summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-12-14 16:19:38 +0000
committerjsing <>2014-12-14 16:19:38 +0000
commit9d7627cb78b8d58f06310b08151767a7309504dc (patch)
treecbd847f515646f61373c178d71312104700ac3da
parent07ed3281a22942e6f12d90c428ffd29e5f4f1ddb (diff)
downloadopenbsd-9d7627cb78b8d58f06310b08151767a7309504dc.tar.gz
openbsd-9d7627cb78b8d58f06310b08151767a7309504dc.tar.bz2
openbsd-9d7627cb78b8d58f06310b08151767a7309504dc.zip
Convert all of the straight forward client handshake handling code to use
the new handshake functions. ok miod@
Diffstat
-rw-r--r--src/lib/libssl/d1_clnt.c71
-rw-r--r--src/lib/libssl/s3_clnt.c96
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c71
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c96
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h6
-rw-r--r--src/lib/libssl/ssl_locl.h6
6 files changed, 134 insertions, 212 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 490e2849f1..3687f5917c 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.40 2014/12/10 15:43:31 jsing Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.41 2014/12/14 16:19:38 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -759,14 +759,12 @@ end:
759int 759int
760dtls1_client_hello(SSL *s) 760dtls1_client_hello(SSL *s)
761{ 761{
762 unsigned char *buf; 762 unsigned char *bufend, *d, *p;
763 unsigned char *p, *d;
764 unsigned int i; 763 unsigned int i;
765 unsigned long l;
766 764
767 buf = (unsigned char *)s->init_buf->data;
768 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { 765 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
769 SSL_SESSION *sess = s->session; 766 SSL_SESSION *sess = s->session;
767
770 if ((s->session == NULL) || 768 if ((s->session == NULL) ||
771 (s->session->ssl_version != s->version) || 769 (s->session->ssl_version != s->version) ||
772 (!sess->session_id_length && !sess->tlsext_tick) || 770 (!sess->session_id_length && !sess->tlsext_tick) ||
@@ -785,8 +783,7 @@ dtls1_client_hello(SSL *s)
785 if (i == sizeof(s->s3->client_random)) 783 if (i == sizeof(s->s3->client_random))
786 arc4random_buf(p, sizeof(s->s3->client_random)); 784 arc4random_buf(p, sizeof(s->s3->client_random));
787 785
788 /* Do the message type and length last */ 786 d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
789 d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
790 787
791 *(p++) = s->version >> 8; 788 *(p++) = s->version >> 8;
792 *(p++) = s->version&0xff; 789 *(p++) = s->version&0xff;
@@ -835,29 +832,20 @@ dtls1_client_hello(SSL *s)
835 *(p++) = 1; 832 *(p++) = 1;
836 *(p++) = 0; /* Add the NULL method */ 833 *(p++) = 0; /* Add the NULL method */
837 834
838 if ((p = ssl_add_clienthello_tlsext(s, p, 835 bufend = (unsigned char *)s->init_buf->data +
839 buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 836 SSL3_RT_MAX_PLAIN_LENGTH;
837 if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
840 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 838 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
841 goto err; 839 goto err;
842 } 840 }
843 841
844 l = (p - d); 842 ssl3_handshake_msg_finish(s, p - d);
845 d = buf;
846
847 d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO,
848 l, 0, l);
849 843
850 s->state = SSL3_ST_CW_CLNT_HELLO_B; 844 s->state = SSL3_ST_CW_CLNT_HELLO_B;
851 /* number of bytes to write */
852 s->init_num = p - buf;
853 s->init_off = 0;
854
855 /* buffer the message to handle re-xmits */
856 dtls1_buffer_message(s, 0);
857 } 845 }
858 846
859 /* SSL3_ST_CW_CLNT_HELLO_B */ 847 /* SSL3_ST_CW_CLNT_HELLO_B */
860 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); 848 return (ssl3_handshake_write(s));
861err: 849err:
862 return (-1); 850 return (-1);
863} 851}
@@ -919,10 +907,9 @@ f_err:
919int 907int
920dtls1_send_client_key_exchange(SSL *s) 908dtls1_send_client_key_exchange(SSL *s)
921{ 909{
922 unsigned char *p, *d; 910 unsigned char *p, *q;
923 int n; 911 int n;
924 unsigned long alg_k; 912 unsigned long alg_k;
925 unsigned char *q;
926 EVP_PKEY *pkey = NULL; 913 EVP_PKEY *pkey = NULL;
927 EC_KEY *clnt_ecdh = NULL; 914 EC_KEY *clnt_ecdh = NULL;
928 const EC_POINT *srvr_ecpoint = NULL; 915 const EC_POINT *srvr_ecpoint = NULL;
@@ -932,8 +919,7 @@ dtls1_send_client_key_exchange(SSL *s)
932 BN_CTX * bn_ctx = NULL; 919 BN_CTX * bn_ctx = NULL;
933 920
934 if (s->state == SSL3_ST_CW_KEY_EXCH_A) { 921 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
935 d = (unsigned char *)s->init_buf->data; 922 p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE);
936 p = &(d[DTLS1_HM_HEADER_LENGTH]);
937 923
938 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 924 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
939 925
@@ -1217,26 +1203,13 @@ dtls1_send_client_key_exchange(SSL *s)
1217 goto err; 1203 goto err;
1218 } 1204 }
1219 1205
1220 d = dtls1_set_message_header(s, d, 1206 ssl3_handshake_msg_finish(s, n);
1221 SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
1222 /*
1223 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
1224 l2n3(n,d);
1225 l2n(s->d1->handshake_write_seq,d);
1226 s->d1->handshake_write_seq++;
1227 */
1228 1207
1229 s->state = SSL3_ST_CW_KEY_EXCH_B; 1208 s->state = SSL3_ST_CW_KEY_EXCH_B;
1230 /* number of bytes to write */
1231 s->init_num = n + DTLS1_HM_HEADER_LENGTH;
1232 s->init_off = 0;
1233
1234 /* buffer the message to handle re-xmits */
1235 dtls1_buffer_message(s, 0);
1236 } 1209 }
1237 1210
1238 /* SSL3_ST_CW_KEY_EXCH_B */ 1211 /* SSL3_ST_CW_KEY_EXCH_B */
1239 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); 1212 return (ssl3_handshake_write(s));
1240 1213
1241err: 1214err:
1242 BN_CTX_free(bn_ctx); 1215 BN_CTX_free(bn_ctx);
@@ -1249,7 +1222,7 @@ err:
1249int 1222int
1250dtls1_send_client_verify(SSL *s) 1223dtls1_send_client_verify(SSL *s)
1251{ 1224{
1252 unsigned char *p, *d; 1225 unsigned char *p;
1253 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; 1226 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
1254 EVP_PKEY *pkey; 1227 EVP_PKEY *pkey;
1255 unsigned u = 0; 1228 unsigned u = 0;
@@ -1257,8 +1230,8 @@ dtls1_send_client_verify(SSL *s)
1257 int j; 1230 int j;
1258 1231
1259 if (s->state == SSL3_ST_CW_CERT_VRFY_A) { 1232 if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
1260 d = (unsigned char *)s->init_buf->data; 1233 p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
1261 p = &(d[DTLS1_HM_HEADER_LENGTH]); 1234
1262 pkey = s->cert->key->privatekey; 1235 pkey = s->cert->key->privatekey;
1263 1236
1264 s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, 1237 s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
@@ -1304,20 +1277,14 @@ dtls1_send_client_verify(SSL *s)
1304 goto err; 1277 goto err;
1305 } 1278 }
1306 1279
1307 d = dtls1_set_message_header(s, d, 1280 ssl3_handshake_msg_finish(s, n);
1308 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n);
1309
1310 s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH;
1311 s->init_off = 0;
1312
1313 /* buffer the message to handle re-xmits */
1314 dtls1_buffer_message(s, 0);
1315 1281
1316 s->state = SSL3_ST_CW_CERT_VRFY_B; 1282 s->state = SSL3_ST_CW_CERT_VRFY_B;
1317 } 1283 }
1318 1284
1319 /* s->state = SSL3_ST_CW_CERT_VRFY_B */ 1285 /* s->state = SSL3_ST_CW_CERT_VRFY_B */
1320 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); 1286 return (ssl3_handshake_write(s));
1287
1321err: 1288err:
1322 return (-1); 1289 return (-1);
1323} 1290}
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 8e7c19f2f0..47b6824533 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.101 2014/12/14 15:30:50 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.102 2014/12/14 16:19:38 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -642,14 +642,12 @@ end:
642int 642int
643ssl3_client_hello(SSL *s) 643ssl3_client_hello(SSL *s)
644{ 644{
645 unsigned char *buf; 645 unsigned char *bufend, *p, *d;
646 unsigned char *p, *d;
647 int i; 646 int i;
648 unsigned long l;
649 647
650 buf = (unsigned char *)s->init_buf->data;
651 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { 648 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
652 SSL_SESSION *sess = s->session; 649 SSL_SESSION *sess = s->session;
650
653 if ((sess == NULL) || 651 if ((sess == NULL) ||
654 (sess->ssl_version != s->version) || 652 (sess->ssl_version != s->version) ||
655 (!sess->session_id_length && !sess->tlsext_tick) || 653 (!sess->session_id_length && !sess->tlsext_tick) ||
@@ -661,8 +659,7 @@ ssl3_client_hello(SSL *s)
661 659
662 arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); 660 arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
663 661
664 /* Do the message type and length last */ 662 d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
665 d = p = &buf[4];
666 663
667 /* 664 /*
668 * Version indicates the negotiated version: for example from 665 * Version indicates the negotiated version: for example from
@@ -747,26 +744,22 @@ ssl3_client_hello(SSL *s)
747 SSL_R_CLIENTHELLO_TLSEXT); 744 SSL_R_CLIENTHELLO_TLSEXT);
748 goto err; 745 goto err;
749 } 746 }
750 if ((p = ssl_add_clienthello_tlsext(s, p, 747 bufend = (unsigned char *)s->init_buf->data +
751 buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 748 SSL3_RT_MAX_PLAIN_LENGTH;
749 if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
752 SSLerr(SSL_F_SSL3_CLIENT_HELLO, 750 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
753 ERR_R_INTERNAL_ERROR); 751 ERR_R_INTERNAL_ERROR);
754 goto err; 752 goto err;
755 } 753 }
756 754
757 l = (p - d);
758 d = buf;
759 *(d++) = SSL3_MT_CLIENT_HELLO;
760 l2n3(l, d);
761
762 s->state = SSL3_ST_CW_CLNT_HELLO_B; 755 s->state = SSL3_ST_CW_CLNT_HELLO_B;
763 /* number of bytes to write */ 756
764 s->init_num = p - buf; 757 ssl3_handshake_msg_finish(s, p - d);
765 s->init_off = 0;
766 } 758 }
767 759
768 /* SSL3_ST_CW_CLNT_HELLO_B */ 760 /* SSL3_ST_CW_CLNT_HELLO_B */
769 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 761 return (ssl3_handshake_write(s));
762
770err: 763err:
771 return (-1); 764 return (-1);
772} 765}
@@ -1884,10 +1877,9 @@ ssl3_get_server_done(SSL *s)
1884int 1877int
1885ssl3_send_client_key_exchange(SSL *s) 1878ssl3_send_client_key_exchange(SSL *s)
1886{ 1879{
1887 unsigned char *p, *d; 1880 unsigned char *p, *q;
1888 int n; 1881 int n;
1889 unsigned long alg_k; 1882 unsigned long alg_k;
1890 unsigned char *q;
1891 EVP_PKEY *pkey = NULL; 1883 EVP_PKEY *pkey = NULL;
1892 EC_KEY *clnt_ecdh = NULL; 1884 EC_KEY *clnt_ecdh = NULL;
1893 const EC_POINT *srvr_ecpoint = NULL; 1885 const EC_POINT *srvr_ecpoint = NULL;
@@ -1897,8 +1889,7 @@ ssl3_send_client_key_exchange(SSL *s)
1897 BN_CTX *bn_ctx = NULL; 1889 BN_CTX *bn_ctx = NULL;
1898 1890
1899 if (s->state == SSL3_ST_CW_KEY_EXCH_A) { 1891 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
1900 d = (unsigned char *)s->init_buf->data; 1892 p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE);
1901 p = &(d[4]);
1902 1893
1903 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1894 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1904 1895
@@ -1999,7 +1990,8 @@ ssl3_send_client_key_exchange(SSL *s)
1999 /* Generate master key from the result. */ 1990 /* Generate master key from the result. */
2000 s->session->master_key_length = 1991 s->session->master_key_length =
2001 s->method->ssl3_enc->generate_master_secret(s, 1992 s->method->ssl3_enc->generate_master_secret(s,
2002 s->session->master_key, p, n); 1993 s->session->master_key, p, n);
1994
2003 /* Clean up. */ 1995 /* Clean up. */
2004 memset(p, 0, n); 1996 memset(p, 0, n);
2005 1997
@@ -2299,26 +2291,21 @@ ssl3_send_client_key_exchange(SSL *s)
2299 s->session->master_key, premaster_secret, 32); 2291 s->session->master_key, premaster_secret, 32);
2300 EVP_PKEY_free(pub_key); 2292 EVP_PKEY_free(pub_key);
2301 2293
2302 } 2294 } else {
2303 else {
2304 ssl3_send_alert(s, SSL3_AL_FATAL, 2295 ssl3_send_alert(s, SSL3_AL_FATAL,
2305 SSL_AD_HANDSHAKE_FAILURE); 2296 SSL_AD_HANDSHAKE_FAILURE);
2306 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2297 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2307 ERR_R_INTERNAL_ERROR); 2298 ERR_R_INTERNAL_ERROR);
2308 goto err; 2299 goto err;
2309 } 2300 }
2310 2301
2311 *(d++) = SSL3_MT_CLIENT_KEY_EXCHANGE;
2312 l2n3(n, d);
2313
2314 s->state = SSL3_ST_CW_KEY_EXCH_B; 2302 s->state = SSL3_ST_CW_KEY_EXCH_B;
2315 /* number of bytes to write */ 2303
2316 s->init_num = n + 4; 2304 ssl3_handshake_msg_finish(s, n);
2317 s->init_off = 0;
2318 } 2305 }
2319 2306
2320 /* SSL3_ST_CW_KEY_EXCH_B */ 2307 /* SSL3_ST_CW_KEY_EXCH_B */
2321 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 2308 return (ssl3_handshake_write(s));
2322 2309
2323err: 2310err:
2324 BN_CTX_free(bn_ctx); 2311 BN_CTX_free(bn_ctx);
@@ -2331,7 +2318,7 @@ err:
2331int 2318int
2332ssl3_send_client_verify(SSL *s) 2319ssl3_send_client_verify(SSL *s)
2333{ 2320{
2334 unsigned char *p, *d; 2321 unsigned char *p;
2335 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; 2322 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
2336 EVP_PKEY *pkey; 2323 EVP_PKEY *pkey;
2337 EVP_PKEY_CTX *pctx = NULL; 2324 EVP_PKEY_CTX *pctx = NULL;
@@ -2343,13 +2330,13 @@ ssl3_send_client_verify(SSL *s)
2343 EVP_MD_CTX_init(&mctx); 2330 EVP_MD_CTX_init(&mctx);
2344 2331
2345 if (s->state == SSL3_ST_CW_CERT_VRFY_A) { 2332 if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
2346 d = (unsigned char *)s->init_buf->data; 2333 p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
2347 p = &(d[4]); 2334
2348 pkey = s->cert->key->privatekey;
2349 /* 2335 /*
2350 * Create context from key and test if sha1 is allowed as 2336 * Create context from key and test if sha1 is allowed as
2351 * digest. 2337 * digest.
2352 */ 2338 */
2339 pkey = s->cert->key->privatekey;
2353 pctx = EVP_PKEY_CTX_new(pkey, NULL); 2340 pctx = EVP_PKEY_CTX_new(pkey, NULL);
2354 EVP_PKEY_sign_init(pctx); 2341 EVP_PKEY_sign_init(pctx);
2355 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) { 2342 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
@@ -2468,16 +2455,17 @@ ssl3_send_client_verify(SSL *s)
2468 ERR_R_INTERNAL_ERROR); 2455 ERR_R_INTERNAL_ERROR);
2469 goto err; 2456 goto err;
2470 } 2457 }
2471 *(d++) = SSL3_MT_CERTIFICATE_VERIFY;
2472 l2n3(n, d);
2473 2458
2474 s->state = SSL3_ST_CW_CERT_VRFY_B; 2459 s->state = SSL3_ST_CW_CERT_VRFY_B;
2475 s->init_num = (int)n + 4; 2460
2476 s->init_off = 0; 2461 ssl3_handshake_msg_finish(s, n);
2477 } 2462 }
2463
2478 EVP_MD_CTX_cleanup(&mctx); 2464 EVP_MD_CTX_cleanup(&mctx);
2479 EVP_PKEY_CTX_free(pctx); 2465 EVP_PKEY_CTX_free(pctx);
2480 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 2466
2467 return (ssl3_handshake_write(s));
2468
2481err: 2469err:
2482 EVP_MD_CTX_cleanup(&mctx); 2470 EVP_MD_CTX_cleanup(&mctx);
2483 EVP_PKEY_CTX_free(pctx); 2471 EVP_PKEY_CTX_free(pctx);
@@ -2632,24 +2620,26 @@ int
2632ssl3_send_next_proto(SSL *s) 2620ssl3_send_next_proto(SSL *s)
2633{ 2621{
2634 unsigned int len, padding_len; 2622 unsigned int len, padding_len;
2635 unsigned char *d; 2623 unsigned char *d, *p;
2636 2624
2637 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) { 2625 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {
2626 d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEXT_PROTO);
2627
2638 len = s->next_proto_negotiated_len; 2628 len = s->next_proto_negotiated_len;
2639 padding_len = 32 - ((len + 2) % 32); 2629 padding_len = 32 - ((len + 2) % 32);
2640 d = (unsigned char *)s->init_buf->data; 2630 *(p++) = len;
2641 d[4] = len; 2631 memcpy(p, s->next_proto_negotiated, len);
2642 memcpy(d + 5, s->next_proto_negotiated, len); 2632 p += len;
2643 d[5 + len] = padding_len; 2633 *(p++) = padding_len;
2644 memset(d + 6 + len, 0, padding_len); 2634 memset(p, 0, padding_len);
2645 *(d++) = SSL3_MT_NEXT_PROTO; 2635 p += padding_len;
2646 l2n3(2 + len + padding_len, d); 2636
2637 ssl3_handshake_msg_finish(s, p - d);
2638
2647 s->state = SSL3_ST_CW_NEXT_PROTO_B; 2639 s->state = SSL3_ST_CW_NEXT_PROTO_B;
2648 s->init_num = 4 + 2 + len + padding_len;
2649 s->init_off = 0;
2650 } 2640 }
2651 2641
2652 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 2642 return (ssl3_handshake_write(s));
2653} 2643}
2654 2644
2655/* 2645/*
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 490e2849f1..3687f5917c 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.40 2014/12/10 15:43:31 jsing Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.41 2014/12/14 16:19:38 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -759,14 +759,12 @@ end:
759int 759int
760dtls1_client_hello(SSL *s) 760dtls1_client_hello(SSL *s)
761{ 761{
762 unsigned char *buf; 762 unsigned char *bufend, *d, *p;
763 unsigned char *p, *d;
764 unsigned int i; 763 unsigned int i;
765 unsigned long l;
766 764
767 buf = (unsigned char *)s->init_buf->data;
768 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { 765 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
769 SSL_SESSION *sess = s->session; 766 SSL_SESSION *sess = s->session;
767
770 if ((s->session == NULL) || 768 if ((s->session == NULL) ||
771 (s->session->ssl_version != s->version) || 769 (s->session->ssl_version != s->version) ||
772 (!sess->session_id_length && !sess->tlsext_tick) || 770 (!sess->session_id_length && !sess->tlsext_tick) ||
@@ -785,8 +783,7 @@ dtls1_client_hello(SSL *s)
785 if (i == sizeof(s->s3->client_random)) 783 if (i == sizeof(s->s3->client_random))
786 arc4random_buf(p, sizeof(s->s3->client_random)); 784 arc4random_buf(p, sizeof(s->s3->client_random));
787 785
788 /* Do the message type and length last */ 786 d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
789 d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
790 787
791 *(p++) = s->version >> 8; 788 *(p++) = s->version >> 8;
792 *(p++) = s->version&0xff; 789 *(p++) = s->version&0xff;
@@ -835,29 +832,20 @@ dtls1_client_hello(SSL *s)
835 *(p++) = 1; 832 *(p++) = 1;
836 *(p++) = 0; /* Add the NULL method */ 833 *(p++) = 0; /* Add the NULL method */
837 834
838 if ((p = ssl_add_clienthello_tlsext(s, p, 835 bufend = (unsigned char *)s->init_buf->data +
839 buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 836 SSL3_RT_MAX_PLAIN_LENGTH;
837 if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
840 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 838 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
841 goto err; 839 goto err;
842 } 840 }
843 841
844 l = (p - d); 842 ssl3_handshake_msg_finish(s, p - d);
845 d = buf;
846
847 d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO,
848 l, 0, l);
849 843
850 s->state = SSL3_ST_CW_CLNT_HELLO_B; 844 s->state = SSL3_ST_CW_CLNT_HELLO_B;
851 /* number of bytes to write */
852 s->init_num = p - buf;
853 s->init_off = 0;
854
855 /* buffer the message to handle re-xmits */
856 dtls1_buffer_message(s, 0);
857 } 845 }
858 846
859 /* SSL3_ST_CW_CLNT_HELLO_B */ 847 /* SSL3_ST_CW_CLNT_HELLO_B */
860 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); 848 return (ssl3_handshake_write(s));
861err: 849err:
862 return (-1); 850 return (-1);
863} 851}
@@ -919,10 +907,9 @@ f_err:
919int 907int
920dtls1_send_client_key_exchange(SSL *s) 908dtls1_send_client_key_exchange(SSL *s)
921{ 909{
922 unsigned char *p, *d; 910 unsigned char *p, *q;
923 int n; 911 int n;
924 unsigned long alg_k; 912 unsigned long alg_k;
925 unsigned char *q;
926 EVP_PKEY *pkey = NULL; 913 EVP_PKEY *pkey = NULL;
927 EC_KEY *clnt_ecdh = NULL; 914 EC_KEY *clnt_ecdh = NULL;
928 const EC_POINT *srvr_ecpoint = NULL; 915 const EC_POINT *srvr_ecpoint = NULL;
@@ -932,8 +919,7 @@ dtls1_send_client_key_exchange(SSL *s)
932 BN_CTX * bn_ctx = NULL; 919 BN_CTX * bn_ctx = NULL;
933 920
934 if (s->state == SSL3_ST_CW_KEY_EXCH_A) { 921 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
935 d = (unsigned char *)s->init_buf->data; 922 p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE);
936 p = &(d[DTLS1_HM_HEADER_LENGTH]);
937 923
938 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 924 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
939 925
@@ -1217,26 +1203,13 @@ dtls1_send_client_key_exchange(SSL *s)
1217 goto err; 1203 goto err;
1218 } 1204 }
1219 1205
1220 d = dtls1_set_message_header(s, d, 1206 ssl3_handshake_msg_finish(s, n);
1221 SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
1222 /*
1223 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
1224 l2n3(n,d);
1225 l2n(s->d1->handshake_write_seq,d);
1226 s->d1->handshake_write_seq++;
1227 */
1228 1207
1229 s->state = SSL3_ST_CW_KEY_EXCH_B; 1208 s->state = SSL3_ST_CW_KEY_EXCH_B;
1230 /* number of bytes to write */
1231 s->init_num = n + DTLS1_HM_HEADER_LENGTH;
1232 s->init_off = 0;
1233
1234 /* buffer the message to handle re-xmits */
1235 dtls1_buffer_message(s, 0);
1236 } 1209 }
1237 1210
1238 /* SSL3_ST_CW_KEY_EXCH_B */ 1211 /* SSL3_ST_CW_KEY_EXCH_B */
1239 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); 1212 return (ssl3_handshake_write(s));
1240 1213
1241err: 1214err:
1242 BN_CTX_free(bn_ctx); 1215 BN_CTX_free(bn_ctx);
@@ -1249,7 +1222,7 @@ err:
1249int 1222int
1250dtls1_send_client_verify(SSL *s) 1223dtls1_send_client_verify(SSL *s)
1251{ 1224{
1252 unsigned char *p, *d; 1225 unsigned char *p;
1253 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; 1226 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
1254 EVP_PKEY *pkey; 1227 EVP_PKEY *pkey;
1255 unsigned u = 0; 1228 unsigned u = 0;
@@ -1257,8 +1230,8 @@ dtls1_send_client_verify(SSL *s)
1257 int j; 1230 int j;
1258 1231
1259 if (s->state == SSL3_ST_CW_CERT_VRFY_A) { 1232 if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
1260 d = (unsigned char *)s->init_buf->data; 1233 p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
1261 p = &(d[DTLS1_HM_HEADER_LENGTH]); 1234
1262 pkey = s->cert->key->privatekey; 1235 pkey = s->cert->key->privatekey;
1263 1236
1264 s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, 1237 s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
@@ -1304,20 +1277,14 @@ dtls1_send_client_verify(SSL *s)
1304 goto err; 1277 goto err;
1305 } 1278 }
1306 1279
1307 d = dtls1_set_message_header(s, d, 1280 ssl3_handshake_msg_finish(s, n);
1308 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n);
1309
1310 s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH;
1311 s->init_off = 0;
1312
1313 /* buffer the message to handle re-xmits */
1314 dtls1_buffer_message(s, 0);
1315 1281
1316 s->state = SSL3_ST_CW_CERT_VRFY_B; 1282 s->state = SSL3_ST_CW_CERT_VRFY_B;
1317 } 1283 }
1318 1284
1319 /* s->state = SSL3_ST_CW_CERT_VRFY_B */ 1285 /* s->state = SSL3_ST_CW_CERT_VRFY_B */
1320 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); 1286 return (ssl3_handshake_write(s));
1287
1321err: 1288err:
1322 return (-1); 1289 return (-1);
1323} 1290}
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 8e7c19f2f0..47b6824533 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.101 2014/12/14 15:30:50 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.102 2014/12/14 16:19:38 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -642,14 +642,12 @@ end:
642int 642int
643ssl3_client_hello(SSL *s) 643ssl3_client_hello(SSL *s)
644{ 644{
645 unsigned char *buf; 645 unsigned char *bufend, *p, *d;
646 unsigned char *p, *d;
647 int i; 646 int i;
648 unsigned long l;
649 647
650 buf = (unsigned char *)s->init_buf->data;
651 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { 648 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
652 SSL_SESSION *sess = s->session; 649 SSL_SESSION *sess = s->session;
650
653 if ((sess == NULL) || 651 if ((sess == NULL) ||
654 (sess->ssl_version != s->version) || 652 (sess->ssl_version != s->version) ||
655 (!sess->session_id_length && !sess->tlsext_tick) || 653 (!sess->session_id_length && !sess->tlsext_tick) ||
@@ -661,8 +659,7 @@ ssl3_client_hello(SSL *s)
661 659
662 arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); 660 arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
663 661
664 /* Do the message type and length last */ 662 d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
665 d = p = &buf[4];
666 663
667 /* 664 /*
668 * Version indicates the negotiated version: for example from 665 * Version indicates the negotiated version: for example from
@@ -747,26 +744,22 @@ ssl3_client_hello(SSL *s)
747 SSL_R_CLIENTHELLO_TLSEXT); 744 SSL_R_CLIENTHELLO_TLSEXT);
748 goto err; 745 goto err;
749 } 746 }
750 if ((p = ssl_add_clienthello_tlsext(s, p, 747 bufend = (unsigned char *)s->init_buf->data +
751 buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 748 SSL3_RT_MAX_PLAIN_LENGTH;
749 if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
752 SSLerr(SSL_F_SSL3_CLIENT_HELLO, 750 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
753 ERR_R_INTERNAL_ERROR); 751 ERR_R_INTERNAL_ERROR);
754 goto err; 752 goto err;
755 } 753 }
756 754
757 l = (p - d);
758 d = buf;
759 *(d++) = SSL3_MT_CLIENT_HELLO;
760 l2n3(l, d);
761
762 s->state = SSL3_ST_CW_CLNT_HELLO_B; 755 s->state = SSL3_ST_CW_CLNT_HELLO_B;
763 /* number of bytes to write */ 756
764 s->init_num = p - buf; 757 ssl3_handshake_msg_finish(s, p - d);
765 s->init_off = 0;
766 } 758 }
767 759
768 /* SSL3_ST_CW_CLNT_HELLO_B */ 760 /* SSL3_ST_CW_CLNT_HELLO_B */
769 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 761 return (ssl3_handshake_write(s));
762
770err: 763err:
771 return (-1); 764 return (-1);
772} 765}
@@ -1884,10 +1877,9 @@ ssl3_get_server_done(SSL *s)
1884int 1877int
1885ssl3_send_client_key_exchange(SSL *s) 1878ssl3_send_client_key_exchange(SSL *s)
1886{ 1879{
1887 unsigned char *p, *d; 1880 unsigned char *p, *q;
1888 int n; 1881 int n;
1889 unsigned long alg_k; 1882 unsigned long alg_k;
1890 unsigned char *q;
1891 EVP_PKEY *pkey = NULL; 1883 EVP_PKEY *pkey = NULL;
1892 EC_KEY *clnt_ecdh = NULL; 1884 EC_KEY *clnt_ecdh = NULL;
1893 const EC_POINT *srvr_ecpoint = NULL; 1885 const EC_POINT *srvr_ecpoint = NULL;
@@ -1897,8 +1889,7 @@ ssl3_send_client_key_exchange(SSL *s)
1897 BN_CTX *bn_ctx = NULL; 1889 BN_CTX *bn_ctx = NULL;
1898 1890
1899 if (s->state == SSL3_ST_CW_KEY_EXCH_A) { 1891 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
1900 d = (unsigned char *)s->init_buf->data; 1892 p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE);
1901 p = &(d[4]);
1902 1893
1903 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1894 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1904 1895
@@ -1999,7 +1990,8 @@ ssl3_send_client_key_exchange(SSL *s)
1999 /* Generate master key from the result. */ 1990 /* Generate master key from the result. */
2000 s->session->master_key_length = 1991 s->session->master_key_length =
2001 s->method->ssl3_enc->generate_master_secret(s, 1992 s->method->ssl3_enc->generate_master_secret(s,
2002 s->session->master_key, p, n); 1993 s->session->master_key, p, n);
1994
2003 /* Clean up. */ 1995 /* Clean up. */
2004 memset(p, 0, n); 1996 memset(p, 0, n);
2005 1997
@@ -2299,26 +2291,21 @@ ssl3_send_client_key_exchange(SSL *s)
2299 s->session->master_key, premaster_secret, 32); 2291 s->session->master_key, premaster_secret, 32);
2300 EVP_PKEY_free(pub_key); 2292 EVP_PKEY_free(pub_key);
2301 2293
2302 } 2294 } else {
2303 else {
2304 ssl3_send_alert(s, SSL3_AL_FATAL, 2295 ssl3_send_alert(s, SSL3_AL_FATAL,
2305 SSL_AD_HANDSHAKE_FAILURE); 2296 SSL_AD_HANDSHAKE_FAILURE);
2306 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2297 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2307 ERR_R_INTERNAL_ERROR); 2298 ERR_R_INTERNAL_ERROR);
2308 goto err; 2299 goto err;
2309 } 2300 }
2310 2301
2311 *(d++) = SSL3_MT_CLIENT_KEY_EXCHANGE;
2312 l2n3(n, d);
2313
2314 s->state = SSL3_ST_CW_KEY_EXCH_B; 2302 s->state = SSL3_ST_CW_KEY_EXCH_B;
2315 /* number of bytes to write */ 2303
2316 s->init_num = n + 4; 2304 ssl3_handshake_msg_finish(s, n);
2317 s->init_off = 0;
2318 } 2305 }
2319 2306
2320 /* SSL3_ST_CW_KEY_EXCH_B */ 2307 /* SSL3_ST_CW_KEY_EXCH_B */
2321 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 2308 return (ssl3_handshake_write(s));
2322 2309
2323err: 2310err:
2324 BN_CTX_free(bn_ctx); 2311 BN_CTX_free(bn_ctx);
@@ -2331,7 +2318,7 @@ err:
2331int 2318int
2332ssl3_send_client_verify(SSL *s) 2319ssl3_send_client_verify(SSL *s)
2333{ 2320{
2334 unsigned char *p, *d; 2321 unsigned char *p;
2335 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; 2322 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
2336 EVP_PKEY *pkey; 2323 EVP_PKEY *pkey;
2337 EVP_PKEY_CTX *pctx = NULL; 2324 EVP_PKEY_CTX *pctx = NULL;
@@ -2343,13 +2330,13 @@ ssl3_send_client_verify(SSL *s)
2343 EVP_MD_CTX_init(&mctx); 2330 EVP_MD_CTX_init(&mctx);
2344 2331
2345 if (s->state == SSL3_ST_CW_CERT_VRFY_A) { 2332 if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
2346 d = (unsigned char *)s->init_buf->data; 2333 p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
2347 p = &(d[4]); 2334
2348 pkey = s->cert->key->privatekey;
2349 /* 2335 /*
2350 * Create context from key and test if sha1 is allowed as 2336 * Create context from key and test if sha1 is allowed as
2351 * digest. 2337 * digest.
2352 */ 2338 */
2339 pkey = s->cert->key->privatekey;
2353 pctx = EVP_PKEY_CTX_new(pkey, NULL); 2340 pctx = EVP_PKEY_CTX_new(pkey, NULL);
2354 EVP_PKEY_sign_init(pctx); 2341 EVP_PKEY_sign_init(pctx);
2355 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) { 2342 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
@@ -2468,16 +2455,17 @@ ssl3_send_client_verify(SSL *s)
2468 ERR_R_INTERNAL_ERROR); 2455 ERR_R_INTERNAL_ERROR);
2469 goto err; 2456 goto err;
2470 } 2457 }
2471 *(d++) = SSL3_MT_CERTIFICATE_VERIFY;
2472 l2n3(n, d);
2473 2458
2474 s->state = SSL3_ST_CW_CERT_VRFY_B; 2459 s->state = SSL3_ST_CW_CERT_VRFY_B;
2475 s->init_num = (int)n + 4; 2460
2476 s->init_off = 0; 2461 ssl3_handshake_msg_finish(s, n);
2477 } 2462 }
2463
2478 EVP_MD_CTX_cleanup(&mctx); 2464 EVP_MD_CTX_cleanup(&mctx);
2479 EVP_PKEY_CTX_free(pctx); 2465 EVP_PKEY_CTX_free(pctx);
2480 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 2466
2467 return (ssl3_handshake_write(s));
2468
2481err: 2469err:
2482 EVP_MD_CTX_cleanup(&mctx); 2470 EVP_MD_CTX_cleanup(&mctx);
2483 EVP_PKEY_CTX_free(pctx); 2471 EVP_PKEY_CTX_free(pctx);
@@ -2632,24 +2620,26 @@ int
2632ssl3_send_next_proto(SSL *s) 2620ssl3_send_next_proto(SSL *s)
2633{ 2621{
2634 unsigned int len, padding_len; 2622 unsigned int len, padding_len;
2635 unsigned char *d; 2623 unsigned char *d, *p;
2636 2624
2637 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) { 2625 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {
2626 d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEXT_PROTO);
2627
2638 len = s->next_proto_negotiated_len; 2628 len = s->next_proto_negotiated_len;
2639 padding_len = 32 - ((len + 2) % 32); 2629 padding_len = 32 - ((len + 2) % 32);
2640 d = (unsigned char *)s->init_buf->data; 2630 *(p++) = len;
2641 d[4] = len; 2631 memcpy(p, s->next_proto_negotiated, len);
2642 memcpy(d + 5, s->next_proto_negotiated, len); 2632 p += len;
2643 d[5 + len] = padding_len; 2633 *(p++) = padding_len;
2644 memset(d + 6 + len, 0, padding_len); 2634 memset(p, 0, padding_len);
2645 *(d++) = SSL3_MT_NEXT_PROTO; 2635 p += padding_len;
2646 l2n3(2 + len + padding_len, d); 2636
2637 ssl3_handshake_msg_finish(s, p - d);
2638
2647 s->state = SSL3_ST_CW_NEXT_PROTO_B; 2639 s->state = SSL3_ST_CW_NEXT_PROTO_B;
2648 s->init_num = 4 + 2 + len + padding_len;
2649 s->init_off = 0;
2650 } 2640 }
2651 2641
2652 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 2642 return (ssl3_handshake_write(s));
2653} 2643}
2654 2644
2655/* 2645/*
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 20ccaf1675..97e32de380 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.82 2014/12/14 15:30:50 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.83 2014/12/14 16:19:38 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -653,6 +653,10 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
653long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void)); 653long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
654int ssl3_pending(const SSL *s); 654int ssl3_pending(const SSL *s);
655 655
656unsigned char *ssl3_handshake_msg_start(SSL *s, uint8_t htype);
657void ssl3_handshake_msg_finish(SSL *s, unsigned int len);
658int ssl3_handshake_write(SSL *s);
659
656void ssl3_record_sequence_increment(unsigned char *seq); 660void ssl3_record_sequence_increment(unsigned char *seq);
657int ssl3_do_change_cipher_spec(SSL *ssl); 661int ssl3_do_change_cipher_spec(SSL *ssl);
658long ssl3_default_timeout(void); 662long ssl3_default_timeout(void);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 20ccaf1675..97e32de380 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.82 2014/12/14 15:30:50 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.83 2014/12/14 16:19:38 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -653,6 +653,10 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
653long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void)); 653long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
654int ssl3_pending(const SSL *s); 654int ssl3_pending(const SSL *s);
655 655
656unsigned char *ssl3_handshake_msg_start(SSL *s, uint8_t htype);
657void ssl3_handshake_msg_finish(SSL *s, unsigned int len);
658int ssl3_handshake_write(SSL *s);
659
656void ssl3_record_sequence_increment(unsigned char *seq); 660void ssl3_record_sequence_increment(unsigned char *seq);
657int ssl3_do_change_cipher_spec(SSL *ssl); 661int ssl3_do_change_cipher_spec(SSL *ssl);
658long ssl3_default_timeout(void); 662long ssl3_default_timeout(void);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 13:43:32 +0000