From 8d90add9c8baeb92c3c285888c5d4499b9eb452f Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Sat, 12 Sep 2015 15:03:40 +0000 Subject: Move handshake message header length determination into a separate ssl3_handshake_msg_hdr_len() function. Use this to correct several places that have magic numbers with header lengths hardcoded as '4'. ok beck@ --- lib/libssl/src/ssl/s3_both.c | 13 +++++++------ lib/libssl/src/ssl/s3_lib.c | 21 ++++++++++----------- lib/libssl/src/ssl/s3_srvr.c | 13 ++++++++----- lib/libssl/src/ssl/ssl_locl.h | 3 ++- 4 files changed, 27 insertions(+), 23 deletions(-) (limited to 'lib/libssl') diff --git a/lib/libssl/src/ssl/s3_both.c b/lib/libssl/src/ssl/s3_both.c index 49b1e506599..cfd0fb9b4bd 100644 --- a/lib/libssl/src/ssl/s3_both.c +++ b/lib/libssl/src/ssl/s3_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_both.c,v 1.47 2015/09/11 18:08:21 jsing Exp $ */ +/* $OpenBSD: s3_both.c,v 1.48 2015/09/12 15:03:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -326,6 +326,7 @@ ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); return (-1); } + /* XXX */ p = (unsigned char *)&(buf->data[*l]); l2n3(n, p); i2d_X509(x, &p); @@ -338,10 +339,10 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) { unsigned char *p; - int i; - unsigned long l = 7; + unsigned long l = ssl3_handshake_msg_hdr_len(s) + 3; BUF_MEM *buf; int no_chain; + int i; if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs) no_chain = 1; @@ -350,7 +351,7 @@ ssl3_output_cert_chain(SSL *s, X509 *x) /* TLSv1 sends a chain with nothing in it, instead of an alert */ buf = s->init_buf; - if (!BUF_MEM_grow_clean(buf, 10)) { + if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) + 6)) { SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB); return (0); } @@ -388,14 +389,14 @@ ssl3_output_cert_chain(SSL *s, X509 *x) return (0); } - l -= 7; + l -= ssl3_handshake_msg_hdr_len(s) + 3; p = (unsigned char *)&(buf->data[4]); l2n3(l, p); l += 3; p = (unsigned char *)&(buf->data[0]); *(p++) = SSL3_MT_CERTIFICATE; l2n3(l, p); - l += 4; + l += 4; /* XXX */ return (l); } diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index 1a619e3d30f..912ac8dbdbb 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.104 2015/09/11 18:08:21 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.105 2015/09/12 15:03:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1947,22 +1947,25 @@ ssl3_pending(const SSL *s) s->s3->rrec.length : 0; } +int +ssl3_handshake_msg_hdr_len(SSL *s) +{ + return (SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH : + SSL3_HM_HEADER_LENGTH); +} + unsigned char * ssl3_handshake_msg_start(SSL *s, uint8_t msg_type) { unsigned char *d, *p; - int hdr_len; d = p = (unsigned char *)s->init_buf->data; - hdr_len = SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH : - SSL3_HM_HEADER_LENGTH; - /* Handshake message type and length. */ *(p++) = msg_type; l2n3(0, p); - return (d + hdr_len); + return (d + ssl3_handshake_msg_hdr_len(s)); } void @@ -1970,18 +1973,14 @@ ssl3_handshake_msg_finish(SSL *s, unsigned int len) { unsigned char *d, *p; uint8_t msg_type; - int hdr_len; d = p = (unsigned char *)s->init_buf->data; - hdr_len = SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH : - SSL3_HM_HEADER_LENGTH; - /* Handshake message length. */ msg_type = *(p++); l2n3(len, p); - s->init_num = hdr_len + (int)len; + s->init_num = ssl3_handshake_msg_hdr_len(s) + (int)len; s->init_off = 0; if (SSL_IS_DTLS(s)) { diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index e9496f9b9d6..dbcbc9b709a 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.119 2015/09/12 13:03:06 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.120 2015/09/12 15:03:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1398,7 +1398,8 @@ ssl3_send_server_key_exchange(SSL *s) kn = 0; } - if (!BUF_MEM_grow_clean(buf, n + 4 + kn)) { + if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) + + n + kn)) { SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_BUF); goto err; @@ -1570,7 +1571,9 @@ ssl3_send_certificate_request(SSL *s) for (i = 0; i < sk_X509_NAME_num(sk); i++) { name = sk_X509_NAME_value(sk, i); j = i2d_X509_NAME(name, NULL); - if (!BUF_MEM_grow_clean(buf, 4 + n + j + 2)) { + if (!BUF_MEM_grow_clean(buf, + ssl3_handshake_msg_hdr_len(s) + n + j + + 2)) { SSLerr( SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB); @@ -2523,8 +2526,8 @@ ssl3_send_newsession_ticket(SSL *s) * session_length + max_enc_block_size (max encrypted session * length) + max_md_size (HMAC). */ - if (!BUF_MEM_grow(s->init_buf, - 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + + if (!BUF_MEM_grow(s->init_buf, ssl3_handshake_msg_hdr_len(s) + + 22 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) { free(senc); return (-1); diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index 130482dbba6..cb7889ffb71 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.126 2015/09/12 14:32:24 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.127 2015/09/12 15:03:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -641,6 +641,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)); long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void)); int ssl3_pending(const SSL *s); +int ssl3_handshake_msg_hdr_len(SSL *s); unsigned char *ssl3_handshake_msg_start(SSL *s, uint8_t htype); void ssl3_handshake_msg_finish(SSL *s, unsigned int len); int ssl3_handshake_write(SSL *s); -- cgit v1.2.3