diff options
| author | Jung-uk Kim <jkim@FreeBSD.org> | 2019-02-26 18:06:51 +0000 |
|---|---|---|
| committer | Jung-uk Kim <jkim@FreeBSD.org> | 2019-02-26 18:06:51 +0000 |
| commit | 851f7386fd78b9787f4f6669ad271886a2a003f1 (patch) | |
| tree | 952920d27fdcd105b7f77b6e5fef3fedae8f74ea /ssl/statem/statem_clnt.c | |
| parent | 8c3f9abd70b3f447a4795c1b00b386b044fb322d (diff) | |
| download | src-851f7386fd78b9787f4f6669ad271886a2a003f1.tar.gz src-851f7386fd78b9787f4f6669ad271886a2a003f1.zip | |
Import OpenSSL 1.1.1b.vendor/openssl/1.1.1b
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=344595
svn path=/vendor-crypto/openssl/1.1.1b/; revision=344596; tag=vendor/openssl/1.1.1b
Diffstat (limited to 'ssl/statem/statem_clnt.c')
| -rw-r--r-- | ssl/statem/statem_clnt.c | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 0a11b88183e3..e56d24dfff60 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1112,13 +1112,6 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) SSL_SESSION *sess = s->session; unsigned char *session_id; - if (!WPACKET_set_max_size(pkt, SSL3_RT_MAX_PLAIN_LENGTH)) { - /* Should not happen */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - return 0; - } - /* Work out what SSL/TLS/DTLS version to use */ protverr = ssl_set_client_hello_version(s); if (protverr != 0) { @@ -1714,6 +1707,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) if (SSL_IS_DTLS(s) && s->hit) { unsigned char sctpauthkey[64]; char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; + size_t labellen; /* * Add new shared key for SCTP-Auth, will be ignored if @@ -1722,10 +1716,15 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, sizeof(DTLS1_SCTP_AUTH_LABEL)); + /* Don't include the terminating zero. */ + labellen = sizeof(labelbuffer) - 1; + if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG) + labellen += 1; + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0) <= 0) { + labellen, NULL, 0, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, ERR_R_INTERNAL_ERROR); goto err; @@ -2353,7 +2352,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) } #ifdef SSL_DEBUG if (SSL_USE_SIGALGS(s)) - fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); + fprintf(stderr, "USING TLSv1.2 HASH %s\n", + md == NULL ? "n/a" : EVP_MD_name(md)); #endif if (!PACKET_get_length_prefixed_2(pkt, &signature) @@ -2739,7 +2739,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) PACKET_data(&nonce), PACKET_remaining(&nonce), s->session->master_key, - hashlen)) { + hashlen, 1)) { /* SSLfatal() already called */ goto err; } @@ -3403,6 +3403,7 @@ int tls_client_key_exchange_post_work(SSL *s) if (SSL_IS_DTLS(s)) { unsigned char sctpauthkey[64]; char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; + size_t labellen; /* * Add new shared key for SCTP-Auth, will be ignored if no SCTP @@ -3411,9 +3412,14 @@ int tls_client_key_exchange_post_work(SSL *s) memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, sizeof(DTLS1_SCTP_AUTH_LABEL)); + /* Don't include the terminating zero. */ + labellen = sizeof(labelbuffer) - 1; + if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG) + labellen += 1; + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0) <= 0) { + labellen, NULL, 0, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_INTERNAL_ERROR); |