Commit 8045316e authored by Tim Taubert's avatar Tim Taubert

Bug 1320326 - Make ssl3_ConsumeHandshakeNumber() return a SECStatus and take a...

Bug 1320326 - Make ssl3_ConsumeHandshakeNumber() return a SECStatus and take a pointer argument r=mt

Differential Revision: https://nss-review.dev.mozaws.net/D97
parent bab54a99
This diff is collapsed.
......@@ -171,15 +171,15 @@ ssl3_ParseExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length)
while (*length) {
SECStatus rv;
PRInt32 extension_type;
PRUint32 extension_type;
SECItem extension_data = { siBuffer, NULL, 0 };
TLSExtension *extension;
PRCList *cursor;
/* Get the extension's type field */
extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length);
if (extension_type < 0) { /* failure to decode extension_type */
return SECFailure; /* alert already sent */
rv = ssl3_ConsumeHandshakeNumber(ss, &extension_type, 2, b, length);
if (rv != SECSuccess) {
return SECFailure; /* alert already sent */
}
SSL_TRC(10, ("%d: SSL3[%d]: parsing extension %d",
......@@ -505,22 +505,22 @@ ssl3_ExtDecodeError(const sslSocket *ss)
}
SECStatus
ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRInt32 bytes,
ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRUint32 bytes,
SSL3Opaque **b, PRUint32 *length)
{
return ssl3_ConsumeHandshake((sslSocket *)ss, v, bytes, b, length);
}
PRInt32
ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRInt32 bytes,
SSL3Opaque **b, PRUint32 *length)
SECStatus
ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRUint32 *num,
PRUint32 bytes, SSL3Opaque **b, PRUint32 *length)
{
return ssl3_ConsumeHandshakeNumber((sslSocket *)ss, bytes, b, length);
return ssl3_ConsumeHandshakeNumber((sslSocket *)ss, num, bytes, b, length);
}
SECStatus
ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i,
PRInt32 bytes, SSL3Opaque **b,
PRUint32 bytes, SSL3Opaque **b,
PRUint32 *length)
{
return ssl3_ConsumeHandshakeVariable((sslSocket *)ss, i, bytes, b, length);
......
......@@ -145,12 +145,13 @@ SECStatus ssl3_ExtAppendHandshakeVariable(const sslSocket *ss,
void ssl3_ExtSendAlert(const sslSocket *ss, SSL3AlertLevel level,
SSL3AlertDescription desc);
void ssl3_ExtDecodeError(const sslSocket *ss);
SECStatus ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRInt32 bytes,
SECStatus ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRUint32 bytes,
SSL3Opaque **b, PRUint32 *length);
PRInt32 ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRInt32 bytes,
SSL3Opaque **b, PRUint32 *length);
SECStatus ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRUint32 *num,
PRUint32 bytes, SSL3Opaque **b,
PRUint32 *length);
SECStatus ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i,
PRInt32 bytes, SSL3Opaque **b,
PRUint32 bytes, SSL3Opaque **b,
PRUint32 *length);
#endif
This diff is collapsed.
......@@ -1645,12 +1645,13 @@ extern SECStatus ssl3_AppendHandshakeVariable(sslSocket *ss,
const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize);
extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(
sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash);
extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes,
extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRUint32 bytes,
SSL3Opaque **b, PRUint32 *length);
extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes,
SSL3Opaque **b, PRUint32 *length);
extern SECStatus ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRUint32 *num,
PRUint32 bytes, SSL3Opaque **b,
PRUint32 *length);
extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i,
PRInt32 bytes, SSL3Opaque **b,
PRUint32 bytes, SSL3Opaque **b,
PRUint32 *length);
extern PRUint8 *ssl_EncodeUintX(PRUint64 value, unsigned int bytes,
PRUint8 *to);
......
......@@ -1669,7 +1669,7 @@ SECStatus
tls13_HandleHelloRetryRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
{
SECStatus rv;
PRInt32 tmp;
PRUint32 tmp;
SSL3ProtocolVersion version;
SSL_TRC(3, ("%d: TLS13[%d]: handle hello retry request",
......@@ -1718,8 +1718,8 @@ tls13_HandleHelloRetryRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
}
/* Extensions. */
tmp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
if (tmp < 0) {
rv = ssl3_ConsumeHandshakeNumber(ss, &tmp, 2, &b, &length);
if (rv != SECSuccess) {
return SECFailure; /* error code already set */
}
/* Extensions must be non-empty and use the remainder of the message.
......@@ -1757,7 +1757,7 @@ tls13_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
TLS13CertificateRequest *certRequest = NULL;
SECItem context = { siBuffer, NULL, 0 };
PLArenaPool *arena;
PRInt32 extensionsLength;
PRUint32 extensionsLength;
SSL_TRC(3, ("%d: TLS13[%d]: handle certificate_request sequence",
SSL_GETPID(), ss->fd));
......@@ -1816,8 +1816,8 @@ tls13_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
goto loser; /* alert already sent */
/* Verify that the extensions length is correct. */
extensionsLength = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
if (extensionsLength < 0) {
rv = ssl3_ConsumeHandshakeNumber(ss, &extensionsLength, 2, &b, &length);
if (rv != SECSuccess) {
goto loser; /* alert already sent */
}
if (extensionsLength != length) {
......@@ -3008,7 +3008,7 @@ static SECStatus
tls13_HandleEncryptedExtensions(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
{
SECStatus rv;
PRInt32 innerLength;
PRUint32 innerLength;
SECItem oldNpn = { siBuffer, NULL, 0 };
PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
......@@ -3023,8 +3023,8 @@ tls13_HandleEncryptedExtensions(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
return SECFailure;
}
innerLength = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
if (innerLength < 0) {
rv = ssl3_ConsumeHandshakeNumber(ss, &innerLength, 2, &b, &length);
if (rv != SECSuccess) {
return SECFailure; /* Alert already sent. */
}
if (innerLength != length) {
......@@ -3843,7 +3843,6 @@ static SECStatus
tls13_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
{
SECStatus rv;
PRInt32 tmp;
PRUint32 utmp;
NewSessionTicket ticket = { 0 };
SECItem data;
......@@ -3864,13 +3863,13 @@ tls13_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
}
ticket.received_timestamp = ssl_Time();
tmp = ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length);
if (tmp < 0) {
rv = ssl3_ConsumeHandshakeNumber(ss, &ticket.ticket_lifetime_hint, 4, &b,
&length);
if (rv != SECSuccess) {
FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET,
decode_error);
return SECFailure;
}
ticket.ticket_lifetime_hint = (PRUint32)tmp;
ticket.ticket.type = siBuffer;
rv = ssl3_ConsumeHandshake(ss, &utmp, sizeof(utmp),
......
......@@ -208,13 +208,13 @@ static SECStatus
tls13_HandleKeyShareEntry(const sslSocket *ss, TLSExtensionData *xtnData, SECItem *data)
{
SECStatus rv;
PRInt32 group;
PRUint32 group;
const sslNamedGroupDef *groupDef;
TLS13KeyShareEntry *ks = NULL;
SECItem share = { siBuffer, NULL, 0 };
group = ssl3_ExtConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
if (group < 0) {
rv = ssl3_ExtConsumeHandshakeNumber(ss, &group, 2, &data->data, &data->len);
if (rv != SECSuccess) {
PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE);
goto loser;
}
......@@ -285,7 +285,7 @@ SECStatus
tls13_ClientHandleKeyShareXtnHrr(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
{
SECStatus rv;
PRInt32 tmp;
PRUint32 tmp;
const sslNamedGroupDef *group;
PORT_Assert(!ss->sec.isServer);
......@@ -294,8 +294,8 @@ tls13_ClientHandleKeyShareXtnHrr(const sslSocket *ss, TLSExtensionData *xtnData,
SSL_TRC(3, ("%d: SSL3[%d]: handle key_share extension in HRR",
SSL_GETPID(), ss->fd));
tmp = ssl3_ExtConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
if (tmp < 0) {
rv = ssl3_ExtConsumeHandshakeNumber(ss, &tmp, 2, &data->data, &data->len);
if (rv != SECSuccess) {
return SECFailure; /* error code already set */
}
if (data->len) {
......@@ -335,7 +335,7 @@ SECStatus
tls13_ServerHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
{
SECStatus rv;
PRInt32 length;
PRUint32 length;
PORT_Assert(ss->sec.isServer);
PORT_Assert(PR_CLIST_IS_EMPTY(&xtnData->remoteKeyShares));
......@@ -349,9 +349,9 @@ tls13_ServerHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PR
/* Redundant length because of TLS encoding (this vector consumes
* the entire extension.) */
length = ssl3_ExtConsumeHandshakeNumber(ss, 2, &data->data,
&data->len);
if (length < 0)
rv = ssl3_ExtConsumeHandshakeNumber(ss, &length, 2, &data->data,
&data->len);
if (rv != SECSuccess)
goto loser;
if (length != data->len) {
/* Check for consistency */
......@@ -684,7 +684,8 @@ SECStatus
tls13_ClientHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
SECItem *data)
{
PRInt32 index;
PRUint32 index;
SECStatus rv;
SSL_TRC(3, ("%d: SSL3[%d]: handle pre_shared_key extension",
SSL_GETPID(), ss->fd));
......@@ -694,8 +695,8 @@ tls13_ClientHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData
return SECSuccess;
}
index = ssl3_ExtConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
if (index < 0)
rv = ssl3_ExtConsumeHandshakeNumber(ss, &index, 2, &data->data, &data->len);
if (rv != SECSuccess)
return SECFailure;
/* This should be the end of the extension. */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment