Uncopy and unpaste dtls1_send_newsession_ticket() - another 111 lines of

code deduped.
author: jsing <> 2015-09-12 15:08:54 +0000
committer: jsing <> 2015-09-12 15:08:54 +0000
commit: 9cf967eb19ffcd73b7cde6533139e64730f8648c (patch)
tree: 2024d99bc751012df7188cede1a7a6918d23975d
parent: a2911aca708333d0aa73876f4fece0da3b4b7475 (diff)
download: openbsd-9cf967eb19ffcd73b7cde6533139e64730f8648c.tar.gz
openbsd-9cf967eb19ffcd73b7cde6533139e64730f8648c.tar.bz2
openbsd-9cf967eb19ffcd73b7cde6533139e64730f8648c.zip
4 files changed, 6 insertions, 222 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 7eae8ed4e4..1d50ac2388 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.63 2015/09/12 14:32:24 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.64 2015/09/12 15:08:54 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -537,7 +537,7 @@ dtls1_accept(SSL *s)
                case SSL3_ST_SW_SESSION_TICKET_A:
                case SSL3_ST_SW_SESSION_TICKET_B:
-                        ret = dtls1_send_newsession_ticket(s);
+                        ret = ssl3_send_newsession_ticket(s);
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_SW_CHANGE_A;
@@ -725,110 +725,3 @@ dtls1_send_server_certificate(SSL *s)
        /* SSL3_ST_SW_CERT_B */
        return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
 }
-int
-dtls1_send_newsession_ticket(SSL *s)
-{
-        if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
-                unsigned char *p, *senc, *macstart;
-                int len, slen;
-                unsigned int hlen, msg_len;
-                EVP_CIPHER_CTX ctx;
-                HMAC_CTX hctx;
-                SSL_CTX *tctx = s->initial_ctx;
-                unsigned char iv[EVP_MAX_IV_LENGTH];
-                unsigned char key_name[16];
-                /* get session encoding length */
-                slen = i2d_SSL_SESSION(s->session, NULL);
-                /* Some length values are 16 bits, so forget it if session is
-                 * too long
-                 */
-                if (slen > 0xFF00)
-                        return -1;
-                /* Grow buffer if need be: the length calculation is as
-                 * follows 12 (DTLS handshake message header) +
-                 * 4 (ticket lifetime hint) + 2 (ticket length) +
-                 * 16 (key name) + max_iv_len (iv length) +
-                 * session_length + max_enc_block_size (max encrypted session
-                 * length) + max_md_size (HMAC).
-                 */
-                if (!BUF_MEM_grow(s->init_buf,
-                    DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
-                    EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
-                        return -1;
-                senc = malloc(slen);
-                if (!senc)
-                        return -1;
-                p = senc;
-                i2d_SSL_SESSION(s->session, &p);
-                p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
-                EVP_CIPHER_CTX_init(&ctx);
-                HMAC_CTX_init(&hctx);
-                /* Initialize HMAC and cipher contexts. If callback present
-                 * it does all the work otherwise use generated values
-                 * from parent ctx.
-                 */
-                if (tctx->tlsext_ticket_key_cb) {
-                        if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
-                            &hctx, 1) < 0) {
-                                free(senc);
-                                EVP_CIPHER_CTX_cleanup(&ctx);
-                                return -1;
-                        }
-                } else {
-                        arc4random_buf(iv, 16);
-                        EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-                            tctx->tlsext_tick_aes_key, iv);
-                        HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
-                            tlsext_tick_md(), NULL);
-                        memcpy(key_name, tctx->tlsext_tick_key_name, 16);
-                }
-                l2n(s->session->tlsext_tick_lifetime_hint, p);
-                /* Skip ticket length for now */
-                p += 2;
-                /* Output key name */
-                macstart = p;
-                memcpy(p, key_name, 16);
-                p += 16;
-                /* output IV */
-                memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
-                p += EVP_CIPHER_CTX_iv_length(&ctx);
-                /* Encrypt session data */
-                EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
-                p += len;
-                EVP_EncryptFinal(&ctx, p, &len);
-                p += len;
-                EVP_CIPHER_CTX_cleanup(&ctx);
-                HMAC_Update(&hctx, macstart, p - macstart);
-                HMAC_Final(&hctx, p, &hlen);
-                HMAC_CTX_cleanup(&hctx);
-                p += hlen;
-                /* Now write out lengths: p points to end of data written */
-                /* Total length */
-                len = p - (unsigned char *)(s->init_buf->data);
-                /* Ticket length */
-                p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
-                s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
-                /* number of bytes to write */
-                s->init_num = len;
-                s->state = SSL3_ST_SW_SESSION_TICKET_B;
-                s->init_off = 0;
-                free(senc);
-                /* XDTLS:  set message header ? */
-                msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
-                dtls1_set_message_header(s, (void *)s->init_buf->data,
-                SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
-                /* buffer the message to handle re-xmits */
-                dtls1_buffer_message(s, 0);
-        }
-        /* SSL3_ST_SW_SESSION_TICKET_B */
-        return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
-}
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 7eae8ed4e4..1d50ac2388 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.63 2015/09/12 14:32:24 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.64 2015/09/12 15:08:54 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -537,7 +537,7 @@ dtls1_accept(SSL *s)
                case SSL3_ST_SW_SESSION_TICKET_A:
                case SSL3_ST_SW_SESSION_TICKET_B:
-                        ret = dtls1_send_newsession_ticket(s);
+                        ret = ssl3_send_newsession_ticket(s);
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_SW_CHANGE_A;
@@ -725,110 +725,3 @@ dtls1_send_server_certificate(SSL *s)
        /* SSL3_ST_SW_CERT_B */
        return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
 }
-int
-dtls1_send_newsession_ticket(SSL *s)
-{
-        if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
-                unsigned char *p, *senc, *macstart;
-                int len, slen;
-                unsigned int hlen, msg_len;
-                EVP_CIPHER_CTX ctx;
-                HMAC_CTX hctx;
-                SSL_CTX *tctx = s->initial_ctx;
-                unsigned char iv[EVP_MAX_IV_LENGTH];
-                unsigned char key_name[16];
-                /* get session encoding length */
-                slen = i2d_SSL_SESSION(s->session, NULL);
-                /* Some length values are 16 bits, so forget it if session is
-                 * too long
-                 */
-                if (slen > 0xFF00)
-                        return -1;
-                /* Grow buffer if need be: the length calculation is as
-                 * follows 12 (DTLS handshake message header) +
-                 * 4 (ticket lifetime hint) + 2 (ticket length) +
-                 * 16 (key name) + max_iv_len (iv length) +
-                 * session_length + max_enc_block_size (max encrypted session
-                 * length) + max_md_size (HMAC).
-                 */
-                if (!BUF_MEM_grow(s->init_buf,
-                    DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
-                    EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
-                        return -1;
-                senc = malloc(slen);
-                if (!senc)
-                        return -1;
-                p = senc;
-                i2d_SSL_SESSION(s->session, &p);
-                p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
-                EVP_CIPHER_CTX_init(&ctx);
-                HMAC_CTX_init(&hctx);
-                /* Initialize HMAC and cipher contexts. If callback present
-                 * it does all the work otherwise use generated values
-                 * from parent ctx.
-                 */
-                if (tctx->tlsext_ticket_key_cb) {
-                        if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
-                            &hctx, 1) < 0) {
-                                free(senc);
-                                EVP_CIPHER_CTX_cleanup(&ctx);
-                                return -1;
-                        }
-                } else {
-                        arc4random_buf(iv, 16);
-                        EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-                            tctx->tlsext_tick_aes_key, iv);
-                        HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
-                            tlsext_tick_md(), NULL);
-                        memcpy(key_name, tctx->tlsext_tick_key_name, 16);
-                }
-                l2n(s->session->tlsext_tick_lifetime_hint, p);
-                /* Skip ticket length for now */
-                p += 2;
-                /* Output key name */
-                macstart = p;
-                memcpy(p, key_name, 16);
-                p += 16;
-                /* output IV */
-                memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
-                p += EVP_CIPHER_CTX_iv_length(&ctx);
-                /* Encrypt session data */
-                EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
-                p += len;
-                EVP_EncryptFinal(&ctx, p, &len);
-                p += len;
-                EVP_CIPHER_CTX_cleanup(&ctx);
-                HMAC_Update(&hctx, macstart, p - macstart);
-                HMAC_Final(&hctx, p, &hlen);
-                HMAC_CTX_cleanup(&hctx);
-                p += hlen;
-                /* Now write out lengths: p points to end of data written */
-                /* Total length */
-                len = p - (unsigned char *)(s->init_buf->data);
-                /* Ticket length */
-                p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
-                s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
-                /* number of bytes to write */
-                s->init_num = len;
-                s->state = SSL3_ST_SW_SESSION_TICKET_B;
-                s->init_off = 0;
-                free(senc);
-                /* XDTLS:  set message header ? */
-                msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
-                dtls1_set_message_header(s, (void *)s->init_buf->data,
-                SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
-                /* buffer the message to handle re-xmits */
-                dtls1_buffer_message(s, 0);
-        }
-        /* SSL3_ST_SW_SESSION_TICKET_B */
-        return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
-}
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index cb7889ffb7..e05578e4a3 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.127 2015/09/12 15:03:39 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.128 2015/09/12 15:08:54 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -691,7 +691,6 @@ void dtls1_start_timer(SSL *s);
 void dtls1_stop_timer(SSL *s);
 int dtls1_is_timer_expired(SSL *s);
 void dtls1_double_timeout(SSL *s);
-int dtls1_send_newsession_ticket(SSL *s);
 unsigned int dtls1_min_mtu(void);
 /* some client-only functions */
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index cb7889ffb7..e05578e4a3 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.127 2015/09/12 15:03:39 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.128 2015/09/12 15:08:54 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -691,7 +691,6 @@ void dtls1_start_timer(SSL *s);
 void dtls1_stop_timer(SSL *s);
 int dtls1_is_timer_expired(SSL *s);
 void dtls1_double_timeout(SSL *s);
-int dtls1_send_newsession_ticket(SSL *s);
 unsigned int dtls1_min_mtu(void);
 /* some client-only functions */
author	jsing <>	2015-09-12 15:08:54 +0000
committer	jsing <>	2015-09-12 15:08:54 +0000
commit	9cf967eb19ffcd73b7cde6533139e64730f8648c (patch)
tree	2024d99bc751012df7188cede1a7a6918d23975d
parent	a2911aca708333d0aa73876f4fece0da3b4b7475 (diff)
download	openbsd-9cf967eb19ffcd73b7cde6533139e64730f8648c.tar.gz openbsd-9cf967eb19ffcd73b7cde6533139e64730f8648c.tar.bz2 openbsd-9cf967eb19ffcd73b7cde6533139e64730f8648c.zip

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 7eae8ed4e4..1d50ac2388 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_srvr.c,v 1.63 2015/09/12 14:32:24 jsing Exp $ */	1	/* $OpenBSD: d1_srvr.c,v 1.64 2015/09/12 15:08:54 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -537,7 +537,7 @@ dtls1_accept(SSL *s)
537		537
538	case SSL3_ST_SW_SESSION_TICKET_A:	538	case SSL3_ST_SW_SESSION_TICKET_A:
539	case SSL3_ST_SW_SESSION_TICKET_B:	539	case SSL3_ST_SW_SESSION_TICKET_B:
540	ret = dtls1_send_newsession_ticket(s);	540	ret = ssl3_send_newsession_ticket(s);
541	if (ret <= 0)	541	if (ret <= 0)
542	goto end;	542	goto end;
543	s->state = SSL3_ST_SW_CHANGE_A;	543	s->state = SSL3_ST_SW_CHANGE_A;
@@ -725,110 +725,3 @@ dtls1_send_server_certificate(SSL *s)
725	/* SSL3_ST_SW_CERT_B */	725	/* SSL3_ST_SW_CERT_B */
726	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));	726	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
727	}	727	}
728
729	int
730	dtls1_send_newsession_ticket(SSL *s)
731	{
732	if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
733	unsigned char p, senc, *macstart;
734	int len, slen;
735	unsigned int hlen, msg_len;
736	EVP_CIPHER_CTX ctx;
737	HMAC_CTX hctx;
738	SSL_CTX *tctx = s->initial_ctx;
739	unsigned char iv[EVP_MAX_IV_LENGTH];
740	unsigned char key_name[16];
741
742	/* get session encoding length */
743	slen = i2d_SSL_SESSION(s->session, NULL);
744	/* Some length values are 16 bits, so forget it if session is
745	* too long
746	*/
747	if (slen > 0xFF00)
748	return -1;
749	/* Grow buffer if need be: the length calculation is as
750	* follows 12 (DTLS handshake message header) +
751	* 4 (ticket lifetime hint) + 2 (ticket length) +
752	* 16 (key name) + max_iv_len (iv length) +
753	* session_length + max_enc_block_size (max encrypted session
754	* length) + max_md_size (HMAC).
755	*/
756	if (!BUF_MEM_grow(s->init_buf,
757	DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
758	EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
759	return -1;
760	senc = malloc(slen);
761	if (!senc)
762	return -1;
763	p = senc;
764	i2d_SSL_SESSION(s->session, &p);
765
766	p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
767	EVP_CIPHER_CTX_init(&ctx);
768	HMAC_CTX_init(&hctx);
769	/* Initialize HMAC and cipher contexts. If callback present
770	* it does all the work otherwise use generated values
771	* from parent ctx.
772	*/
773	if (tctx->tlsext_ticket_key_cb) {
774	if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
775	&hctx, 1) < 0) {
776	free(senc);
777	EVP_CIPHER_CTX_cleanup(&ctx);
778	return -1;
779	}
780	} else {
781	arc4random_buf(iv, 16);
782	EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
783	tctx->tlsext_tick_aes_key, iv);
784	HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
785	tlsext_tick_md(), NULL);
786	memcpy(key_name, tctx->tlsext_tick_key_name, 16);
787	}
788	l2n(s->session->tlsext_tick_lifetime_hint, p);
789	/* Skip ticket length for now */
790	p += 2;
791	/* Output key name */
792	macstart = p;
793	memcpy(p, key_name, 16);
794	p += 16;
795	/* output IV */
796	memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
797	p += EVP_CIPHER_CTX_iv_length(&ctx);
798	/* Encrypt session data */
799	EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
800	p += len;
801	EVP_EncryptFinal(&ctx, p, &len);
802	p += len;
803	EVP_CIPHER_CTX_cleanup(&ctx);
804
805	HMAC_Update(&hctx, macstart, p - macstart);
806	HMAC_Final(&hctx, p, &hlen);
807	HMAC_CTX_cleanup(&hctx);
808
809	p += hlen;
810	/* Now write out lengths: p points to end of data written */
811	/* Total length */
812	len = p - (unsigned char *)(s->init_buf->data);
813	/* Ticket length */
814	p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
815	s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
816
817	/* number of bytes to write */
818	s->init_num = len;
819	s->state = SSL3_ST_SW_SESSION_TICKET_B;
820	s->init_off = 0;
821	free(senc);
822
823	/* XDTLS: set message header ? */
824	msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
825	dtls1_set_message_header(s, (void *)s->init_buf->data,
826	SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
827
828	/* buffer the message to handle re-xmits */
829	dtls1_buffer_message(s, 0);
830	}
831
832	/* SSL3_ST_SW_SESSION_TICKET_B */
833	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
834	}


diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c index 7eae8ed4e4..1d50ac2388 100644 --- a/src/lib/libssl/src/ssl/d1_srvr.c +++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_srvr.c,v 1.63 2015/09/12 14:32:24 jsing Exp $ */	1	/* $OpenBSD: d1_srvr.c,v 1.64 2015/09/12 15:08:54 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -537,7 +537,7 @@ dtls1_accept(SSL *s)
537		537
538	case SSL3_ST_SW_SESSION_TICKET_A:	538	case SSL3_ST_SW_SESSION_TICKET_A:
539	case SSL3_ST_SW_SESSION_TICKET_B:	539	case SSL3_ST_SW_SESSION_TICKET_B:
540	ret = dtls1_send_newsession_ticket(s);	540	ret = ssl3_send_newsession_ticket(s);
541	if (ret <= 0)	541	if (ret <= 0)
542	goto end;	542	goto end;
543	s->state = SSL3_ST_SW_CHANGE_A;	543	s->state = SSL3_ST_SW_CHANGE_A;
@@ -725,110 +725,3 @@ dtls1_send_server_certificate(SSL *s)
725	/* SSL3_ST_SW_CERT_B */	725	/* SSL3_ST_SW_CERT_B */
726	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));	726	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
727	}	727	}
728
729	int
730	dtls1_send_newsession_ticket(SSL *s)
731	{
732	if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
733	unsigned char p, senc, *macstart;
734	int len, slen;
735	unsigned int hlen, msg_len;
736	EVP_CIPHER_CTX ctx;
737	HMAC_CTX hctx;
738	SSL_CTX *tctx = s->initial_ctx;
739	unsigned char iv[EVP_MAX_IV_LENGTH];
740	unsigned char key_name[16];
741
742	/* get session encoding length */
743	slen = i2d_SSL_SESSION(s->session, NULL);
744	/* Some length values are 16 bits, so forget it if session is
745	* too long
746	*/
747	if (slen > 0xFF00)
748	return -1;
749	/* Grow buffer if need be: the length calculation is as
750	* follows 12 (DTLS handshake message header) +
751	* 4 (ticket lifetime hint) + 2 (ticket length) +
752	* 16 (key name) + max_iv_len (iv length) +
753	* session_length + max_enc_block_size (max encrypted session
754	* length) + max_md_size (HMAC).
755	*/
756	if (!BUF_MEM_grow(s->init_buf,
757	DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
758	EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
759	return -1;
760	senc = malloc(slen);
761	if (!senc)
762	return -1;
763	p = senc;
764	i2d_SSL_SESSION(s->session, &p);
765
766	p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
767	EVP_CIPHER_CTX_init(&ctx);
768	HMAC_CTX_init(&hctx);
769	/* Initialize HMAC and cipher contexts. If callback present
770	* it does all the work otherwise use generated values
771	* from parent ctx.
772	*/
773	if (tctx->tlsext_ticket_key_cb) {
774	if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
775	&hctx, 1) < 0) {
776	free(senc);
777	EVP_CIPHER_CTX_cleanup(&ctx);
778	return -1;
779	}
780	} else {
781	arc4random_buf(iv, 16);
782	EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
783	tctx->tlsext_tick_aes_key, iv);
784	HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
785	tlsext_tick_md(), NULL);
786	memcpy(key_name, tctx->tlsext_tick_key_name, 16);
787	}
788	l2n(s->session->tlsext_tick_lifetime_hint, p);
789	/* Skip ticket length for now */
790	p += 2;
791	/* Output key name */
792	macstart = p;
793	memcpy(p, key_name, 16);
794	p += 16;
795	/* output IV */
796	memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
797	p += EVP_CIPHER_CTX_iv_length(&ctx);
798	/* Encrypt session data */
799	EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
800	p += len;
801	EVP_EncryptFinal(&ctx, p, &len);
802	p += len;
803	EVP_CIPHER_CTX_cleanup(&ctx);
804
805	HMAC_Update(&hctx, macstart, p - macstart);
806	HMAC_Final(&hctx, p, &hlen);
807	HMAC_CTX_cleanup(&hctx);
808
809	p += hlen;
810	/* Now write out lengths: p points to end of data written */
811	/* Total length */
812	len = p - (unsigned char *)(s->init_buf->data);
813	/* Ticket length */
814	p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
815	s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
816
817	/* number of bytes to write */
818	s->init_num = len;
819	s->state = SSL3_ST_SW_SESSION_TICKET_B;
820	s->init_off = 0;
821	free(senc);
822
823	/* XDTLS: set message header ? */
824	msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
825	dtls1_set_message_header(s, (void *)s->init_buf->data,
826	SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
827
828	/* buffer the message to handle re-xmits */
829	dtls1_buffer_message(s, 0);
830	}
831
832	/* SSL3_ST_SW_SESSION_TICKET_B */
833	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
834	}


diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index cb7889ffb7..e05578e4a3 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.127 2015/09/12 15:03:39 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.128 2015/09/12 15:08:54 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -691,7 +691,6 @@ void dtls1_start_timer(SSL *s);
691	void dtls1_stop_timer(SSL *s);	691	void dtls1_stop_timer(SSL *s);
692	int dtls1_is_timer_expired(SSL *s);	692	int dtls1_is_timer_expired(SSL *s);
693	void dtls1_double_timeout(SSL *s);	693	void dtls1_double_timeout(SSL *s);
694	int dtls1_send_newsession_ticket(SSL *s);
695	unsigned int dtls1_min_mtu(void);	694	unsigned int dtls1_min_mtu(void);
696		695
697	/* some client-only functions */	696	/* some client-only functions */


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index cb7889ffb7..e05578e4a3 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.127 2015/09/12 15:03:39 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.128 2015/09/12 15:08:54 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -691,7 +691,6 @@ void dtls1_start_timer(SSL *s);
691	void dtls1_stop_timer(SSL *s);	691	void dtls1_stop_timer(SSL *s);
692	int dtls1_is_timer_expired(SSL *s);	692	int dtls1_is_timer_expired(SSL *s);
693	void dtls1_double_timeout(SSL *s);	693	void dtls1_double_timeout(SSL *s);
694	int dtls1_send_newsession_ticket(SSL *s);
695	unsigned int dtls1_min_mtu(void);	694	unsigned int dtls1_min_mtu(void);
696		695
697	/* some client-only functions */	696	/* some client-only functions */