mirror of
https://github.com/openssl/openssl.git
synced 2024-12-14 04:24:23 +08:00
Convert NextProto message construction to WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
parent
c49e191230
commit
15e6be6c5c
@ -2232,6 +2232,7 @@ int ERR_load_SSL_strings(void);
|
|||||||
# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358
|
# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358
|
||||||
# define SSL_F_TLS_CONSTRUCT_FINISHED 359
|
# define SSL_F_TLS_CONSTRUCT_FINISHED 359
|
||||||
# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373
|
# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373
|
||||||
|
# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 426
|
||||||
# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374
|
# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374
|
||||||
# define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375
|
# define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375
|
||||||
# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376
|
# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376
|
||||||
|
@ -257,6 +257,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
|
|||||||
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"},
|
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"},
|
||||||
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST),
|
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST),
|
||||||
"tls_construct_hello_request"},
|
"tls_construct_hello_request"},
|
||||||
|
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEXT_PROTO), "tls_construct_next_proto"},
|
||||||
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE),
|
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE),
|
||||||
"tls_construct_server_certificate"},
|
"tls_construct_server_certificate"},
|
||||||
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"},
|
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"},
|
||||||
|
@ -2895,22 +2895,42 @@ int ssl3_check_cert_and_algorithm(SSL *s)
|
|||||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||||
int tls_construct_next_proto(SSL *s)
|
int tls_construct_next_proto(SSL *s)
|
||||||
{
|
{
|
||||||
unsigned int len, padding_len;
|
size_t len, padding_len;
|
||||||
unsigned char *d;
|
unsigned char *padding = NULL;
|
||||||
|
WPACKET pkt;
|
||||||
|
|
||||||
|
if (!WPACKET_init(&pkt, s->init_buf)) {
|
||||||
|
/* Should not happen */
|
||||||
|
SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!ssl_set_handshake_header2(s, &pkt, SSL3_MT_NEXT_PROTO)) {
|
||||||
|
SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
len = s->next_proto_negotiated_len;
|
len = s->next_proto_negotiated_len;
|
||||||
padding_len = 32 - ((len + 2) % 32);
|
padding_len = 32 - ((len + 2) % 32);
|
||||||
d = (unsigned char *)s->init_buf->data;
|
|
||||||
d[4] = len;
|
if (!WPACKET_sub_memcpy_u8(&pkt, s->next_proto_negotiated, len)
|
||||||
memcpy(d + 5, s->next_proto_negotiated, len);
|
|| !WPACKET_sub_allocate_bytes_u8(&pkt, padding_len, &padding)) {
|
||||||
d[5 + len] = padding_len;
|
SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
|
||||||
memset(d + 6 + len, 0, padding_len);
|
goto err;
|
||||||
*(d++) = SSL3_MT_NEXT_PROTO;
|
}
|
||||||
l2n3(2 + len + padding_len, d);
|
|
||||||
s->init_num = 4 + 2 + len + padding_len;
|
memset(padding, 0, padding_len);
|
||||||
s->init_off = 0;
|
|
||||||
|
if (!ssl_close_construct_packet(s, &pkt)) {
|
||||||
|
SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
|
err:
|
||||||
|
WPACKET_cleanup(&pkt);
|
||||||
|
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user