src - OpenBSD base system

diff options


context:
space:
mode:

author	Joel Sing <jsing@cvs.openbsd.org>	2017-03-05 14:24:13 +0000
committer	Joel Sing <jsing@cvs.openbsd.org>	2017-03-05 14:24:13 +0000
commit	caed0498189ba094e5a791c97ffc971b33bec903 (patch)
tree	53b1311caee9b343e74b460e07866d97e29c5ad9 /lib
parent	2b09718657faeaad95753fe9a37ee67416cc8425 (diff)

Convert various handshake message generation functions to CBB.

ok beck@ inoguchi@

Diffstat (limited to 'lib')

-rw-r--r--

lib/libssl/d1_srvr.c

-rw-r--r--

lib/libssl/ssl_both.c

-rw-r--r--

lib/libssl/ssl_clnt.c

-rw-r--r--

lib/libssl/ssl_srvr.c

4 files changed, 113 insertions, 56 deletions

diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c
index 860a5fc4e3d..508e1317302 100644
--- a/lib/libssl/d1_srvr.c
+++ b/lib/libssl/d1_srvr.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: d1_srvr.c,v 1.84 2017/02/07 02:08:38 beck Exp $ */

+/* $OpenBSD: d1_srvr.c,v 1.85 2017/03/05 14:24:12 jsing Exp $ */

* DTLS implementation written by Nagendra Modadugu

* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.

@@ -693,31 +693,38 @@ end:

int

dtls1_send_hello_verify_request(SSL *s)

{

- unsigned char *d, *p;

+ CBB cbb, verify, cookie;

- if (s->internal->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {

- d = p = ssl3_handshake_msg_start(s,

- DTLS1_MT_HELLO_VERIFY_REQUEST);

- *(p++) = s->version >> 8;

- *(p++) = s->version & 0xFF;

+ memset(&cbb, 0, sizeof(cbb));

+ if (s->internal->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {

if (s->ctx->internal->app_gen_cookie_cb == NULL ||

- s->ctx->internal->app_gen_cookie_cb(s,

- D1I(s)->cookie, &(D1I(s)->cookie_len)) == 0) {

+ s->ctx->internal->app_gen_cookie_cb(s, D1I(s)->cookie,

+ &(D1I(s)->cookie_len)) == 0) {

SSLerror(s, ERR_R_INTERNAL_ERROR);

return 0;

}

- *(p++) = (unsigned char) D1I(s)->cookie_len;

- memcpy(p, D1I(s)->cookie, D1I(s)->cookie_len);

- p += D1I(s)->cookie_len;

- ssl3_handshake_msg_finish(s, p - d);

+ if (!ssl3_handshake_msg_start_cbb(s, &cbb, &verify,

+ DTLS1_MT_HELLO_VERIFY_REQUEST))

+ goto err;

+ if (!CBB_add_u16(&verify, s->version))

+ goto err;

+ if (!CBB_add_u8_length_prefixed(&verify, &cookie))

+ goto err;

+ if (!CBB_add_bytes(&cookie, D1I(s)->cookie, D1I(s)->cookie_len))

+ goto err;

+ if (!ssl3_handshake_msg_finish_cbb(s, &cbb))

+ goto err;

s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;

}

/* s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */

return (ssl3_handshake_write(s));

+ err:

+ CBB_cleanup(&cbb);

+ return (-1);

}

diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c
index 14fd121d53b..d1a0879b729 100644
--- a/lib/libssl/ssl_both.c
+++ b/lib/libssl/ssl_both.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_both.c,v 1.6 2017/02/07 02:08:38 beck Exp $ */

+/* $OpenBSD: ssl_both.c,v 1.7 2017/03/05 14:24:12 jsing Exp $ */

@@ -166,9 +166,11 @@ ssl3_do_write(SSL *s, int type)

int

ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)

{

- unsigned char *p;

+ CBB cbb, finished;

int md_len;

+ memset(&cbb, 0, sizeof(cbb));

if (s->internal->state == a) {

md_len = TLS1_FINISH_MAC_LENGTH;

OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);

@@ -189,14 +191,23 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)

S3I(s)->previous_server_finished_len = md_len;

}

- p = ssl3_handshake_msg_start(s, SSL3_MT_FINISHED);

- memcpy(p, S3I(s)->tmp.finish_md, md_len);

- ssl3_handshake_msg_finish(s, md_len);

+ if (!ssl3_handshake_msg_start_cbb(s, &cbb, &finished,

+ SSL3_MT_FINISHED))

+ goto err;

+ if (!CBB_add_bytes(&finished, S3I(s)->tmp.finish_md, md_len))

+ goto err;

+ if (!ssl3_handshake_msg_finish_cbb(s, &cbb))

+ goto err;

s->internal->state = b;

}

return (ssl3_handshake_write(s));

+ err:

+ CBB_cleanup(&cbb);

+ return (-1);

}

diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 65939141a27..f46b66c3721 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_clnt.c,v 1.8 2017/03/04 16:15:02 jsing Exp $ */

+/* $OpenBSD: ssl_clnt.c,v 1.9 2017/03/05 14:24:12 jsing Exp $ */

@@ -2619,27 +2619,40 @@ err:

int

ssl3_send_next_proto(SSL *s)

{

- unsigned int len, padding_len;

- unsigned char *d, *p;

+ CBB cbb, nextproto, npn, padding;

+ size_t pad_len;

+ uint8_t *pad;

- if (s->internal->state == SSL3_ST_CW_NEXT_PROTO_A) {

- d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEXT_PROTO);

+ memset(&cbb, 0, sizeof(cbb));

- len = s->internal->next_proto_negotiated_len;

- padding_len = 32 - ((len + 2) % 32);

- *(p++) = len;

- memcpy(p, s->internal->next_proto_negotiated, len);

- p += len;

- *(p++) = padding_len;

- memset(p, 0, padding_len);

- p += padding_len;

+ if (s->internal->state == SSL3_ST_CW_NEXT_PROTO_A) {

+ pad_len = 32 - ((s->internal->next_proto_negotiated_len + 2) % 32);

- ssl3_handshake_msg_finish(s, p - d);

+ if (!ssl3_handshake_msg_start_cbb(s, &cbb, &nextproto,

+ SSL3_MT_NEXT_PROTO))

+ goto err;

+ if (!CBB_add_u8_length_prefixed(&nextproto, &npn))

+ goto err;

+ if (!CBB_add_bytes(&npn, s->internal->next_proto_negotiated,

+ s->internal->next_proto_negotiated_len))

+ goto err;

+ if (!CBB_add_u8_length_prefixed(&nextproto, &padding))

+ goto err;

+ if (!CBB_add_space(&padding, &pad, pad_len))

+ goto err;

+ memset(pad, 0, pad_len);

+ if (!ssl3_handshake_msg_finish_cbb(s, &cbb))

+ goto err;

s->internal->state = SSL3_ST_CW_NEXT_PROTO_B;

}

return (ssl3_handshake_write(s));

+ err:

+ CBB_cleanup(&cbb);

+ return (-1);

}

diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index ddf8755707b..09ea6571748 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_srvr.c,v 1.8 2017/03/01 14:01:24 jsing Exp $ */

+/* $OpenBSD: ssl_srvr.c,v 1.9 2017/03/05 14:24:12 jsing Exp $ */

@@ -705,15 +705,27 @@ end:

int

ssl3_send_hello_request(SSL *s)

{

+ CBB cbb, hello;

+ memset(&cbb, 0, sizeof(cbb));

if (s->internal->state == SSL3_ST_SW_HELLO_REQ_A) {

- ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);

- ssl3_handshake_msg_finish(s, 0);

+ if (!ssl3_handshake_msg_start_cbb(s, &cbb, &hello,

+ SSL3_MT_HELLO_REQUEST))

+ goto err;

+ if (!ssl3_handshake_msg_finish_cbb(s, &cbb))

+ goto err;

s->internal->state = SSL3_ST_SW_HELLO_REQ_B;

}

/* SSL3_ST_SW_HELLO_REQ_B */

return (ssl3_handshake_write(s));

+ err:

+ CBB_cleanup(&cbb);

+ return (-1);

}

int

@@ -1166,15 +1178,27 @@ ssl3_send_server_hello(SSL *s)

int

ssl3_send_server_done(SSL *s)

{

+ CBB cbb, done;

+ memset(&cbb, 0, sizeof(cbb));

if (s->internal->state == SSL3_ST_SW_SRVR_DONE_A) {

- ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);

- ssl3_handshake_msg_finish(s, 0);

+ if (!ssl3_handshake_msg_start_cbb(s, &cbb, &done,

+ SSL3_MT_SERVER_DONE))

+ goto err;

+ if (!ssl3_handshake_msg_finish_cbb(s, &cbb))

+ goto err;

s->internal->state = SSL3_ST_SW_SRVR_DONE_B;

}

/* SSL3_ST_SW_SRVR_DONE_B */

return (ssl3_handshake_write(s));

+ err:

+ CBB_cleanup(&cbb);

+ return (-1);

}

int

@@ -2718,32 +2742,34 @@ ssl3_send_newsession_ticket(SSL *s)

int

ssl3_send_cert_status(SSL *s)

{

- unsigned char *p;

+ CBB cbb, certstatus, ocspresp;

+ memset(&cbb, 0, sizeof(cbb));

if (s->internal->state == SSL3_ST_SW_CERT_STATUS_A) {

- /*

- * Grow buffer if need be: the length calculation is as

- * follows 1 (message type) + 3 (message length) +

- * 1 (ocsp response type) + 3 (ocsp response length)

- * + (ocsp response)

- */

- if (!BUF_MEM_grow(s->internal->init_buf, SSL3_HM_HEADER_LENGTH + 4 +

+ if (!ssl3_handshake_msg_start_cbb(s, &cbb, &certstatus,

+ SSL3_MT_CERTIFICATE_STATUS))

+ goto err;

+ if (!CBB_add_u8(&certstatus, s->tlsext_status_type))

+ goto err;

+ if (!CBB_add_u24_length_prefixed(&certstatus, &ocspresp))

+ goto err;

+ if (!CBB_add_bytes(&ocspresp, s->internal->tlsext_ocsp_resp,

s->internal->tlsext_ocsp_resplen))

- return (-1);

- p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_STATUS);

- *(p++) = s->tlsext_status_type;

- l2n3(s->internal->tlsext_ocsp_resplen, p);

- memcpy(p, s->internal->tlsext_ocsp_resp, s->internal->tlsext_ocsp_resplen);

- ssl3_handshake_msg_finish(s, s->internal->tlsext_ocsp_resplen + 4);

+ goto err;

+ if (!ssl3_handshake_msg_finish_cbb(s, &cbb))

+ goto err;

s->internal->state = SSL3_ST_SW_CERT_STATUS_B;

}

/* SSL3_ST_SW_CERT_STATUS_B */

return (ssl3_handshake_write(s));

+ err:

+ CBB_cleanup(&cbb);

+ return (-1);

}