aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssl/ssl/ssl_rsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/ssl/ssl_rsa.c')
-rw-r--r--crypto/openssl/ssl/ssl_rsa.c83
1 files changed, 61 insertions, 22 deletions
diff --git a/crypto/openssl/ssl/ssl_rsa.c b/crypto/openssl/ssl/ssl_rsa.c
index 6457c0c0efa3..2df07bea6782 100644
--- a/crypto/openssl/ssl/ssl_rsa.c
+++ b/crypto/openssl/ssl/ssl_rsa.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -727,6 +727,34 @@ static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type,
return 1;
}
+static size_t extension_contextoff(unsigned int version)
+{
+ return version == SSL_SERVERINFOV1 ? 4 : 0;
+}
+
+static size_t extension_append_length(unsigned int version, size_t extension_length)
+{
+ return extension_length + extension_contextoff(version);
+}
+
+static void extension_append(unsigned int version,
+ const unsigned char *extension,
+ const size_t extension_length,
+ unsigned char *serverinfo)
+{
+ const size_t contextoff = extension_contextoff(version);
+
+ if (contextoff > 0) {
+ /* We know this only uses the last 2 bytes */
+ serverinfo[0] = 0;
+ serverinfo[1] = 0;
+ serverinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff;
+ serverinfo[3] = SYNTHV1CONTEXT & 0xff;
+ }
+
+ memcpy(serverinfo + contextoff, extension, extension_length);
+}
+
static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
size_t inlen, int *al, void *arg)
@@ -842,12 +870,36 @@ int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
const unsigned char *serverinfo,
size_t serverinfo_length)
{
- unsigned char *new_serverinfo;
+ unsigned char *new_serverinfo = NULL;
if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
+ if (version == SSL_SERVERINFOV1) {
+ /*
+ * Convert serverinfo version v1 to v2 and call yourself recursively
+ * over the converted serverinfo.
+ */
+ const size_t sinfo_length = extension_append_length(SSL_SERVERINFOV1,
+ serverinfo_length);
+ unsigned char *sinfo;
+ int ret;
+
+ sinfo = OPENSSL_malloc(sinfo_length);
+ if (sinfo == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ extension_append(SSL_SERVERINFOV1, serverinfo, serverinfo_length, sinfo);
+
+ ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, sinfo,
+ sinfo_length);
+
+ OPENSSL_free(sinfo);
+ return ret;
+ }
if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
NULL)) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA);
@@ -899,7 +951,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
char namePrefix2[] = "SERVERINFOV2 FOR ";
int ret = 0;
BIO *bin = NULL;
- size_t num_extensions = 0, contextoff = 0;
+ size_t num_extensions = 0;
if (ctx == NULL || file == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PASSED_NULL_PARAMETER);
@@ -918,6 +970,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
for (num_extensions = 0;; num_extensions++) {
unsigned int version;
+ size_t append_length;
if (PEM_read_bio(bin, &name, &header, &extension, &extension_length)
== 0) {
@@ -962,11 +1015,6 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
goto end;
}
- /*
- * File does not have a context value so we must take account of
- * this later.
- */
- contextoff = 4;
} else {
/* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */
if (extension_length < 8
@@ -977,25 +1025,16 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
}
}
/* Append the decoded extension to the serverinfo buffer */
- tmp = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length
- + contextoff);
+ append_length = extension_append_length(version, extension_length);
+ tmp = OPENSSL_realloc(serverinfo, serverinfo_length + append_length);
if (tmp == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE);
goto end;
}
serverinfo = tmp;
- if (contextoff > 0) {
- unsigned char *sinfo = serverinfo + serverinfo_length;
-
- /* We know this only uses the last 2 bytes */
- sinfo[0] = 0;
- sinfo[1] = 0;
- sinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff;
- sinfo[3] = SYNTHV1CONTEXT & 0xff;
- }
- memcpy(serverinfo + serverinfo_length + contextoff,
- extension, extension_length);
- serverinfo_length += extension_length + contextoff;
+ extension_append(version, extension, extension_length,
+ serverinfo + serverinfo_length);
+ serverinfo_length += append_length;
OPENSSL_free(name);
name = NULL;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 23:39:48 +0000