-/* ssl/statem/statem_srvr.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
goto f_err;
}
+ if (session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+
if (!PACKET_get_sub_packet(pkt, &cipher_suites, cipher_len)
|| !PACKET_get_sub_packet(pkt, &session_id, session_id_len)
|| !PACKET_get_sub_packet(pkt, &challenge, challenge_len)
goto f_err;
}
+ if (PACKET_remaining(&session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+
if (SSL_IS_DTLS(s)) {
if (!PACKET_get_length_prefixed_1(pkt, &cookie)) {
al = SSL_AD_DECODE_ERROR;
unsigned long alg_k;
#ifndef OPENSSL_NO_RSA
RSA *rsa = NULL;
- EVP_PKEY *pkey = NULL;
#endif
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY *ckey = NULL;
size_t j;
/* FIX THIS UP EAY EAY EAY EAY */
- pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
- if ((pkey == NULL) ||
- (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) {
+ rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey);
+ if (rsa == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
SSL_R_MISSING_RSA_CERTIFICATE);
goto f_err;
}
- rsa = pkey->pkey.rsa;
/* SSLv3 and pre-standard DTLS omit the length bytes. */
if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {
* length field (CryptoPro implementations at least till CSP 4.0)
*/
#ifndef OPENSSL_NO_GOST
- if (PACKET_remaining(pkt) == 64 && pkey->type == NID_id_GostR3410_2001) {
+ if (PACKET_remaining(pkt) == 64
+ && EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) {
len = 64;
} else
#endif
}
#ifndef OPENSSL_NO_GOST
- if (pkey->type == NID_id_GostR3410_2001
- || pkey->type == NID_id_GostR3410_2012_256
- || pkey->type == NID_id_GostR3410_2012_512) {
- BUF_reverse(data, NULL, len);
+ {
+ int pktype = EVP_PKEY_id(pkey);
+ if (pktype == NID_id_GostR3410_2001
+ || pktype == NID_id_GostR3410_2012_256
+ || pktype == NID_id_GostR3410_2012_512)
+ BUF_reverse(data, NULL, len);
}
#endif