return 0;
}
+/*
+ * Maximum size (excluding the Handshake header) of a ClientHello message,
+ * calculated as follows:
+ *
+ * 2 + # client_version
+ * 32 + # only valid length for random
+ * 1 + # length of session_id
+ * 32 + # maximum size for session_id
+ * 2 + # length of cipher suites
+ * 2^16-2 + # maximum length of cipher suites array
+ * 1 + # length of compression_methods
+ * 2^8-1 + # maximum length of compression methods
+ * 2 + # length of extensions
+ * 2^16-1 # maximum length of extensions
+ */
+#define CLIENT_HELLO_MAX_LENGTH 131396
+
#define CLIENT_KEY_EXCH_MAX_LENGTH 2048
#define NEXT_PROTO_MAX_LENGTH 514
switch(st->hand_state) {
case TLS_ST_SR_CLNT_HELLO:
- return SSL3_RT_MAX_PLAIN_LENGTH;
+ return CLIENT_HELLO_MAX_LENGTH;
case TLS_ST_SR_CERT:
return s->max_cert_list;
/* |cookie| will only be initialized for DTLS. */
PACKET session_id, cipher_suites, compression, extensions, cookie;
int is_v2_record;
+ static const unsigned char null_compression = 0;
is_v2_record = RECORD_LAYER_is_sslv2_record(&s->rlayer);
goto f_err;
}
- /* Load the client random */
+ /* Load the client random and compression list. */
challenge_len = challenge_len > SSL3_RANDOM_SIZE ? SSL3_RANDOM_SIZE :
challenge_len;
memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE);
if (!PACKET_copy_bytes(&challenge,
s->s3->client_random + SSL3_RANDOM_SIZE -
- challenge_len, challenge_len)) {
+ challenge_len, challenge_len)
+ /* Advertise only null compression. */
+ || !PACKET_buf_init(&compression, &null_compression, 1)) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
- PACKET_null_init(&compression);
PACKET_null_init(&extensions);
} else {
/* Regular ClientHello. */
if (k >= complen) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
- SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
+ SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING);
goto f_err;
}
} else if (s->hit)
EVP_PKEY_free(pkdh);
pkdh = NULL;
- r[0] = dh->p;
- r[1] = dh->g;
- r[2] = dh->pub_key;
+ DH_get0_pqg(dh, &r[0], NULL, &r[1]);
+ DH_get0_key(dh, &r[2], NULL);
} else
#endif
#ifndef OPENSSL_NO_EC
EVP_PKEY *ckey = NULL;
#endif
PACKET enc_premaster;
- const unsigned char *data;
unsigned char *rsa_decrypt = NULL;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
EVP_PKEY *skey = NULL;
DH *cdh;
unsigned int i;
+ BIGNUM *pub_key;
+ const unsigned char *data;
if (!PACKET_get_net_2(pkt, &i)) {
if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
goto err;
}
cdh = EVP_PKEY_get0_DH(ckey);
- cdh->pub_key = BN_bin2bn(data, i, NULL);
- if (cdh->pub_key == NULL) {
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
+ pub_key = BN_bin2bn(data, i, NULL);
+
+ if (pub_key == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ if (pub_key != NULL)
+ BN_free(pub_key);
goto err;
}
goto f_err;
} else {
unsigned int i;
+ const unsigned char *data;
/*
* Get client's public key from encoded point in the
#ifndef OPENSSL_NO_SRP
if (alg_k & SSL_kSRP) {
unsigned int i;
+ const unsigned char *data;
if (!PACKET_get_net_2(pkt, &i)
|| !PACKET_get_bytes(pkt, &data, i)) {
int Ttag, Tclass;
long Tlen;
long sess_key_len;
+ const unsigned char *data;
/* Get our certificate private key */
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
} else {
if (RAND_bytes(iv, 16) <= 0)
goto err;
- if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
+ if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
tctx->tlsext_tick_aes_key, iv))
goto err;
- if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
+ if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
+ sizeof(tctx->tlsext_tick_hmac_key),
EVP_sha256(), NULL))
goto err;
- memcpy(key_name, tctx->tlsext_tick_key_name, 16);
+ memcpy(key_name, tctx->tlsext_tick_key_name,
+ sizeof(tctx->tlsext_tick_key_name));
}
/*