diff options
Diffstat (limited to 'extra/yassl/src/yassl_imp.cpp')
-rw-r--r-- | extra/yassl/src/yassl_imp.cpp | 41 |
1 files changed, 22 insertions, 19 deletions
diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp index d981605d35a..6d2549749f2 100644 --- a/extra/yassl/src/yassl_imp.cpp +++ b/extra/yassl/src/yassl_imp.cpp @@ -117,7 +117,7 @@ void ClientDiffieHellmanPublic::build(SSL& ssl) if (*dhClient.get_agreedKey() == 0) ssl.set_preMaster(dhClient.get_agreedKey() + 1, keyLength - 1); else - ssl.set_preMaster(dhClient.get_agreedKey(), keyLength); + ssl.set_preMaster(dhClient.get_agreedKey(), keyLength); } @@ -135,8 +135,7 @@ void DH_Server::build(SSL& ssl) mySTL::auto_ptr<Auth> auth; const CertManager& cert = ssl.getCrypto().get_certManager(); - if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo) - { + if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo) { if (cert.get_keyType() != rsa_sa_algo) { ssl.SetError(privateKey_error); return; @@ -925,8 +924,6 @@ Data::Data(uint16 len, opaque* b) void Data::SetData(uint16 len, const opaque* buffer) { - assert(write_buffer_ == 0); - length_ = len; write_buffer_ = buffer; } @@ -992,6 +989,11 @@ void Data::Process(input_buffer& input, SSL& ssl) int dataSz = msgSz - ivExtra - digestSz - pad - padSz; opaque verify[SHA_LEN]; + if (dataSz < 0) { + ssl.SetError(bad_input); + return; + } + const byte* rawData = input.get_buffer() + input.get_current(); // read data @@ -1006,10 +1008,10 @@ void Data::Process(input_buffer& input, SSL& ssl) tmp.get_buffer(), tmp.get_size())); } else { - input_buffer* data; - ssl.addData(data = NEW_YS input_buffer(dataSz)); - input.read(data->get_buffer(), dataSz); - data->add_size(dataSz); + input_buffer* data; + ssl.addData(data = NEW_YS input_buffer(dataSz)); + input.read(data->get_buffer(), dataSz); + data->add_size(dataSz); } if (ssl.isTLS()) @@ -1294,12 +1296,11 @@ void ServerHello::Process(input_buffer&, SSL& ssl) ssl.set_pending(cipher_suite_[1]); ssl.set_random(random_, server_end); if (id_len_) - ssl.set_sessionID(session_id_); + ssl.set_sessionID(session_id_); else ssl.useSecurity().use_connection().sessionID_Set_ = false; - if (ssl.getSecurity().get_resuming()) - { + if (ssl.getSecurity().get_resuming()) { if (memcmp(session_id_, ssl.getSecurity().get_resume().GetID(), ID_LEN) == 0) { ssl.set_masterSecret(ssl.getSecurity().get_resume().GetSecret()); @@ -1423,7 +1424,7 @@ input_buffer& operator>>(input_buffer& input, ClientHello& hello) if (hello.id_len_) input.read(hello.session_id_, ID_LEN); // Suites - byte tmp[2]; + byte tmp[2]; uint16 len; tmp[0] = input[AUTO]; tmp[1] = input[AUTO]; @@ -1431,8 +1432,8 @@ input_buffer& operator>>(input_buffer& input, ClientHello& hello) hello.suite_len_ = min(len, static_cast<uint16>(MAX_SUITE_SZ)); input.read(hello.cipher_suites_, hello.suite_len_); - if (len > hello.suite_len_) // ignore extra suites - input.set_current(input.get_current() + len - hello.suite_len_); + if (len > hello.suite_len_) // ignore extra suites + input.set_current(input.get_current() + len - hello.suite_len_); // Compression hello.comp_len_ = input[AUTO]; @@ -1496,8 +1497,9 @@ void ClientHello::Process(input_buffer&, SSL& ssl) if (ssl.GetMultiProtocol()) { // SSLv23 support if (ssl.isTLS() && client_version_.minor_ < 1) { // downgrade to SSLv3 - ssl.useSecurity().use_connection().TurnOffTLS(); - ProtocolVersion pv = ssl.getSecurity().get_connection().version_; + ssl.useSecurity().use_connection().TurnOffTLS(); + + ProtocolVersion pv = ssl.getSecurity().get_connection().version_; bool removeDH = ssl.getSecurity().get_parms().removeDH_; bool removeRSA = false; bool removeDSA = false; @@ -1511,7 +1513,7 @@ void ClientHello::Process(input_buffer&, SSL& ssl) // reset w/ SSL suites ssl.useSecurity().use_parms().SetSuites(pv, removeDH, removeRSA, removeDSA); - } + } else if (ssl.isTLSv1_1() && client_version_.minor_ == 1) // downgrade to TLSv1, but use same suites ssl.useSecurity().use_connection().TurnOffTLS1_1(); @@ -1542,6 +1544,7 @@ void ClientHello::Process(input_buffer&, SSL& ssl) ssl.set_session(session); ssl.useSecurity().set_resuming(true); ssl.matchSuite(session->GetSuite(), SUITE_LEN); + if (ssl.GetError()) return; ssl.set_pending(ssl.getSecurity().get_parms().suite_[1]); ssl.set_masterSecret(session->GetSecret()); @@ -2038,7 +2041,7 @@ void Finished::Process(input_buffer& input, SSL& ssl) // verify hashes const Finished& verify = ssl.getHashes().get_verify(); uint finishedSz = ssl.isTLS() ? TLS_FINISHED_SZ : FINISHED_SZ; - + input.read(hashes_.md5_, finishedSz); if (memcmp(&hashes_, &verify.hashes_, finishedSz)) { |