Uncopy and unpaste dtls1_send_server_key_exchange(). Removes another 329

lines of code, while gaining bug fixes and SIGALGs support.

2 files changed, 3 insertions, 329 deletions

diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c
index 6e1c6d2ef93..768c39eb25d 100644
--- a/lib/libssl/src/ssl/d1_srvr.c
+++ b/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.61 2015/09/12 13:35:34 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.62 2015/09/12 14:28:23 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -387,7 +387,7 @@ dtls1_accept(SSL *s)
 			/* Only send if using a DH key exchange. */
 			if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
 				dtls1_start_timer(s);
-				ret = dtls1_send_server_key_exchange(s);
+				ret = ssl3_send_server_key_exchange(s);
 				if (ret <= 0)
 					goto end;
 			} else
@@ -700,331 +700,6 @@ dtls1_send_hello_verify_request(SSL *s)
 }
 
 int
-dtls1_send_server_key_exchange(SSL *s)
-{
-	unsigned char *q;
-	int j, num;
-	unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
-	unsigned int u;
-	DH *dh = NULL, *dhp;
-	EC_KEY *ecdh = NULL, *ecdhp;
-	unsigned char *encodedPoint = NULL;
-	int encodedlen = 0;
-	int curve_id = 0;
-	BN_CTX *bn_ctx = NULL;
-
-	EVP_PKEY *pkey;
-	unsigned char *p, *d;
-	int al, i;
-	unsigned long type;
-	int n;
-	CERT *cert;
-	BIGNUM *r[4];
-	int nr[4], kn;
-	BUF_MEM *buf;
-	EVP_MD_CTX md_ctx;
-
-	EVP_MD_CTX_init(&md_ctx);
-	if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
-		type = s->s3->tmp.new_cipher->algorithm_mkey;
-		cert = s->cert;
-
-		buf = s->init_buf;
-
-		r[0] = r[1] = r[2] = r[3] = NULL;
-		n = 0;
-
-		if (type & SSL_kDHE) {
-			dhp = cert->dh_tmp;
-			if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
-				dhp = s->cert->dh_tmp_cb(s, 0,
-				    SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher));
-			if (dhp == NULL) {
-				al = SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_DH_KEY);
-				goto f_err;
-			}
-
-			if (s->s3->tmp.dh != NULL) {
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-				goto err;
-			}
-
-			if ((dh = DHparams_dup(dhp)) == NULL) {
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
-				goto err;
-			}
-
-			s->s3->tmp.dh = dh;
-			if ((dhp->pub_key == NULL || dhp->priv_key == NULL ||
-			    (s->options & SSL_OP_SINGLE_DH_USE))) {
-				if (!DH_generate_key(dh)) {
-					SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-					ERR_R_DH_LIB);
-					goto err;
-				}
-			} else {
-				dh->pub_key = BN_dup(dhp->pub_key);
-				dh->priv_key = BN_dup(dhp->priv_key);
-				if ((dh->pub_key == NULL) ||
-				    (dh->priv_key == NULL)) {
-					SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
-					goto err;
-				}
-			}
-			r[0] = dh->p;
-			r[1] = dh->g;
-			r[2] = dh->pub_key;
-		} else if (type & SSL_kECDHE) {
-			const EC_GROUP *group;
-
-			ecdhp = cert->ecdh_tmp;
-			if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL)
-				ecdhp = s->cert->ecdh_tmp_cb(s, 0,
-				    SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher));
-			if (ecdhp == NULL) {
-				al = SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_ECDH_KEY);
-				goto f_err;
-			}
-
-			if (s->s3->tmp.ecdh != NULL) {
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-				goto err;
-			}
-
-			/* Duplicate the ECDH structure. */
-			if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-				goto err;
-			}
-			s->s3->tmp.ecdh = ecdh;
-
-			if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
-			    (EC_KEY_get0_private_key(ecdh) == NULL) ||
-			    (s->options & SSL_OP_SINGLE_ECDH_USE)) {
-				if (!EC_KEY_generate_key(ecdh)) {
-					SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-					goto err;
-				}
-			}
-
-			if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
-			    (EC_KEY_get0_public_key(ecdh)  == NULL) ||
-			    (EC_KEY_get0_private_key(ecdh) == NULL)) {
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-				goto err;
-			}
-
-			/* XXX: For now, we only support ephemeral ECDH
-			 * keys over named (not generic) curves. For
-			 * supported named curves, curve_id is non-zero.
-			 */
-			if ((curve_id = tls1_ec_nid2curve_id(
-			    EC_GROUP_get_curve_name(group))) == 0) {
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
-				goto err;
-			}
-
-			/* Encode the public key.
-			 * First check the size of encoding and
-			 * allocate memory accordingly.
-			 */
-			encodedlen = EC_POINT_point2oct(group,
-			EC_KEY_get0_public_key(ecdh),
-			POINT_CONVERSION_UNCOMPRESSED,
-			NULL, 0, NULL);
-
-			encodedPoint = malloc(encodedlen);
-
-			bn_ctx = BN_CTX_new();
-			if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-				goto err;
-			}
-
-
-			encodedlen = EC_POINT_point2oct(group,
-			EC_KEY_get0_public_key(ecdh),
-			POINT_CONVERSION_UNCOMPRESSED,
-			encodedPoint, encodedlen, bn_ctx);
-
-			if (encodedlen == 0) {
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-				goto err;
-			}
-
-			BN_CTX_free(bn_ctx);
-			bn_ctx = NULL;
-
-			/* XXX: For now, we only support named (not
-			 * generic) curves in ECDH ephemeral key exchanges.
-			 * In this situation, we need four additional bytes
-			 * to encode the entire ServerECDHParams
-			 * structure.
-			 */
-			n = 4 + encodedlen;
-
-			/* We'll generate the serverKeyExchange message
-			 * explicitly so we can set these to NULLs
-			 */
-			r[0] = NULL;
-			r[1] = NULL;
-			r[2] = NULL;
-			r[3] = NULL;
-		} else {
-			al = SSL_AD_HANDSHAKE_FAILURE;
-			SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-			    SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
-			goto f_err;
-		}
-		for (i = 0; r[i] != NULL; i++) {
-			nr[i] = BN_num_bytes(r[i]);
-			n += 2 + nr[i];
-		}
-
-		if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) {
-			if ((pkey = ssl_get_sign_pkey(s,
-			    s->s3->tmp.new_cipher, NULL)) == NULL) {
-				al = SSL_AD_DECODE_ERROR;
-				goto f_err;
-			}
-			kn = EVP_PKEY_size(pkey);
-		} else {
-			pkey = NULL;
-			kn = 0;
-		}
-
-		if (!BUF_MEM_grow_clean(buf, n + DTLS1_HM_HEADER_LENGTH + kn)) {
-			SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_BUF);
-			goto err;
-		}
-		d = (unsigned char *)s->init_buf->data;
-		p = &(d[DTLS1_HM_HEADER_LENGTH]);
-
-		for (i = 0; r[i] != NULL; i++) {
-			s2n(nr[i], p);
-			BN_bn2bin(r[i], p);
-			p += nr[i];
-		}
-
-		if (type & SSL_kECDHE) {
-			/* XXX: For now, we only support named (not generic) curves.
-			 * In this situation, the serverKeyExchange message has:
-			 * [1 byte CurveType], [2 byte CurveName]
-			 * [1 byte length of encoded point], followed by
-			 * the actual encoded point itself
-			 */
-			*p = NAMED_CURVE_TYPE;
-			p += 1;
-			*p = 0;
-			p += 1;
-			*p = curve_id;
-			p += 1;
-			*p = encodedlen;
-			p += 1;
-			memcpy((unsigned char*)p,
-			    (unsigned char *)encodedPoint, encodedlen);
-			free(encodedPoint);
-			encodedPoint = NULL;
-			p += encodedlen;
-		}
-
-
-		/* not anonymous */
-		if (pkey != NULL) {
-			/* n is the length of the params, they start at
-			 * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
-			 * at the end. */
-			if (pkey->type == EVP_PKEY_RSA) {
-				q = md_buf;
-				j = 0;
-				for (num = 2; num > 0; num--) {
-					if (!EVP_DigestInit_ex(&md_ctx, (num == 2)
-					    ? s->ctx->md5 : s->ctx->sha1, NULL))
-						goto err;
-					EVP_DigestUpdate(&md_ctx,
-					    &(s->s3->client_random[0]),
-					    SSL3_RANDOM_SIZE);
-					EVP_DigestUpdate(&md_ctx,
-					    &(s->s3->server_random[0]),
-					    SSL3_RANDOM_SIZE);
-					EVP_DigestUpdate(&md_ctx,
-					    &(d[DTLS1_HM_HEADER_LENGTH]), n);
-					EVP_DigestFinal_ex(&md_ctx, q,
-					    (unsigned int *)&i);
-					q += i;
-					j += i;
-				}
-				if (RSA_sign(NID_md5_sha1, md_buf, j, &(p[2]),
-				    &u, pkey->pkey.rsa) <= 0) {
-					SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_RSA);
-					goto err;
-				}
-				s2n(u, p);
-				n += u + 2;
-			} else
-			if (pkey->type == EVP_PKEY_DSA) {
-				/* lets do DSS */
-				EVP_SignInit_ex(&md_ctx, EVP_dss1(), NULL);
-				EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
-				EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
-				EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
-				if (!EVP_SignFinal(&md_ctx, &(p[2]),
-				    (unsigned int *)&i, pkey)) {
-					SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_DSA);
-					goto err;
-				}
-				s2n(i, p);
-				n += i + 2;
-			} else
-			if (pkey->type == EVP_PKEY_EC) {
-				/* let's do ECDSA */
-				EVP_SignInit_ex(&md_ctx, EVP_ecdsa(), NULL);
-				EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
-				EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
-				EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
-				if (!EVP_SignFinal(&md_ctx, &(p[2]),
-				    (unsigned int *)&i, pkey)) {
-					SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_ECDSA);
-					goto err;
-				}
-				s2n(i, p);
-				n += i + 2;
-			} else
-			{
-				/* Is this error check actually needed? */
-				al = SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_PKEY_TYPE);
-				goto f_err;
-			}
-		}
-
-		d = dtls1_set_message_header(s, d,
-		SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
-
-		/* we should now have things packed up, so lets send
-		 * it off */
-		s->init_num = n + DTLS1_HM_HEADER_LENGTH;
-		s->init_off = 0;
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
-	}
-
-	s->state = SSL3_ST_SW_KEY_EXCH_B;
-	EVP_MD_CTX_cleanup(&md_ctx);
-	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
-f_err:
-	ssl3_send_alert(s, SSL3_AL_FATAL, al);
-err:
-	free(encodedPoint);
-	BN_CTX_free(bn_ctx);
-	EVP_MD_CTX_cleanup(&md_ctx);
-	return (-1);
-}
-
-int
 dtls1_send_certificate_request(SSL *s)
 {
 	unsigned char *p, *d;
diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h
index 02dae426f94..6f030e6e533 100644
--- a/lib/libssl/src/ssl/ssl_locl.h
+++ b/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.124 2015/09/12 13:35:34 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.125 2015/09/12 14:28:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -725,7 +725,6 @@ int ssl3_get_cert_verify(SSL *s);
 int ssl3_get_next_proto(SSL *s);
 
 int dtls1_send_server_certificate(SSL *s);
-int dtls1_send_server_key_exchange(SSL *s);
 int dtls1_send_certificate_request(SSL *s);
 
 int ssl23_accept(SSL *s);