src - OpenBSD base system

diff options


context:
space:
mode:

author	Joel Sing <jsing@cvs.openbsd.org>	2015-02-07 08:56:40 +0000
committer	Joel Sing <jsing@cvs.openbsd.org>	2015-02-07 08:56:40 +0000
commit	14c0b3850b15235e68b5035684ef3a76ffa7d831 (patch)
tree	534eda379928de9277e765580fe44c6f97b0a258 /lib
parent	0087075e41ce8f6e0a55af8118aded9e0471dba2 (diff)

Convert several of the server side handshake functions to the new handshake

message handling routines. ok miod@

Diffstat (limited to 'lib')

-rw-r--r--

lib/libssl/d1_srvr.c

-rw-r--r--

lib/libssl/s3_srvr.c

2 files changed, 54 insertions, 119 deletions

diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c
index 82f846d236a..1c732c5b085 100644
--- a/lib/libssl/d1_srvr.c
+++ b/lib/libssl/d1_srvr.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: d1_srvr.c,v 1.47 2015/02/06 08:30:23 jsing Exp $ */

+/* $OpenBSD: d1_srvr.c,v 1.48 2015/02/07 08:56:39 jsing Exp $ */

* DTLS implementation written by Nagendra Modadugu

* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.

@@ -819,82 +819,65 @@ end:

int

dtls1_send_hello_request(SSL *s)

{

- unsigned char *p;

if (s->state == SSL3_ST_SW_HELLO_REQ_A) {

- p = (unsigned char *)s->init_buf->data;

- p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);

+ ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);

+ ssl3_handshake_msg_finish(s, 0);

s->state = SSL3_ST_SW_HELLO_REQ_B;

- /* number of bytes to write */

- s->init_num = DTLS1_HM_HEADER_LENGTH;

- s->init_off = 0;

- /* no need to buffer this message, since there are no retransmit

- * requests for it */

}

/* SSL3_ST_SW_HELLO_REQ_B */

- return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));

+ return (ssl3_handshake_write(s));

}

int

dtls1_send_hello_verify_request(SSL *s)

{

- unsigned int msg_len;

- unsigned char *msg, *buf, *p;

+ unsigned char *d, *p;

if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {

- buf = (unsigned char *)s->init_buf->data;

+ d = p = ssl3_handshake_msg_start(s,

+ DTLS1_MT_HELLO_VERIFY_REQUEST);

- msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);

*(p++) = s->version >> 8;

*(p++) = s->version & 0xFF;

if (s->ctx->app_gen_cookie_cb == NULL ||

- s->ctx->app_gen_cookie_cb(s, s->d1->cookie,

- &(s->d1->cookie_len)) == 0) {

- SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR);

+ s->ctx->app_gen_cookie_cb(s, s->d1->cookie,

+ &(s->d1->cookie_len)) == 0) {

+ SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,

+ ERR_R_INTERNAL_ERROR);

return 0;

}

*(p++) = (unsigned char) s->d1->cookie_len;

memcpy(p, s->d1->cookie, s->d1->cookie_len);

p += s->d1->cookie_len;

- msg_len = p - msg;

- dtls1_set_message_header(s, buf,

- DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);

+ ssl3_handshake_msg_finish(s, p - d);

s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;

- /* number of bytes to write */

- s->init_num = p - buf;

- s->init_off = 0;

}

/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */

- return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));

+ return (ssl3_handshake_write(s));

}

int

dtls1_send_server_hello(SSL *s)

{

- unsigned char *buf;

+ unsigned char *bufend;

unsigned char *p, *d;

unsigned int sl;

- unsigned long l;

if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {

- buf = (unsigned char *)s->init_buf->data;

- arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);

- /* Do the message type and length last */

- d = p= &(buf[DTLS1_HM_HEADER_LENGTH]);

+ d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);

*(p++) = s->version >> 8;

- *(p++) = s->version&0xff;

+ *(p++) = s->version & 0xff;

/* Random stuff */

+ arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);

memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);

p += SSL3_RANDOM_SIZE;

@@ -911,7 +894,8 @@ dtls1_send_server_hello(SSL *s)

sl = s->session->session_id_length;

if (sl > sizeof s->session->session_id) {

- SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);

+ SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,

+ ERR_R_INTERNAL_ERROR);

return -1;

}

*(p++) = sl;

@@ -926,52 +910,35 @@ dtls1_send_server_hello(SSL *s)

/* put the compression method */

*(p++) = 0;

- if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {

- SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);

+ bufend = (unsigned char *)s->init_buf->data +

+ SSL3_RT_MAX_PLAIN_LENGTH;

+ if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) {

+ SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,

+ ERR_R_INTERNAL_ERROR);

return -1;

}

- /* do the header */

- l = (p - d);

- d = buf;

- d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);

+ ssl3_handshake_msg_finish(s, p - d);

s->state = SSL3_ST_SW_SRVR_HELLO_B;

- /* number of bytes to write */

- s->init_num = p - buf;

- s->init_off = 0;

- /* buffer the message to handle re-xmits */

- dtls1_buffer_message(s, 0);

}

/* SSL3_ST_SW_SRVR_HELLO_B */

- return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));

+ return (ssl3_handshake_write(s));

}

int

dtls1_send_server_done(SSL *s)

{

- unsigned char *p;

if (s->state == SSL3_ST_SW_SRVR_DONE_A) {

- p = (unsigned char *)s->init_buf->data;

- /* do the header */

- p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);

+ ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);

+ ssl3_handshake_msg_finish(s, 0);

s->state = SSL3_ST_SW_SRVR_DONE_B;

- /* number of bytes to write */

- s->init_num = DTLS1_HM_HEADER_LENGTH;

- s->init_off = 0;

- /* buffer the message to handle re-xmits */

- dtls1_buffer_message(s, 0);

}

/* SSL3_ST_SW_SRVR_DONE_B */

- return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));

+ return (ssl3_handshake_write(s));

}

int

diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index 4a2fdf1a233..32b379d98f2 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_srvr.c,v 1.98 2015/02/06 10:04:07 jsing Exp $ */

+/* $OpenBSD: s3_srvr.c,v 1.99 2015/02/07 08:56:39 jsing Exp $ */

@@ -766,23 +766,15 @@ end:

int

ssl3_send_hello_request(SSL *s)

{

- unsigned char *p;

if (s->state == SSL3_ST_SW_HELLO_REQ_A) {

- p = (unsigned char *)s->init_buf->data;

- *(p++) = SSL3_MT_HELLO_REQUEST;

- *(p++) = 0;

+ ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);

+ ssl3_handshake_msg_finish(s, 0);

s->state = SSL3_ST_SW_HELLO_REQ_B;

- /* number of bytes to write */

- s->init_num = 4;

- s->init_off = 0;

}

/* SSL3_ST_SW_HELLO_REQ_B */

- return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));

+ return (ssl3_handshake_write(s));

}

int

@@ -1217,18 +1209,15 @@ err:

int

ssl3_send_server_hello(SSL *s)

{

- unsigned char *buf;

+ unsigned char *bufend;

unsigned char *p, *d;

- unsigned long l;

int sl;

if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {

- buf = (unsigned char *)s->init_buf->data;

- /* Do the message type and length last */

- d = p= &(buf[4]);

+ d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);

*(p++) = s->version >> 8;

- *(p++) = s->version&0xff;

+ *(p++) = s->version & 0xff;

/* Random stuff */

memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);

@@ -1271,55 +1260,39 @@ ssl3_send_server_hello(SSL *s)

/* put the compression method */

*(p++) = 0;

if (ssl_prepare_serverhello_tlsext(s) <= 0) {

SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,

SSL_R_SERVERHELLO_TLSEXT);

return (-1);

}

- if ((p = ssl_add_serverhello_tlsext(s, p,

- buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {

+ bufend = (unsigned char *)s->init_buf->data +

+ SSL3_RT_MAX_PLAIN_LENGTH;

+ if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) {

SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,

ERR_R_INTERNAL_ERROR);

return (-1);

}

- /* do the header */

- l = (p - d);

- d = buf;

- *(d++) = SSL3_MT_SERVER_HELLO;

- l2n3(l, d);

- s->state = SSL3_ST_SW_SRVR_HELLO_B;

- /* number of bytes to write */

- s->init_num = p - buf;

- s->init_off = 0;

+ ssl3_handshake_msg_finish(s, p - d);

}

/* SSL3_ST_SW_SRVR_HELLO_B */

- return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));

+ return (ssl3_handshake_write(s));

}

int

ssl3_send_server_done(SSL *s)

{

- unsigned char *p;

if (s->state == SSL3_ST_SW_SRVR_DONE_A) {

- p = (unsigned char *)s->init_buf->data;

- /* do the header */

- *(p++) = SSL3_MT_SERVER_DONE;

- *(p++) = 0;

+ ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);

+ ssl3_handshake_msg_finish(s, 0);

s->state = SSL3_ST_SW_SRVR_DONE_B;

- /* number of bytes to write */

- s->init_num = 4;

- s->init_off = 0;

}

/* SSL3_ST_SW_SRVR_DONE_B */

- return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));

+ return (ssl3_handshake_write(s));

}

int

@@ -2790,37 +2763,32 @@ ssl3_send_newsession_ticket(SSL *s)

int

ssl3_send_cert_status(SSL *s)

{

+ unsigned char *p;

if (s->state == SSL3_ST_SW_CERT_STATUS_A) {

- unsigned char *p;

* Grow buffer if need be: the length calculation is as

* follows 1 (message type) + 3 (message length) +

* 1 (ocsp response type) + 3 (ocsp response length)

* + (ocsp response)

- if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))

+ if (!BUF_MEM_grow(s->init_buf, SSL3_HM_HEADER_LENGTH + 4 +

+ s->tlsext_ocsp_resplen))

return (-1);

- p = (unsigned char *)s->init_buf->data;

+ p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_STATUS);

- /* do the header */

- *(p++) = SSL3_MT_CERTIFICATE_STATUS;

- /* message length */

- l2n3(s->tlsext_ocsp_resplen + 4, p);

- /* status type */

*(p++) = s->tlsext_status_type;

- /* length of OCSP response */

l2n3(s->tlsext_ocsp_resplen, p);

- /* actual response */

memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);

- /* number of bytes to write */

- s->init_num = 8 + s->tlsext_ocsp_resplen;

+ ssl3_handshake_msg_finish(s, s->tlsext_ocsp_resplen + 4);

s->state = SSL3_ST_SW_CERT_STATUS_B;

- s->init_off = 0;

}

/* SSL3_ST_SW_CERT_STATUS_B */

- return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));

+ return (ssl3_handshake_write(s));

}