 0 | } |
142 | | |
143 | | /* |
144 | | * Parse the client's renegotiation binding and abort if it's not right |
145 | | */ |
146 | | int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, |
147 | | int *al) |
148 | 0 | { |
149 | 0 | int ilen; |
150 | | |
151 | | /* Parse the length byte */ |
152 | 0 | if (len < 1) { |
153 | 0 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, |
154 | 0 | SSL_R_RENEGOTIATION_ENCODING_ERR); |
155 | 0 | *al = SSL_AD_ILLEGAL_PARAMETER; |
156 | 0 | return 0; |
157 | 0 | } |
158 | 0 | ilen = *d; |
159 | 0 | d++; |
160 | | |
161 | | /* Consistency check */ |
162 | 0 | if ((ilen + 1) != len) { |
163 | 0 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, |
164 | 0 | SSL_R_RENEGOTIATION_ENCODING_ERR); |
165 | 0 | *al = SSL_AD_ILLEGAL_PARAMETER; |
166 | 0 | return 0; |
167 | 0 | } |
168 | | |
169 | | /* Check that the extension matches */ |
170 | 0 | if (ilen != s->s3->previous_client_finished_len) { |
171 | 0 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, |
172 | 0 | SSL_R_RENEGOTIATION_MISMATCH); |
173 | 0 | *al = SSL_AD_HANDSHAKE_FAILURE; |
174 | 0 | return 0; |
175 | 0 | } |
176 | | |
177 | 0 | if (memcmp(d, s->s3->previous_client_finished, |
178 | 0 | s->s3->previous_client_finished_len)) { |
179 | 0 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, |
180 | 0 | SSL_R_RENEGOTIATION_MISMATCH); |
181 | 0 | *al = SSL_AD_HANDSHAKE_FAILURE; |
182 | 0 | return 0; |
183 | 0 | } |
184 | | #ifdef OPENSSL_RI_DEBUG |
185 | | fprintf(stderr, "%s RI extension received by server\n", |
186 | | ilen ? "Non-empty" : "Empty"); |
187 | | #endif |
188 | | |
189 | 0 | s->s3->send_connection_binding = 1; |
190 | |
|
191 | 0 | return 1; |
192 | 0 | } |
193 | | |
194 | | /* Add the server's renegotiation binding */ |
195 | | int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, |
196 | | int maxlen) |
197 | 0 | { |
198 | 0 | if (p) { |
199 | 0 | if ((s->s3->previous_client_finished_len + |
200 | 0 | s->s3->previous_server_finished_len + 1) > maxlen) { |
201 | 0 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, |
202 | 0 | SSL_R_RENEGOTIATE_EXT_TOO_LONG); |
203 | 0 | return 0; |
204 | 0 | } |
205 | | |
206 | | /* Length byte */ |
207 | 0 | *p = s->s3->previous_client_finished_len + |
208 | 0 | s->s3->previous_server_finished_len; |
209 | 0 | p++; |
210 | |
|
211 | 0 | memcpy(p, s->s3->previous_client_finished, |
212 | 0 | s->s3->previous_client_finished_len); |
213 | 0 | p += s->s3->previous_client_finished_len; |
214 | |
|
215 | 0 | memcpy(p, s->s3->previous_server_finished, |
216 | 0 | s->s3->previous_server_finished_len); |
217 | | #ifdef OPENSSL_RI_DEBUG |
218 | | fprintf(stderr, "%s RI extension sent by server\n", |
219 | | s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); |
220 | | #endif |
221 | 0 | } |
222 | | |
223 | 0 | *len = s->s3->previous_client_finished_len |
224 | 0 | + s->s3->previous_server_finished_len + 1; |
225 | |
|
226 | 0 | return 1; |
227 | 0 | } |
228 | | |
229 | | /* |
230 | | * Parse the server's renegotiation binding and abort if it's not right |
231 | | */ |
232 | | int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, |
233 | | int *al) |
234 | 0 | { |
235 | 0 | int expected_len = s->s3->previous_client_finished_len |
236 | 0 | + s->s3->previous_server_finished_len; |
237 | 0 | int ilen; |
238 | | |
239 | | /* Check for logic errors */ |
240 | 0 | OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len); |
241 | 0 | OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len); |
242 | | |
243 | | /* Parse the length byte */ |
244 | 0 | if (len < 1) { |
245 | 0 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
246 | 0 | SSL_R_RENEGOTIATION_ENCODING_ERR); |
247 | 0 | *al = SSL_AD_ILLEGAL_PARAMETER; |
248 | 0 | return 0; |
249 | 0 | } |
250 | 0 | ilen = *d; |
251 | 0 | d++; |
252 | | |
253 | | /* Consistency check */ |
254 | 0 | if (ilen + 1 != len) { |
255 | 0 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
256 | 0 | SSL_R_RENEGOTIATION_ENCODING_ERR); |
257 | 0 | *al = SSL_AD_ILLEGAL_PARAMETER; |
258 | 0 | return 0; |
259 | 0 | } |
260 | | |
261 | | /* Check that the extension matches */ |
262 | 0 | if (ilen != expected_len) { |
263 | 0 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
264 | 0 | SSL_R_RENEGOTIATION_MISMATCH); |
265 | 0 | *al = SSL_AD_HANDSHAKE_FAILURE; |
266 | 0 | return 0; |
267 | 0 | } |
268 | | |
269 | 0 | if (memcmp(d, s->s3->previous_client_finished, |
270 | 0 | s->s3->previous_client_finished_len)) { |
271 | 0 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
272 | 0 | SSL_R_RENEGOTIATION_MISMATCH); |
273 | 0 | *al = SSL_AD_HANDSHAKE_FAILURE; |
274 | 0 | return 0; |
275 | 0 | } |
276 | 0 | d += s->s3->previous_client_finished_len; |
277 | |
|
278 | 0 | if (memcmp(d, s->s3->previous_server_finished, |
279 | 0 | s->s3->previous_server_finished_len)) { |
280 | 0 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, |
281 | 0 | SSL_R_RENEGOTIATION_MISMATCH); |
282 | 0 | *al = SSL_AD_ILLEGAL_PARAMETER; |
283 | 0 | return 0; |
284 | 0 | } |
285 | | #ifdef OPENSSL_RI_DEBUG |
286 | | fprintf(stderr, "%s RI extension received by client\n", |
287 | | ilen ? "Non-empty" : "Empty"); |
288 | | #endif |
289 | 0 | s->s3->send_connection_binding = 1; |
290 | |
|
291 | 0 | return 1; |
292 | 0 | } |