diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2015-02-07 08:56:40 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2015-02-07 08:56:40 +0000 |
commit | 14c0b3850b15235e68b5035684ef3a76ffa7d831 (patch) | |
tree | 534eda379928de9277e765580fe44c6f97b0a258 /lib/libssl | |
parent | 0087075e41ce8f6e0a55af8118aded9e0471dba2 (diff) |
Convert several of the server side handshake functions to the new handshake
message handling routines.
ok miod@
Diffstat (limited to 'lib/libssl')
-rw-r--r-- | lib/libssl/d1_srvr.c | 91 | ||||
-rw-r--r-- | lib/libssl/s3_srvr.c | 82 |
2 files changed, 54 insertions, 119 deletions
diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index 82f846d236a..1c732c5b085 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.47 2015/02/06 08:30:23 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.48 2015/02/07 08:56:39 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -819,82 +819,65 @@ end: int dtls1_send_hello_request(SSL *s) { - unsigned char *p; - if (s->state == SSL3_ST_SW_HELLO_REQ_A) { - p = (unsigned char *)s->init_buf->data; - p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0); + ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST); + ssl3_handshake_msg_finish(s, 0); s->state = SSL3_ST_SW_HELLO_REQ_B; - /* number of bytes to write */ - s->init_num = DTLS1_HM_HEADER_LENGTH; - s->init_off = 0; - - /* no need to buffer this message, since there are no retransmit - * requests for it */ } /* SSL3_ST_SW_HELLO_REQ_B */ - return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); + return (ssl3_handshake_write(s)); } int dtls1_send_hello_verify_request(SSL *s) { - unsigned int msg_len; - unsigned char *msg, *buf, *p; + unsigned char *d, *p; if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { - buf = (unsigned char *)s->init_buf->data; + d = p = ssl3_handshake_msg_start(s, + DTLS1_MT_HELLO_VERIFY_REQUEST); - msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]); *(p++) = s->version >> 8; *(p++) = s->version & 0xFF; if (s->ctx->app_gen_cookie_cb == NULL || - s->ctx->app_gen_cookie_cb(s, s->d1->cookie, - &(s->d1->cookie_len)) == 0) { - SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR); + s->ctx->app_gen_cookie_cb(s, s->d1->cookie, + &(s->d1->cookie_len)) == 0) { + SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, + ERR_R_INTERNAL_ERROR); return 0; } *(p++) = (unsigned char) s->d1->cookie_len; memcpy(p, s->d1->cookie, s->d1->cookie_len); p += s->d1->cookie_len; - msg_len = p - msg; - dtls1_set_message_header(s, buf, - DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len); + ssl3_handshake_msg_finish(s, p - d); s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; - /* number of bytes to write */ - s->init_num = p - buf; - s->init_off = 0; } /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ - return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); + return (ssl3_handshake_write(s)); } int dtls1_send_server_hello(SSL *s) { - unsigned char *buf; + unsigned char *bufend; unsigned char *p, *d; unsigned int sl; - unsigned long l; if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { - buf = (unsigned char *)s->init_buf->data; - arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); - - /* Do the message type and length last */ - d = p= &(buf[DTLS1_HM_HEADER_LENGTH]); + d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO); *(p++) = s->version >> 8; - *(p++) = s->version&0xff; + *(p++) = s->version & 0xff; /* Random stuff */ + arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); p += SSL3_RANDOM_SIZE; @@ -911,7 +894,8 @@ dtls1_send_server_hello(SSL *s) sl = s->session->session_id_length; if (sl > sizeof s->session->session_id) { - SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, + ERR_R_INTERNAL_ERROR); return -1; } *(p++) = sl; @@ -926,52 +910,35 @@ dtls1_send_server_hello(SSL *s) /* put the compression method */ *(p++) = 0; - if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { - SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + bufend = (unsigned char *)s->init_buf->data + + SSL3_RT_MAX_PLAIN_LENGTH; + if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) { + SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, + ERR_R_INTERNAL_ERROR); return -1; } - /* do the header */ - l = (p - d); - d = buf; - - d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l); + ssl3_handshake_msg_finish(s, p - d); s->state = SSL3_ST_SW_SRVR_HELLO_B; - /* number of bytes to write */ - s->init_num = p - buf; - s->init_off = 0; - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); } /* SSL3_ST_SW_SRVR_HELLO_B */ - return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); + return (ssl3_handshake_write(s)); } int dtls1_send_server_done(SSL *s) { - unsigned char *p; - if (s->state == SSL3_ST_SW_SRVR_DONE_A) { - p = (unsigned char *)s->init_buf->data; - - /* do the header */ - p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0); + ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE); + ssl3_handshake_msg_finish(s, 0); s->state = SSL3_ST_SW_SRVR_DONE_B; - /* number of bytes to write */ - s->init_num = DTLS1_HM_HEADER_LENGTH; - s->init_off = 0; - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); } /* SSL3_ST_SW_SRVR_DONE_B */ - return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); + return (ssl3_handshake_write(s)); } int diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 4a2fdf1a233..32b379d98f2 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.98 2015/02/06 10:04:07 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.99 2015/02/07 08:56:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -766,23 +766,15 @@ end: int ssl3_send_hello_request(SSL *s) { - unsigned char *p; - if (s->state == SSL3_ST_SW_HELLO_REQ_A) { - p = (unsigned char *)s->init_buf->data; - *(p++) = SSL3_MT_HELLO_REQUEST; - *(p++) = 0; - *(p++) = 0; - *(p++) = 0; + ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST); + ssl3_handshake_msg_finish(s, 0); s->state = SSL3_ST_SW_HELLO_REQ_B; - /* number of bytes to write */ - s->init_num = 4; - s->init_off = 0; } /* SSL3_ST_SW_HELLO_REQ_B */ - return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); + return (ssl3_handshake_write(s)); } int @@ -1217,18 +1209,15 @@ err: int ssl3_send_server_hello(SSL *s) { - unsigned char *buf; + unsigned char *bufend; unsigned char *p, *d; - unsigned long l; int sl; if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { - buf = (unsigned char *)s->init_buf->data; - /* Do the message type and length last */ - d = p= &(buf[4]); + d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO); *(p++) = s->version >> 8; - *(p++) = s->version&0xff; + *(p++) = s->version & 0xff; /* Random stuff */ memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); @@ -1271,55 +1260,39 @@ ssl3_send_server_hello(SSL *s) /* put the compression method */ *(p++) = 0; + if (ssl_prepare_serverhello_tlsext(s) <= 0) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); return (-1); } - if ((p = ssl_add_serverhello_tlsext(s, p, - buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { + bufend = (unsigned char *)s->init_buf->data + + SSL3_RT_MAX_PLAIN_LENGTH; + if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); return (-1); } - /* do the header */ - l = (p - d); - d = buf; - *(d++) = SSL3_MT_SERVER_HELLO; - l2n3(l, d); - s->state = SSL3_ST_SW_SRVR_HELLO_B; - /* number of bytes to write */ - s->init_num = p - buf; - s->init_off = 0; + ssl3_handshake_msg_finish(s, p - d); } /* SSL3_ST_SW_SRVR_HELLO_B */ - return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); + return (ssl3_handshake_write(s)); } int ssl3_send_server_done(SSL *s) { - unsigned char *p; - if (s->state == SSL3_ST_SW_SRVR_DONE_A) { - p = (unsigned char *)s->init_buf->data; - - /* do the header */ - *(p++) = SSL3_MT_SERVER_DONE; - *(p++) = 0; - *(p++) = 0; - *(p++) = 0; + ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE); + ssl3_handshake_msg_finish(s, 0); s->state = SSL3_ST_SW_SRVR_DONE_B; - /* number of bytes to write */ - s->init_num = 4; - s->init_off = 0; } /* SSL3_ST_SW_SRVR_DONE_B */ - return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); + return (ssl3_handshake_write(s)); } int @@ -2790,37 +2763,32 @@ ssl3_send_newsession_ticket(SSL *s) int ssl3_send_cert_status(SSL *s) { + unsigned char *p; + if (s->state == SSL3_ST_SW_CERT_STATUS_A) { - unsigned char *p; /* * Grow buffer if need be: the length calculation is as * follows 1 (message type) + 3 (message length) + * 1 (ocsp response type) + 3 (ocsp response length) * + (ocsp response) */ - if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) + if (!BUF_MEM_grow(s->init_buf, SSL3_HM_HEADER_LENGTH + 4 + + s->tlsext_ocsp_resplen)) return (-1); - p = (unsigned char *)s->init_buf->data; + p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_STATUS); - /* do the header */ - *(p++) = SSL3_MT_CERTIFICATE_STATUS; - /* message length */ - l2n3(s->tlsext_ocsp_resplen + 4, p); - /* status type */ *(p++) = s->tlsext_status_type; - /* length of OCSP response */ l2n3(s->tlsext_ocsp_resplen, p); - /* actual response */ memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); - /* number of bytes to write */ - s->init_num = 8 + s->tlsext_ocsp_resplen; + + ssl3_handshake_msg_finish(s, s->tlsext_ocsp_resplen + 4); + s->state = SSL3_ST_SW_CERT_STATUS_B; - s->init_off = 0; } /* SSL3_ST_SW_CERT_STATUS_B */ - return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); + return (ssl3_handshake_write(s)); } /* |