Convert certificate handshake message generation to CBB, with some clean

up and restructure. This also adds CBB based variants of the ssl3_handshake_msg_{start,finish} functions - for the time being these use a CBB to build the messages, then copy back into the init_buf. ok doug@
author: jsing <> 2016-12-06 13:17:52 +0000
committer: jsing <> 2016-12-06 13:17:52 +0000
commit: 21ff89ebbb4bdd4d2a5dee38cb8d4960c200234c (patch)
tree: 1fdde047a06562dfe0a7deea73601bac8a4d15e4
parent: 3472b6f5a290febbe7727d2886dce3ddeb0798e4 (diff)
download: openbsd-21ff89ebbb4bdd4d2a5dee38cb8d4960c200234c.tar.gz
openbsd-21ff89ebbb4bdd4d2a5dee38cb8d4960c200234c.tar.bz2
openbsd-21ff89ebbb4bdd4d2a5dee38cb8d4960c200234c.zip
5 files changed, 168 insertions, 64 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index cfd0fb9b4b..52af34a809 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_both.c,v 1.48 2015/09/12 15:03:39 jsing Exp $ */
+/* $OpenBSD: s3_both.c,v 1.49 2016/12/06 13:17:52 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -316,49 +316,50 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b)
 }
 static int
-ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
+ssl3_add_cert(CBB *cbb, X509 *x)
 {
-        int n;
+        unsigned char *data;
-        unsigned char *p;
+        int cert_len;
+        int ret = 0;
+        CBB cert;
-        n = i2d_X509(x, NULL);
+        if ((cert_len = i2d_X509(x, NULL)) < 0)
-        if (!BUF_MEM_grow_clean(buf, n + (*l) + 3)) {
+                goto err;
-                SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
-                return (-1);
-        }
-        /* XXX */
-        p = (unsigned char *)&(buf->data[*l]);
-        l2n3(n, p);
-        i2d_X509(x, &p);
-        *l += n + 3;
-        return (0);
+        if (!CBB_add_u24_length_prefixed(cbb, &cert))
+                goto err;
+        if (!CBB_add_space(&cert, &data, cert_len))
+                goto err;
+        if (i2d_X509(x, &data) < 0)
+                goto err;
+        if (!CBB_flush(cbb))
+                goto err;
+        ret = 1;
+ err:
+        return (ret);
 }
-unsigned long
+int
-ssl3_output_cert_chain(SSL *s, X509 *x)
+ssl3_output_cert_chain(SSL *s, CBB *cbb, X509 *x)
 {
-        unsigned char *p;
+        int no_chain = 0;
-        unsigned long l = ssl3_handshake_msg_hdr_len(s) + 3;
+        CBB cert_list;
-        BUF_MEM *buf;
+        int ret = 0;
-        int no_chain;
        int i;
+        if (!CBB_add_u24_length_prefixed(cbb, &cert_list))
+                goto err;
        if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
                no_chain = 1;
-        else
-                no_chain = 0;
-        /* TLSv1 sends a chain with nothing in it, instead of an alert */
+        /* TLSv1 sends a chain with nothing in it, instead of an alert. */
-        buf = s->init_buf;
-        if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) + 6)) {
-                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
-                return (0);
-        }
        if (x != NULL) {
                if (no_chain) {
-                        if (ssl3_add_cert_to_buf(buf, &l, x))
+                        if (!ssl3_add_cert(&cert_list, x))
-                                return (0);
+                                goto err;
                } else {
                        X509_STORE_CTX xs_ctx;
@@ -366,7 +367,7 @@ ssl3_output_cert_chain(SSL *s, X509 *x)
                            x, NULL)) {
                                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,
                                    ERR_R_X509_LIB);
-                                return (0);
+                                goto err;
                        }
                        X509_verify_cert(&xs_ctx);
@@ -374,30 +375,29 @@ ssl3_output_cert_chain(SSL *s, X509 *x)
                        ERR_clear_error();
                        for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
                                x = sk_X509_value(xs_ctx.chain, i);
-                                if (ssl3_add_cert_to_buf(buf, &l, x)) {
+                                if (!ssl3_add_cert(&cert_list, x)) {
                                        X509_STORE_CTX_cleanup(&xs_ctx);
-                                        return 0;
+                                        goto err;
                                }
                        }
                        X509_STORE_CTX_cleanup(&xs_ctx);
                }
        }
        /* Thawte special :-) */
        for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
                x = sk_X509_value(s->ctx->extra_certs, i);
-                if (ssl3_add_cert_to_buf(buf, &l, x))
+                if (!ssl3_add_cert(&cert_list, x))
-                        return (0);
+                        goto err;
        }
-        l -= ssl3_handshake_msg_hdr_len(s) + 3;
+        if (!CBB_flush(cbb))
-        p = (unsigned char *)&(buf->data[4]);
+                goto err;
-        l2n3(l, p);
-        l += 3;
+        ret = 1;
-        p = (unsigned char *)&(buf->data[0]);
-        *(p++) = SSL3_MT_CERTIFICATE;
+ err:
-        l2n3(l, p);
+        return (ret);
-        l += 4; /* XXX */
-        return (l);
 }
 /*
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index f39ae7fab3..772bb703dd 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.149 2016/12/04 14:32:30 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.150 2016/12/06 13:17:52 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2433,10 +2433,12 @@ err:
 int
 ssl3_send_client_certificate(SSL *s)
 {
-        X509            *x509 = NULL;
+        EVP_PKEY *pkey = NULL;
-        EVP_PKEY        *pkey = NULL;
+        X509 *x509 = NULL;
-        int              i;
+        CBB cbb, client_cert;
-        unsigned long    l;
+        int i;
+        memset(&cbb, 0, sizeof(cbb));
        if (s->state == SSL3_ST_CW_CERT_A) {
                if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
@@ -2480,14 +2482,25 @@ ssl3_send_client_certificate(SSL *s)
        }
        if (s->state == SSL3_ST_CW_CERT_C) {
+                if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert,
+                    SSL3_MT_CERTIFICATE))
+                        goto err;
+                if (!ssl3_output_cert_chain(s, &client_cert,
+                    (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509))
+                        goto err;
+                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
+                        goto err;
                s->state = SSL3_ST_CW_CERT_D;
-                l = ssl3_output_cert_chain(s,
-                    (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
-                s->init_num = (int)l;
-                s->init_off = 0;
        }
        /* SSL3_ST_CW_CERT_D */
        return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+        CBB_cleanup(&cbb);
+        return (0);
 }
 #define has_bits(i,m)   (((i)&(m)) == (m))
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index e66394a491..db9292172d 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.112 2016/11/06 13:11:40 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.113 2016/12/06 13:17:52 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -148,6 +148,7 @@
 * OTHERWISE.
 */
+#include <limits.h>
 #include <stdio.h>
 #include <openssl/dh.h>
@@ -1725,6 +1726,76 @@ ssl3_handshake_msg_finish(SSL *s, unsigned int len)
 }
 int
+ssl3_handshake_msg_start_cbb(SSL *s, CBB *handshake, CBB *body,
+    uint8_t msg_type)
+{
+        int ret = 0;
+        if (!CBB_init(handshake, SSL3_RT_MAX_PLAIN_LENGTH))
+                goto err;
+        if (!CBB_add_u8(handshake, msg_type))
+                goto err;
+        if (SSL_IS_DTLS(s)) {
+                unsigned char *data;
+                if (!CBB_add_space(handshake, &data, DTLS1_HM_HEADER_LENGTH -
+                    SSL3_HM_HEADER_LENGTH))
+                        goto err;
+        }
+        if (!CBB_add_u24_length_prefixed(handshake, body))
+                goto err;
+        ret = 1;
+ err:
+        return (ret);
+}
+int
+ssl3_handshake_msg_finish_cbb(SSL *s, CBB *handshake)
+{
+        unsigned char *data = NULL;
+        size_t outlen;
+        int ret = 0;
+        if (!CBB_finish(handshake, &data, &outlen))
+                goto err;
+        if (outlen > INT_MAX)
+                goto err;
+        if (!BUF_MEM_grow_clean(s->init_buf, outlen))
+                goto err;
+        memcpy(s->init_buf->data, data, outlen);
+        s->init_num = (int)outlen;
+        s->init_off = 0;
+        if (SSL_IS_DTLS(s)) {
+                unsigned long len;
+                uint8_t msg_type;
+                CBS cbs;
+                CBS_init(&cbs, data, outlen);
+                if (!CBS_get_u8(&cbs, &msg_type))
+                        goto err;
+                len = outlen - ssl3_handshake_msg_hdr_len(s);
+                dtls1_set_message_header(s, data, msg_type, len, 0, len);
+                dtls1_buffer_message(s, 0);
+        }
+        ret = 1;
+ err:
+        free(data);
+        return (ret);
+}
+int
 ssl3_handshake_write(SSL *s)
 {
        if (SSL_IS_DTLS(s))
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index cbdc7bc6bc..c979031933 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.135 2016/12/04 14:20:13 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.136 2016/12/06 13:17:52 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2524,25 +2524,40 @@ err:
 int
 ssl3_send_server_certificate(SSL *s)
 {
-        unsigned long l;
+        CBB cbb, server_cert;
        X509 *x;
+        /*
+         * Server Certificate - RFC 5246, section 7.4.2.
+         */
+        memset(&cbb, 0, sizeof(cbb));
        if (s->state == SSL3_ST_SW_CERT_A) {
-                x = ssl_get_server_send_cert(s);
+                if ((x = ssl_get_server_send_cert(s)) == NULL) {
-                if (x == NULL) {
                        SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,
                            ERR_R_INTERNAL_ERROR);
                        return (0);
                }
-                l = ssl3_output_cert_chain(s, x);
+                if (!ssl3_handshake_msg_start_cbb(s, &cbb, &server_cert,
+                    SSL3_MT_CERTIFICATE))
+                        goto err;
+                if (!ssl3_output_cert_chain(s, &server_cert, x))
+                        goto err;
+                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
+                        goto err;
                s->state = SSL3_ST_SW_CERT_B;
-                s->init_num = (int)l;
-                s->init_off = 0;
        }
        /* SSL3_ST_SW_CERT_B */
        return (ssl3_handshake_write(s));
+ err:
+        CBB_cleanup(&cbb);
+        return (0);
 }
 /* send a new session ticket (not necessarily for a new session) */
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index c7ae289a3a..89fb83eb9a 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.137 2016/12/04 14:32:30 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.138 2016/12/06 13:17:52 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -160,6 +160,8 @@
 #include <openssl/ssl.h>
 #include <openssl/stack.h>
+#include "bytestring.h"
 __BEGIN_HIDDEN_DECLS
 #define c2l(c,l)        (l = ((unsigned long)(*((c)++)))     , \
@@ -617,7 +619,7 @@ int ssl3_renegotiate_check(SSL *ssl);
 int ssl3_dispatch_alert(SSL *s);
 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
+int ssl3_output_cert_chain(SSL *s, CBB *cbb, X509 *x);
 SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
    STACK_OF(SSL_CIPHER) *srvr);
 int     ssl3_setup_buffers(SSL *s);
@@ -644,6 +646,9 @@ int	ssl3_pending(const SSL *s);
 int ssl3_handshake_msg_hdr_len(SSL *s);
 unsigned char *ssl3_handshake_msg_start(SSL *s, uint8_t htype);
 void ssl3_handshake_msg_finish(SSL *s, unsigned int len);
+int ssl3_handshake_msg_start_cbb(SSL *s, CBB *handshake, CBB *body,
+    uint8_t msg_type);
+int ssl3_handshake_msg_finish_cbb(SSL *s, CBB *handshake);
 int ssl3_handshake_write(SSL *s);
 void tls1_record_sequence_increment(unsigned char *seq);
author	jsing <>	2016-12-06 13:17:52 +0000
committer	jsing <>	2016-12-06 13:17:52 +0000
commit	21ff89ebbb4bdd4d2a5dee38cb8d4960c200234c (patch)
tree	1fdde047a06562dfe0a7deea73601bac8a4d15e4
parent	3472b6f5a290febbe7727d2886dce3ddeb0798e4 (diff)
download	openbsd-21ff89ebbb4bdd4d2a5dee38cb8d4960c200234c.tar.gz openbsd-21ff89ebbb4bdd4d2a5dee38cb8d4960c200234c.tar.bz2 openbsd-21ff89ebbb4bdd4d2a5dee38cb8d4960c200234c.zip

diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index cfd0fb9b4b..52af34a809 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_both.c,v 1.48 2015/09/12 15:03:39 jsing Exp $ */	1	/* $OpenBSD: s3_both.c,v 1.49 2016/12/06 13:17:52 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -316,49 +316,50 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b)
316	}	316	}
317		317
318	static int	318	static int
319	ssl3_add_cert_to_buf(BUF_MEM buf, unsigned long l, X509 *x)	319	ssl3_add_cert(CBB cbb, X509 x)
320	{	320	{
321	int n;	321	unsigned char *data;
322	unsigned char *p;	322	int cert_len;
		323	int ret = 0;
		324	CBB cert;
323		325
324	n = i2d_X509(x, NULL);	326	if ((cert_len = i2d_X509(x, NULL)) < 0)
325	if (!BUF_MEM_grow_clean(buf, n + (*l) + 3)) {	327	goto err;
326	SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
327	return (-1);
328	}
329	/* XXX */
330	p = (unsigned char )&(buf->data[l]);
331	l2n3(n, p);
332	i2d_X509(x, &p);
333	*l += n + 3;
334		328
335	return (0);	329	if (!CBB_add_u24_length_prefixed(cbb, &cert))
		330	goto err;
		331	if (!CBB_add_space(&cert, &data, cert_len))
		332	goto err;
		333	if (i2d_X509(x, &data) < 0)
		334	goto err;
		335	if (!CBB_flush(cbb))
		336	goto err;
		337
		338	ret = 1;
		339
		340	err:
		341	return (ret);
336	}	342	}
337		343
338	unsigned long	344	int
339	ssl3_output_cert_chain(SSL s, X509 x)	345	ssl3_output_cert_chain(SSL s, CBB cbb, X509 *x)
340	{	346	{
341	unsigned char *p;	347	int no_chain = 0;
342	unsigned long l = ssl3_handshake_msg_hdr_len(s) + 3;	348	CBB cert_list;
343	BUF_MEM *buf;	349	int ret = 0;
344	int no_chain;
345	int i;	350	int i;
346		351
		352	if (!CBB_add_u24_length_prefixed(cbb, &cert_list))
		353	goto err;
		354
347	if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) \|\| s->ctx->extra_certs)	355	if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) \|\| s->ctx->extra_certs)
348	no_chain = 1;	356	no_chain = 1;
349	else
350	no_chain = 0;
351		357
352	/* TLSv1 sends a chain with nothing in it, instead of an alert */	358	/* TLSv1 sends a chain with nothing in it, instead of an alert. */
353	buf = s->init_buf;
354	if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) + 6)) {
355	SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
356	return (0);
357	}
358	if (x != NULL) {	359	if (x != NULL) {
359	if (no_chain) {	360	if (no_chain) {
360	if (ssl3_add_cert_to_buf(buf, &l, x))	361	if (!ssl3_add_cert(&cert_list, x))
361	return (0);	362	goto err;
362	} else {	363	} else {
363	X509_STORE_CTX xs_ctx;	364	X509_STORE_CTX xs_ctx;
364		365
@@ -366,7 +367,7 @@ ssl3_output_cert_chain(SSL s, X509 x)
366	x, NULL)) {	367	x, NULL)) {
367	SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,	368	SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,
368	ERR_R_X509_LIB);	369	ERR_R_X509_LIB);
369	return (0);	370	goto err;
370	}	371	}
371	X509_verify_cert(&xs_ctx);	372	X509_verify_cert(&xs_ctx);
372		373
@@ -374,30 +375,29 @@ ssl3_output_cert_chain(SSL s, X509 x)
374	ERR_clear_error();	375	ERR_clear_error();
375	for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {	376	for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
376	x = sk_X509_value(xs_ctx.chain, i);	377	x = sk_X509_value(xs_ctx.chain, i);
377	if (ssl3_add_cert_to_buf(buf, &l, x)) {	378	if (!ssl3_add_cert(&cert_list, x)) {
378	X509_STORE_CTX_cleanup(&xs_ctx);	379	X509_STORE_CTX_cleanup(&xs_ctx);
379	return 0;	380	goto err;
380	}	381	}
381	}	382	}
382	X509_STORE_CTX_cleanup(&xs_ctx);	383	X509_STORE_CTX_cleanup(&xs_ctx);
383	}	384	}
384	}	385	}
		386
385	/* Thawte special :-) */	387	/* Thawte special :-) */
386	for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {	388	for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
387	x = sk_X509_value(s->ctx->extra_certs, i);	389	x = sk_X509_value(s->ctx->extra_certs, i);
388	if (ssl3_add_cert_to_buf(buf, &l, x))	390	if (!ssl3_add_cert(&cert_list, x))
389	return (0);	391	goto err;
390	}	392	}
391		393
392	l -= ssl3_handshake_msg_hdr_len(s) + 3;	394	if (!CBB_flush(cbb))
393	p = (unsigned char *)&(buf->data[4]);	395	goto err;
394	l2n3(l, p);	396
395	l += 3;	397	ret = 1;
396	p = (unsigned char *)&(buf->data[0]);	398
397	*(p++) = SSL3_MT_CERTIFICATE;	399	err:
398	l2n3(l, p);	400	return (ret);
399	l += 4; /* XXX */
400	return (l);
401	}	401	}
402		402
403	/*	403	/*


diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index f39ae7fab3..772bb703dd 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.149 2016/12/04 14:32:30 jsing Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.150 2016/12/06 13:17:52 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2433,10 +2433,12 @@ err:
2433	int	2433	int
2434	ssl3_send_client_certificate(SSL *s)	2434	ssl3_send_client_certificate(SSL *s)
2435	{	2435	{
2436	X509 *x509 = NULL;	2436	EVP_PKEY *pkey = NULL;
2437	EVP_PKEY *pkey = NULL;	2437	X509 *x509 = NULL;
2438	int i;	2438	CBB cbb, client_cert;
2439	unsigned long l;	2439	int i;
		2440
		2441	memset(&cbb, 0, sizeof(cbb));
2440		2442
2441	if (s->state == SSL3_ST_CW_CERT_A) {	2443	if (s->state == SSL3_ST_CW_CERT_A) {
2442	if ((s->cert == NULL) \|\| (s->cert->key->x509 == NULL) \|\|	2444	if ((s->cert == NULL) \|\| (s->cert->key->x509 == NULL) \|\|
@@ -2480,14 +2482,25 @@ ssl3_send_client_certificate(SSL *s)
2480	}	2482	}
2481		2483
2482	if (s->state == SSL3_ST_CW_CERT_C) {	2484	if (s->state == SSL3_ST_CW_CERT_C) {
		2485	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert,
		2486	SSL3_MT_CERTIFICATE))
		2487	goto err;
		2488	if (!ssl3_output_cert_chain(s, &client_cert,
		2489	(s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509))
		2490	goto err;
		2491	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
		2492	goto err;
		2493
2483	s->state = SSL3_ST_CW_CERT_D;	2494	s->state = SSL3_ST_CW_CERT_D;
2484	l = ssl3_output_cert_chain(s,
2485	(s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
2486	s->init_num = (int)l;
2487	s->init_off = 0;
2488	}	2495	}
		2496
2489	/* SSL3_ST_CW_CERT_D */	2497	/* SSL3_ST_CW_CERT_D */
2490	return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));	2498	return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
		2499
		2500	err:
		2501	CBB_cleanup(&cbb);
		2502
		2503	return (0);
2491	}	2504	}
2492		2505
2493	#define has_bits(i,m) (((i)&(m)) == (m))	2506	#define has_bits(i,m) (((i)&(m)) == (m))


diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index e66394a491..db9292172d 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.112 2016/11/06 13:11:40 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.113 2016/12/06 13:17:52 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -148,6 +148,7 @@
148	* OTHERWISE.	148	* OTHERWISE.
149	*/	149	*/
150		150
		151	#include <limits.h>
151	#include <stdio.h>	152	#include <stdio.h>
152		153
153	#include <openssl/dh.h>	154	#include <openssl/dh.h>
@@ -1725,6 +1726,76 @@ ssl3_handshake_msg_finish(SSL *s, unsigned int len)
1725	}	1726	}
1726		1727
1727	int	1728	int
		1729	ssl3_handshake_msg_start_cbb(SSL s, CBB handshake, CBB *body,
		1730	uint8_t msg_type)
		1731	{
		1732	int ret = 0;
		1733
		1734	if (!CBB_init(handshake, SSL3_RT_MAX_PLAIN_LENGTH))
		1735	goto err;
		1736	if (!CBB_add_u8(handshake, msg_type))
		1737	goto err;
		1738	if (SSL_IS_DTLS(s)) {
		1739	unsigned char *data;
		1740
		1741	if (!CBB_add_space(handshake, &data, DTLS1_HM_HEADER_LENGTH -
		1742	SSL3_HM_HEADER_LENGTH))
		1743	goto err;
		1744	}
		1745	if (!CBB_add_u24_length_prefixed(handshake, body))
		1746	goto err;
		1747
		1748	ret = 1;
		1749
		1750	err:
		1751	return (ret);
		1752	}
		1753
		1754	int
		1755	ssl3_handshake_msg_finish_cbb(SSL s, CBB handshake)
		1756	{
		1757	unsigned char *data = NULL;
		1758	size_t outlen;
		1759	int ret = 0;
		1760
		1761	if (!CBB_finish(handshake, &data, &outlen))
		1762	goto err;
		1763
		1764	if (outlen > INT_MAX)
		1765	goto err;
		1766
		1767	if (!BUF_MEM_grow_clean(s->init_buf, outlen))
		1768	goto err;
		1769
		1770	memcpy(s->init_buf->data, data, outlen);
		1771
		1772	s->init_num = (int)outlen;
		1773	s->init_off = 0;
		1774
		1775	if (SSL_IS_DTLS(s)) {
		1776	unsigned long len;
		1777	uint8_t msg_type;
		1778	CBS cbs;
		1779
		1780	CBS_init(&cbs, data, outlen);
		1781	if (!CBS_get_u8(&cbs, &msg_type))
		1782	goto err;
		1783
		1784	len = outlen - ssl3_handshake_msg_hdr_len(s);
		1785
		1786	dtls1_set_message_header(s, data, msg_type, len, 0, len);
		1787	dtls1_buffer_message(s, 0);
		1788	}
		1789
		1790	ret = 1;
		1791
		1792	err:
		1793	free(data);
		1794
		1795	return (ret);
		1796	}
		1797
		1798	int
1728	ssl3_handshake_write(SSL *s)	1799	ssl3_handshake_write(SSL *s)
1729	{	1800	{
1730	if (SSL_IS_DTLS(s))	1801	if (SSL_IS_DTLS(s))


diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index cbdc7bc6bc..c979031933 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.135 2016/12/04 14:20:13 jsing Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.136 2016/12/06 13:17:52 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2524,25 +2524,40 @@ err:
2524	int	2524	int
2525	ssl3_send_server_certificate(SSL *s)	2525	ssl3_send_server_certificate(SSL *s)
2526	{	2526	{
2527	unsigned long l;	2527	CBB cbb, server_cert;
2528	X509 *x;	2528	X509 *x;
2529		2529
		2530	/*
		2531	* Server Certificate - RFC 5246, section 7.4.2.
		2532	*/
		2533
		2534	memset(&cbb, 0, sizeof(cbb));
		2535
2530	if (s->state == SSL3_ST_SW_CERT_A) {	2536	if (s->state == SSL3_ST_SW_CERT_A) {
2531	x = ssl_get_server_send_cert(s);	2537	if ((x = ssl_get_server_send_cert(s)) == NULL) {
2532	if (x == NULL) {
2533	SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,	2538	SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,
2534	ERR_R_INTERNAL_ERROR);	2539	ERR_R_INTERNAL_ERROR);
2535	return (0);	2540	return (0);
2536	}	2541	}
2537		2542
2538	l = ssl3_output_cert_chain(s, x);	2543	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &server_cert,
		2544	SSL3_MT_CERTIFICATE))
		2545	goto err;
		2546	if (!ssl3_output_cert_chain(s, &server_cert, x))
		2547	goto err;
		2548	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
		2549	goto err;
		2550
2539	s->state = SSL3_ST_SW_CERT_B;	2551	s->state = SSL3_ST_SW_CERT_B;
2540	s->init_num = (int)l;
2541	s->init_off = 0;
2542	}	2552	}
2543		2553
2544	/* SSL3_ST_SW_CERT_B */	2554	/* SSL3_ST_SW_CERT_B */
2545	return (ssl3_handshake_write(s));	2555	return (ssl3_handshake_write(s));
		2556
		2557	err:
		2558	CBB_cleanup(&cbb);
		2559
		2560	return (0);
2546	}	2561	}
2547		2562
2548	/* send a new session ticket (not necessarily for a new session) */	2563	/* send a new session ticket (not necessarily for a new session) */


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index c7ae289a3a..89fb83eb9a 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.137 2016/12/04 14:32:30 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.138 2016/12/06 13:17:52 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -160,6 +160,8 @@
160	#include <openssl/ssl.h>	160	#include <openssl/ssl.h>
161	#include <openssl/stack.h>	161	#include <openssl/stack.h>
162		162
		163	#include "bytestring.h"
		164
163	__BEGIN_HIDDEN_DECLS	165	__BEGIN_HIDDEN_DECLS
164		166
165	#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \	167	#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
@@ -617,7 +619,7 @@ int ssl3_renegotiate_check(SSL *ssl);
617	int ssl3_dispatch_alert(SSL *s);	619	int ssl3_dispatch_alert(SSL *s);
618	int ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek);	620	int ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek);
619	int ssl3_write_bytes(SSL s, int type, const void buf, int len);	621	int ssl3_write_bytes(SSL s, int type, const void buf, int len);
620	unsigned long ssl3_output_cert_chain(SSL s, X509 x);	622	int ssl3_output_cert_chain(SSL s, CBB cbb, X509 *x);
621	SSL_CIPHER ssl3_choose_cipher(SSL ssl, STACK_OF(SSL_CIPHER) *clnt,	623	SSL_CIPHER ssl3_choose_cipher(SSL ssl, STACK_OF(SSL_CIPHER) *clnt,
622	STACK_OF(SSL_CIPHER) *srvr);	624	STACK_OF(SSL_CIPHER) *srvr);
623	int ssl3_setup_buffers(SSL *s);	625	int ssl3_setup_buffers(SSL *s);
@@ -644,6 +646,9 @@ int ssl3_pending(const SSL *s);
644	int ssl3_handshake_msg_hdr_len(SSL *s);	646	int ssl3_handshake_msg_hdr_len(SSL *s);
645	unsigned char ssl3_handshake_msg_start(SSL s, uint8_t htype);	647	unsigned char ssl3_handshake_msg_start(SSL s, uint8_t htype);
646	void ssl3_handshake_msg_finish(SSL *s, unsigned int len);	648	void ssl3_handshake_msg_finish(SSL *s, unsigned int len);
		649	int ssl3_handshake_msg_start_cbb(SSL s, CBB handshake, CBB *body,
		650	uint8_t msg_type);
		651	int ssl3_handshake_msg_finish_cbb(SSL s, CBB handshake);
647	int ssl3_handshake_write(SSL *s);	652	int ssl3_handshake_write(SSL *s);
648		653
649	void tls1_record_sequence_increment(unsigned char *seq);	654	void tls1_record_sequence_increment(unsigned char *seq);