aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/t1_lib.c
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2014-06-06 20:59:29 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2014-06-06 20:59:29 +0000
commit2e22f5e2e00c1f1f599b03634ca27bb5b9ac471e (patch)
treea707d3fdb02faa3d4423773ae7b606febaa5e786 /ssl/t1_lib.c
parent06369e3974fbc83d3778807c090fbe69f20a27d4 (diff)
downloadsrc-2e22f5e2e00c1f1f599b03634ca27bb5b9ac471e.tar.gz
src-2e22f5e2e00c1f1f599b03634ca27bb5b9ac471e.zip
Import OpenSSL 1.0.1h.vendor/openssl/1.0.1h
Approved by: so (delphij)
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=267188 svn path=/vendor-crypto/openssl/1.0.1h/; revision=267189; tag=vendor/openssl/1.0.1h
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r--ssl/t1_lib.c45
1 files changed, 24 insertions, 21 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index bddffd92cc04..3b8d5153eb6f 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -617,6 +617,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
#ifndef OPENSSL_NO_HEARTBEATS
/* Add Heartbeat extension */
+ if ((limit - ret - 4 - 1) < 0)
+ return NULL;
s2n(TLSEXT_TYPE_heartbeat,ret);
s2n(1,ret);
/* Set mode:
@@ -661,36 +663,35 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
ret += el;
}
#endif
-
-#ifdef TLSEXT_TYPE_padding
/* Add padding to workaround bugs in F5 terminators.
* See https://tools.ietf.org/html/draft-agl-tls-padding-03
*
* NB: because this code works out the length of all existing
* extensions it MUST always appear last.
*/
- {
- int hlen = ret - (unsigned char *)s->init_buf->data;
- /* The code in s23_clnt.c to build ClientHello messages includes the
- * 5-byte record header in the buffer, while the code in s3_clnt.c does
- * not. */
- if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
- hlen -= 5;
- if (hlen > 0xff && hlen < 0x200)
+ if (s->options & SSL_OP_TLSEXT_PADDING)
{
- hlen = 0x200 - hlen;
- if (hlen >= 4)
- hlen -= 4;
- else
- hlen = 0;
+ int hlen = ret - (unsigned char *)s->init_buf->data;
+ /* The code in s23_clnt.c to build ClientHello messages
+ * includes the 5-byte record header in the buffer, while
+ * the code in s3_clnt.c does not.
+ */
+ if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+ hlen -= 5;
+ if (hlen > 0xff && hlen < 0x200)
+ {
+ hlen = 0x200 - hlen;
+ if (hlen >= 4)
+ hlen -= 4;
+ else
+ hlen = 0;
- s2n(TLSEXT_TYPE_padding, ret);
- s2n(hlen, ret);
- memset(ret, 0, hlen);
- ret += hlen;
+ s2n(TLSEXT_TYPE_padding, ret);
+ s2n(hlen, ret);
+ memset(ret, 0, hlen);
+ ret += hlen;
+ }
}
- }
-#endif
if ((extdatalen = ret-p-2)== 0)
return p;
@@ -845,6 +846,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
/* Add Heartbeat extension if we've received one */
if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED)
{
+ if ((limit - ret - 4 - 1) < 0)
+ return NULL;
s2n(TLSEXT_TYPE_heartbeat,ret);
s2n(1,ret);
/* Set mode: