diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2017-10-11 16:51:40 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2017-10-11 16:51:40 +0000 |
| commit | 78c572944bf653c6bf7d24dffaf140745b31e02c (patch) | |
| tree | 61bc1f3724c3aabaf8fb6619ecaa15be34054941 /lib/libssl | |
| parent | 04ce6cf65cd440ae21c1b48a7485d0d1deda058a (diff) | |
Fully convert ssl3_send_server_hello() to CBB.
Based on a diff from doug@
Diffstat (limited to 'lib/libssl')
| -rw-r--r-- | lib/libssl/ssl_locl.h | 5 | ||||
| -rw-r--r-- | lib/libssl/ssl_srvr.c | 42 | ||||
| -rw-r--r-- | lib/libssl/t1_lib.c | 25 |
3 files changed, 19 insertions, 53 deletions
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 9d9f9c3e41b..2ce4b056000 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.196 2017/10/10 16:51:38 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.197 2017/10/11 16:51:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1289,9 +1289,6 @@ int tls1_get_shared_curve(SSL *s); unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); -unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, - unsigned char *limit); - int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 723d82fc821..5e10fa01f45 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.24 2017/10/10 16:51:38 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.25 2017/10/11 16:51:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -166,6 +166,7 @@ #include <openssl/x509.h> #include "bytestring.h" +#include "ssl_tlsext.h" int ssl3_accept(SSL *s) @@ -1046,25 +1047,19 @@ err: int ssl3_send_server_hello(SSL *s) { - unsigned char *bufend; - unsigned char *p, *d; - CBB cbb, session_id; - size_t outlen; - int sl; + CBB cbb, server_hello, session_id; + size_t sl; memset(&cbb, 0, sizeof(cbb)); - bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH; - if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { - d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO); - - if (!CBB_init_fixed(&cbb, p, bufend - p)) + if (!ssl3_handshake_msg_start_cbb(s, &cbb, &server_hello, + SSL3_MT_SERVER_HELLO)) goto err; - if (!CBB_add_u16(&cbb, s->version)) + if (!CBB_add_u16(&server_hello, s->version)) goto err; - if (!CBB_add_bytes(&cbb, s->s3->server_random, + if (!CBB_add_bytes(&server_hello, s->s3->server_random, sizeof(s->s3->server_random))) goto err; @@ -1091,35 +1086,32 @@ ssl3_send_server_hello(SSL *s) s->session->session_id_length = 0; sl = s->session->session_id_length; - if (sl > (int)sizeof(s->session->session_id)) { + if (sl > sizeof(s->session->session_id)) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } - - if (!CBB_add_u8_length_prefixed(&cbb, &session_id)) + if (!CBB_add_u8_length_prefixed(&server_hello, &session_id)) goto err; if (!CBB_add_bytes(&session_id, s->session->session_id, sl)) goto err; /* Cipher suite. */ - if (!CBB_add_u16(&cbb, + if (!CBB_add_u16(&server_hello, ssl3_cipher_get_value(S3I(s)->hs.new_cipher))) goto err; - /* Compression method. */ - if (!CBB_add_u8(&cbb, 0)) + /* Compression method (null). */ + if (!CBB_add_u8(&server_hello, 0)) goto err; - if (!CBB_finish(&cbb, NULL, &outlen)) - goto err; - - if ((p = ssl_add_serverhello_tlsext(s, p + outlen, - bufend)) == NULL) { + /* TLS extensions */ + if (!tlsext_serverhello_build(s, &server_hello)) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } - ssl3_handshake_msg_finish(s, p - d); + if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) + goto err; } /* SSL3_ST_SW_SRVR_HELLO_B */ diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 0d03b45a979..8526ca167b9 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.137 2017/08/30 16:44:37 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.138 2017/10/11 16:51:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -684,29 +684,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) return (p + len); } -unsigned char * -ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) -{ - size_t len; - CBB cbb; - - if (p >= limit) - return NULL; - - if (!CBB_init_fixed(&cbb, p, limit - p)) - return NULL; - if (!tlsext_serverhello_build(s, &cbb)) { - CBB_cleanup(&cbb); - return NULL; - } - if (!CBB_finish(&cbb, NULL, &len)) { - CBB_cleanup(&cbb); - return NULL; - } - - return (p + len); -} - int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) |