summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2020-02-21 16:16:59 +0000
committerjsing <>2020-02-21 16:16:59 +0000
commit9c7ce5976e7761ce1b61f406cc3e6a29975dc9b0 (patch)
tree620566ce238f5a9944a475491b2245837be87da5
parentd475a992114f9b89d51e3cf5d2b69b1d188cf334 (diff)
downloadopenbsd-9c7ce5976e7761ce1b61f406cc3e6a29975dc9b0.tar.gz
openbsd-9c7ce5976e7761ce1b61f406cc3e6a29975dc9b0.tar.bz2
openbsd-9c7ce5976e7761ce1b61f406cc3e6a29975dc9b0.zip
Convert the SSL/TLS record creation code to CBB.
ok inoguchi@ tb@
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl_pkt.c46
1 files changed, 28 insertions, 18 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index cfe82a05fc..d3a372fc6d 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_pkt.c,v 1.18 2020/02/21 16:06:00 jsing Exp $ */ 1/* $OpenBSD: ssl_pkt.c,v 1.19 2020/02/21 16:16:59 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -625,8 +625,11 @@ ssl3_create_record(SSL *s, unsigned char *p, int type, const unsigned char *buf,
625{ 625{
626 SSL3_RECORD *wr = &(S3I(s)->wrec); 626 SSL3_RECORD *wr = &(S3I(s)->wrec);
627 SSL_SESSION *sess = s->session; 627 SSL_SESSION *sess = s->session;
628 unsigned char *plen;
629 int eivlen, mac_size; 628 int eivlen, mac_size;
629 uint16_t version;
630 CBB cbb;
631
632 memset(&cbb, 0, sizeof(cbb));
630 633
631 if ((sess == NULL) || (s->internal->enc_write_ctx == NULL) || 634 if ((sess == NULL) || (s->internal->enc_write_ctx == NULL) ||
632 (EVP_MD_CTX_md(s->internal->write_hash) == NULL)) { 635 (EVP_MD_CTX_md(s->internal->write_hash) == NULL)) {
@@ -637,24 +640,25 @@ ssl3_create_record(SSL *s, unsigned char *p, int type, const unsigned char *buf,
637 goto err; 640 goto err;
638 } 641 }
639 642
640 /* write the header */ 643 /*
641 644 * Some servers hang if initial client hello is larger than 256
642 *(p++) = type&0xff; 645 * bytes and record version number > TLS 1.0.
643 wr->type = type;
644
645 *(p++) = (s->version >> 8);
646 /* Some servers hang if iniatial client hello is larger than 256
647 * bytes and record version number > TLS 1.0
648 */ 646 */
647 version = s->version;
649 if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate && 648 if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate &&
650 TLS1_get_version(s) > TLS1_VERSION) 649 TLS1_get_version(s) > TLS1_VERSION)
651 *(p++) = 0x1; 650 version = TLS1_VERSION;
652 else
653 *(p++) = s->version&0xff;
654 651
655 /* field where we are to write out packet length */ 652 if (!CBB_init_fixed(&cbb, p, SSL3_RT_HEADER_LENGTH))
656 plen = p; 653 goto err;
657 p += 2; 654
655 /* Write the header. */
656 if (!CBB_add_u8(&cbb, type))
657 goto err;
658 if (!CBB_add_u16(&cbb, version))
659 goto err;
660
661 p += SSL3_RT_HEADER_LENGTH;
658 662
659 /* Explicit IV length. */ 663 /* Explicit IV length. */
660 eivlen = 0; 664 eivlen = 0;
@@ -671,6 +675,7 @@ ssl3_create_record(SSL *s, unsigned char *p, int type, const unsigned char *buf,
671 } 675 }
672 676
673 /* lets setup the record stuff. */ 677 /* lets setup the record stuff. */
678 wr->type = type;
674 wr->data = p + eivlen; 679 wr->data = p + eivlen;
675 wr->length = (int)len; 680 wr->length = (int)len;
676 wr->input = (unsigned char *)buf; 681 wr->input = (unsigned char *)buf;
@@ -704,17 +709,22 @@ ssl3_create_record(SSL *s, unsigned char *p, int type, const unsigned char *buf,
704 s->method->internal->ssl3_enc->enc(s, 1); 709 s->method->internal->ssl3_enc->enc(s, 1);
705 710
706 /* record length after mac and block padding */ 711 /* record length after mac and block padding */
707 s2n(wr->length, plen); 712 if (!CBB_add_u16(&cbb, wr->length))
713 goto err;
714 if (!CBB_finish(&cbb, NULL, NULL))
715 goto err;
708 716
709 /* we should now have 717 /* we should now have
710 * wr->data pointing to the encrypted data, which is 718 * wr->data pointing to the encrypted data, which is
711 * wr->length long */ 719 * wr->length long */
712 wr->type=type; /* not needed but helps for debugging */ 720 wr->type = type; /* not needed but helps for debugging */
713 wr->length += SSL3_RT_HEADER_LENGTH; 721 wr->length += SSL3_RT_HEADER_LENGTH;
714 722
715 return 1; 723 return 1;
716 724
717 err: 725 err:
726 CBB_cleanup(&cbb);
727
718 return 0; 728 return 0;
719} 729}
720 730