summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2015-09-12 15:03:40 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2015-09-12 15:03:40 +0000
commit8d90add9c8baeb92c3c285888c5d4499b9eb452f (patch)
treef7aa8090ec27ca6d6d7308d2f5cba13afcf76c02 /lib/libssl
parent1192988bba6f589b274d47500a5a17a69c2575de (diff)
Move handshake message header length determination into a separate
ssl3_handshake_msg_hdr_len() function. Use this to correct several places that have magic numbers with header lengths hardcoded as '4'. ok beck@
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/src/ssl/s3_both.c13
-rw-r--r--lib/libssl/src/ssl/s3_lib.c21
-rw-r--r--lib/libssl/src/ssl/s3_srvr.c13
-rw-r--r--lib/libssl/src/ssl/ssl_locl.h3
4 files changed, 27 insertions, 23 deletions
diff --git a/lib/libssl/src/ssl/s3_both.c b/lib/libssl/src/ssl/s3_both.c
index 49b1e506599..cfd0fb9b4bd 100644
--- a/lib/libssl/src/ssl/s3_both.c
+++ b/lib/libssl/src/ssl/s3_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_both.c,v 1.47 2015/09/11 18:08:21 jsing Exp $ */
+/* $OpenBSD: s3_both.c,v 1.48 2015/09/12 15:03:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -326,6 +326,7 @@ ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
return (-1);
}
+ /* XXX */
p = (unsigned char *)&(buf->data[*l]);
l2n3(n, p);
i2d_X509(x, &p);
@@ -338,10 +339,10 @@ unsigned long
ssl3_output_cert_chain(SSL *s, X509 *x)
{
unsigned char *p;
- int i;
- unsigned long l = 7;
+ unsigned long l = ssl3_handshake_msg_hdr_len(s) + 3;
BUF_MEM *buf;
int no_chain;
+ int i;
if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
no_chain = 1;
@@ -350,7 +351,7 @@ ssl3_output_cert_chain(SSL *s, X509 *x)
/* TLSv1 sends a chain with nothing in it, instead of an alert */
buf = s->init_buf;
- if (!BUF_MEM_grow_clean(buf, 10)) {
+ if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) + 6)) {
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
return (0);
}
@@ -388,14 +389,14 @@ ssl3_output_cert_chain(SSL *s, X509 *x)
return (0);
}
- l -= 7;
+ l -= ssl3_handshake_msg_hdr_len(s) + 3;
p = (unsigned char *)&(buf->data[4]);
l2n3(l, p);
l += 3;
p = (unsigned char *)&(buf->data[0]);
*(p++) = SSL3_MT_CERTIFICATE;
l2n3(l, p);
- l += 4;
+ l += 4; /* XXX */
return (l);
}
diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c
index 1a619e3d30f..912ac8dbdbb 100644
--- a/lib/libssl/src/ssl/s3_lib.c
+++ b/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.104 2015/09/11 18:08:21 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.105 2015/09/12 15:03:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1947,22 +1947,25 @@ ssl3_pending(const SSL *s)
s->s3->rrec.length : 0;
}
+int
+ssl3_handshake_msg_hdr_len(SSL *s)
+{
+ return (SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH :
+ SSL3_HM_HEADER_LENGTH);
+}
+
unsigned char *
ssl3_handshake_msg_start(SSL *s, uint8_t msg_type)
{
unsigned char *d, *p;
- int hdr_len;
d = p = (unsigned char *)s->init_buf->data;
- hdr_len = SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH :
- SSL3_HM_HEADER_LENGTH;
-
/* Handshake message type and length. */
*(p++) = msg_type;
l2n3(0, p);
- return (d + hdr_len);
+ return (d + ssl3_handshake_msg_hdr_len(s));
}
void
@@ -1970,18 +1973,14 @@ ssl3_handshake_msg_finish(SSL *s, unsigned int len)
{
unsigned char *d, *p;
uint8_t msg_type;
- int hdr_len;
d = p = (unsigned char *)s->init_buf->data;
- hdr_len = SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH :
- SSL3_HM_HEADER_LENGTH;
-
/* Handshake message length. */
msg_type = *(p++);
l2n3(len, p);
- s->init_num = hdr_len + (int)len;
+ s->init_num = ssl3_handshake_msg_hdr_len(s) + (int)len;
s->init_off = 0;
if (SSL_IS_DTLS(s)) {
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index e9496f9b9d6..dbcbc9b709a 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.119 2015/09/12 13:03:06 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.120 2015/09/12 15:03:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1398,7 +1398,8 @@ ssl3_send_server_key_exchange(SSL *s)
kn = 0;
}
- if (!BUF_MEM_grow_clean(buf, n + 4 + kn)) {
+ if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) +
+ n + kn)) {
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
ERR_LIB_BUF);
goto err;
@@ -1570,7 +1571,9 @@ ssl3_send_certificate_request(SSL *s)
for (i = 0; i < sk_X509_NAME_num(sk); i++) {
name = sk_X509_NAME_value(sk, i);
j = i2d_X509_NAME(name, NULL);
- if (!BUF_MEM_grow_clean(buf, 4 + n + j + 2)) {
+ if (!BUF_MEM_grow_clean(buf,
+ ssl3_handshake_msg_hdr_len(s) + n + j
+ + 2)) {
SSLerr(
SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
ERR_R_BUF_LIB);
@@ -2523,8 +2526,8 @@ ssl3_send_newsession_ticket(SSL *s)
* session_length + max_enc_block_size (max encrypted session
* length) + max_md_size (HMAC).
*/
- if (!BUF_MEM_grow(s->init_buf,
- 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
+ if (!BUF_MEM_grow(s->init_buf, ssl3_handshake_msg_hdr_len(s) +
+ 22 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
EVP_MAX_MD_SIZE + slen)) {
free(senc);
return (-1);
diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h
index 130482dbba6..cb7889ffb71 100644
--- a/lib/libssl/src/ssl/ssl_locl.h
+++ b/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.126 2015/09/12 14:32:24 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.127 2015/09/12 15:03:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -641,6 +641,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
int ssl3_pending(const SSL *s);
+int ssl3_handshake_msg_hdr_len(SSL *s);
unsigned char *ssl3_handshake_msg_start(SSL *s, uint8_t htype);
void ssl3_handshake_msg_finish(SSL *s, unsigned int len);
int ssl3_handshake_write(SSL *s);