diff options
| author | jsing <> | 2015-02-07 08:56:39 +0000 |
|---|---|---|
| committer | jsing <> | 2015-02-07 08:56:39 +0000 |
| commit | fa55b09a9d68c9b8034bc1953d02a2baf74096e1 (patch) | |
| tree | 3b09a04fd0553fd832021ff25730adf392c1cbf7 | |
| parent | 3dee73e415990dc0cfea4edce3f063286558a70e (diff) | |
| download | openbsd-fa55b09a9d68c9b8034bc1953d02a2baf74096e1.tar.gz openbsd-fa55b09a9d68c9b8034bc1953d02a2baf74096e1.tar.bz2 openbsd-fa55b09a9d68c9b8034bc1953d02a2baf74096e1.zip | |
Convert several of the server side handshake functions to the new handshake
message handling routines.
ok miod@
| -rw-r--r-- | src/lib/libssl/d1_srvr.c | 91 | ||||
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 82 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_srvr.c | 91 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_srvr.c | 82 |
4 files changed, 108 insertions, 238 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 82f846d236..1c732c5b08 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_srvr.c,v 1.47 2015/02/06 08:30:23 jsing Exp $ */ | 1 | /* $OpenBSD: d1_srvr.c,v 1.48 2015/02/07 08:56:39 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -819,82 +819,65 @@ end: | |||
| 819 | int | 819 | int |
| 820 | dtls1_send_hello_request(SSL *s) | 820 | dtls1_send_hello_request(SSL *s) |
| 821 | { | 821 | { |
| 822 | unsigned char *p; | ||
| 823 | |||
| 824 | if (s->state == SSL3_ST_SW_HELLO_REQ_A) { | 822 | if (s->state == SSL3_ST_SW_HELLO_REQ_A) { |
| 825 | p = (unsigned char *)s->init_buf->data; | 823 | ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST); |
| 826 | p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0); | 824 | ssl3_handshake_msg_finish(s, 0); |
| 827 | 825 | ||
| 828 | s->state = SSL3_ST_SW_HELLO_REQ_B; | 826 | s->state = SSL3_ST_SW_HELLO_REQ_B; |
| 829 | /* number of bytes to write */ | ||
| 830 | s->init_num = DTLS1_HM_HEADER_LENGTH; | ||
| 831 | s->init_off = 0; | ||
| 832 | |||
| 833 | /* no need to buffer this message, since there are no retransmit | ||
| 834 | * requests for it */ | ||
| 835 | } | 827 | } |
| 836 | 828 | ||
| 837 | /* SSL3_ST_SW_HELLO_REQ_B */ | 829 | /* SSL3_ST_SW_HELLO_REQ_B */ |
| 838 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | 830 | return (ssl3_handshake_write(s)); |
| 839 | } | 831 | } |
| 840 | 832 | ||
| 841 | int | 833 | int |
| 842 | dtls1_send_hello_verify_request(SSL *s) | 834 | dtls1_send_hello_verify_request(SSL *s) |
| 843 | { | 835 | { |
| 844 | unsigned int msg_len; | 836 | unsigned char *d, *p; |
| 845 | unsigned char *msg, *buf, *p; | ||
| 846 | 837 | ||
| 847 | if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { | 838 | if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { |
| 848 | buf = (unsigned char *)s->init_buf->data; | 839 | d = p = ssl3_handshake_msg_start(s, |
| 840 | DTLS1_MT_HELLO_VERIFY_REQUEST); | ||
| 849 | 841 | ||
| 850 | msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]); | ||
| 851 | *(p++) = s->version >> 8; | 842 | *(p++) = s->version >> 8; |
| 852 | *(p++) = s->version & 0xFF; | 843 | *(p++) = s->version & 0xFF; |
| 853 | 844 | ||
| 854 | if (s->ctx->app_gen_cookie_cb == NULL || | 845 | if (s->ctx->app_gen_cookie_cb == NULL || |
| 855 | s->ctx->app_gen_cookie_cb(s, s->d1->cookie, | 846 | s->ctx->app_gen_cookie_cb(s, s->d1->cookie, |
| 856 | &(s->d1->cookie_len)) == 0) { | 847 | &(s->d1->cookie_len)) == 0) { |
| 857 | SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR); | 848 | SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, |
| 849 | ERR_R_INTERNAL_ERROR); | ||
| 858 | return 0; | 850 | return 0; |
| 859 | } | 851 | } |
| 860 | 852 | ||
| 861 | *(p++) = (unsigned char) s->d1->cookie_len; | 853 | *(p++) = (unsigned char) s->d1->cookie_len; |
| 862 | memcpy(p, s->d1->cookie, s->d1->cookie_len); | 854 | memcpy(p, s->d1->cookie, s->d1->cookie_len); |
| 863 | p += s->d1->cookie_len; | 855 | p += s->d1->cookie_len; |
| 864 | msg_len = p - msg; | ||
| 865 | 856 | ||
| 866 | dtls1_set_message_header(s, buf, | 857 | ssl3_handshake_msg_finish(s, p - d); |
| 867 | DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len); | ||
| 868 | 858 | ||
| 869 | s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; | 859 | s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; |
| 870 | /* number of bytes to write */ | ||
| 871 | s->init_num = p - buf; | ||
| 872 | s->init_off = 0; | ||
| 873 | } | 860 | } |
| 874 | 861 | ||
| 875 | /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ | 862 | /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ |
| 876 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | 863 | return (ssl3_handshake_write(s)); |
| 877 | } | 864 | } |
| 878 | 865 | ||
| 879 | int | 866 | int |
| 880 | dtls1_send_server_hello(SSL *s) | 867 | dtls1_send_server_hello(SSL *s) |
| 881 | { | 868 | { |
| 882 | unsigned char *buf; | 869 | unsigned char *bufend; |
| 883 | unsigned char *p, *d; | 870 | unsigned char *p, *d; |
| 884 | unsigned int sl; | 871 | unsigned int sl; |
| 885 | unsigned long l; | ||
| 886 | 872 | ||
| 887 | if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { | 873 | if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { |
| 888 | buf = (unsigned char *)s->init_buf->data; | 874 | d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO); |
| 889 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); | ||
| 890 | |||
| 891 | /* Do the message type and length last */ | ||
| 892 | d = p= &(buf[DTLS1_HM_HEADER_LENGTH]); | ||
| 893 | 875 | ||
| 894 | *(p++) = s->version >> 8; | 876 | *(p++) = s->version >> 8; |
| 895 | *(p++) = s->version&0xff; | 877 | *(p++) = s->version & 0xff; |
| 896 | 878 | ||
| 897 | /* Random stuff */ | 879 | /* Random stuff */ |
| 880 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); | ||
| 898 | memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); | 881 | memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); |
| 899 | p += SSL3_RANDOM_SIZE; | 882 | p += SSL3_RANDOM_SIZE; |
| 900 | 883 | ||
| @@ -911,7 +894,8 @@ dtls1_send_server_hello(SSL *s) | |||
| 911 | 894 | ||
| 912 | sl = s->session->session_id_length; | 895 | sl = s->session->session_id_length; |
| 913 | if (sl > sizeof s->session->session_id) { | 896 | if (sl > sizeof s->session->session_id) { |
| 914 | SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); | 897 | SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, |
| 898 | ERR_R_INTERNAL_ERROR); | ||
| 915 | return -1; | 899 | return -1; |
| 916 | } | 900 | } |
| 917 | *(p++) = sl; | 901 | *(p++) = sl; |
| @@ -926,52 +910,35 @@ dtls1_send_server_hello(SSL *s) | |||
| 926 | /* put the compression method */ | 910 | /* put the compression method */ |
| 927 | *(p++) = 0; | 911 | *(p++) = 0; |
| 928 | 912 | ||
| 929 | if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { | 913 | bufend = (unsigned char *)s->init_buf->data + |
| 930 | SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); | 914 | SSL3_RT_MAX_PLAIN_LENGTH; |
| 915 | if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) { | ||
| 916 | SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, | ||
| 917 | ERR_R_INTERNAL_ERROR); | ||
| 931 | return -1; | 918 | return -1; |
| 932 | } | 919 | } |
| 933 | 920 | ||
| 934 | /* do the header */ | 921 | ssl3_handshake_msg_finish(s, p - d); |
| 935 | l = (p - d); | ||
| 936 | d = buf; | ||
| 937 | |||
| 938 | d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l); | ||
| 939 | 922 | ||
| 940 | s->state = SSL3_ST_SW_SRVR_HELLO_B; | 923 | s->state = SSL3_ST_SW_SRVR_HELLO_B; |
| 941 | /* number of bytes to write */ | ||
| 942 | s->init_num = p - buf; | ||
| 943 | s->init_off = 0; | ||
| 944 | |||
| 945 | /* buffer the message to handle re-xmits */ | ||
| 946 | dtls1_buffer_message(s, 0); | ||
| 947 | } | 924 | } |
| 948 | 925 | ||
| 949 | /* SSL3_ST_SW_SRVR_HELLO_B */ | 926 | /* SSL3_ST_SW_SRVR_HELLO_B */ |
| 950 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | 927 | return (ssl3_handshake_write(s)); |
| 951 | } | 928 | } |
| 952 | 929 | ||
| 953 | int | 930 | int |
| 954 | dtls1_send_server_done(SSL *s) | 931 | dtls1_send_server_done(SSL *s) |
| 955 | { | 932 | { |
| 956 | unsigned char *p; | ||
| 957 | |||
| 958 | if (s->state == SSL3_ST_SW_SRVR_DONE_A) { | 933 | if (s->state == SSL3_ST_SW_SRVR_DONE_A) { |
| 959 | p = (unsigned char *)s->init_buf->data; | 934 | ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE); |
| 960 | 935 | ssl3_handshake_msg_finish(s, 0); | |
| 961 | /* do the header */ | ||
| 962 | p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0); | ||
| 963 | 936 | ||
| 964 | s->state = SSL3_ST_SW_SRVR_DONE_B; | 937 | s->state = SSL3_ST_SW_SRVR_DONE_B; |
| 965 | /* number of bytes to write */ | ||
| 966 | s->init_num = DTLS1_HM_HEADER_LENGTH; | ||
| 967 | s->init_off = 0; | ||
| 968 | |||
| 969 | /* buffer the message to handle re-xmits */ | ||
| 970 | dtls1_buffer_message(s, 0); | ||
| 971 | } | 938 | } |
| 972 | 939 | ||
| 973 | /* SSL3_ST_SW_SRVR_DONE_B */ | 940 | /* SSL3_ST_SW_SRVR_DONE_B */ |
| 974 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | 941 | return (ssl3_handshake_write(s)); |
| 975 | } | 942 | } |
| 976 | 943 | ||
| 977 | int | 944 | int |
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 4a2fdf1a23..32b379d98f 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.98 2015/02/06 10:04:07 jsing Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.99 2015/02/07 08:56:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -766,23 +766,15 @@ end: | |||
| 766 | int | 766 | int |
| 767 | ssl3_send_hello_request(SSL *s) | 767 | ssl3_send_hello_request(SSL *s) |
| 768 | { | 768 | { |
| 769 | unsigned char *p; | ||
| 770 | |||
| 771 | if (s->state == SSL3_ST_SW_HELLO_REQ_A) { | 769 | if (s->state == SSL3_ST_SW_HELLO_REQ_A) { |
| 772 | p = (unsigned char *)s->init_buf->data; | 770 | ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST); |
| 773 | *(p++) = SSL3_MT_HELLO_REQUEST; | 771 | ssl3_handshake_msg_finish(s, 0); |
| 774 | *(p++) = 0; | ||
| 775 | *(p++) = 0; | ||
| 776 | *(p++) = 0; | ||
| 777 | 772 | ||
| 778 | s->state = SSL3_ST_SW_HELLO_REQ_B; | 773 | s->state = SSL3_ST_SW_HELLO_REQ_B; |
| 779 | /* number of bytes to write */ | ||
| 780 | s->init_num = 4; | ||
| 781 | s->init_off = 0; | ||
| 782 | } | 774 | } |
| 783 | 775 | ||
| 784 | /* SSL3_ST_SW_HELLO_REQ_B */ | 776 | /* SSL3_ST_SW_HELLO_REQ_B */ |
| 785 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); | 777 | return (ssl3_handshake_write(s)); |
| 786 | } | 778 | } |
| 787 | 779 | ||
| 788 | int | 780 | int |
| @@ -1217,18 +1209,15 @@ err: | |||
| 1217 | int | 1209 | int |
| 1218 | ssl3_send_server_hello(SSL *s) | 1210 | ssl3_send_server_hello(SSL *s) |
| 1219 | { | 1211 | { |
| 1220 | unsigned char *buf; | 1212 | unsigned char *bufend; |
| 1221 | unsigned char *p, *d; | 1213 | unsigned char *p, *d; |
| 1222 | unsigned long l; | ||
| 1223 | int sl; | 1214 | int sl; |
| 1224 | 1215 | ||
| 1225 | if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { | 1216 | if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { |
| 1226 | buf = (unsigned char *)s->init_buf->data; | 1217 | d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO); |
| 1227 | /* Do the message type and length last */ | ||
| 1228 | d = p= &(buf[4]); | ||
| 1229 | 1218 | ||
| 1230 | *(p++) = s->version >> 8; | 1219 | *(p++) = s->version >> 8; |
| 1231 | *(p++) = s->version&0xff; | 1220 | *(p++) = s->version & 0xff; |
| 1232 | 1221 | ||
| 1233 | /* Random stuff */ | 1222 | /* Random stuff */ |
| 1234 | memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); | 1223 | memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); |
| @@ -1271,55 +1260,39 @@ ssl3_send_server_hello(SSL *s) | |||
| 1271 | 1260 | ||
| 1272 | /* put the compression method */ | 1261 | /* put the compression method */ |
| 1273 | *(p++) = 0; | 1262 | *(p++) = 0; |
| 1263 | |||
| 1274 | if (ssl_prepare_serverhello_tlsext(s) <= 0) { | 1264 | if (ssl_prepare_serverhello_tlsext(s) <= 0) { |
| 1275 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, | 1265 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, |
| 1276 | SSL_R_SERVERHELLO_TLSEXT); | 1266 | SSL_R_SERVERHELLO_TLSEXT); |
| 1277 | return (-1); | 1267 | return (-1); |
| 1278 | } | 1268 | } |
| 1279 | if ((p = ssl_add_serverhello_tlsext(s, p, | 1269 | bufend = (unsigned char *)s->init_buf->data + |
| 1280 | buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { | 1270 | SSL3_RT_MAX_PLAIN_LENGTH; |
| 1271 | if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) { | ||
| 1281 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, | 1272 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, |
| 1282 | ERR_R_INTERNAL_ERROR); | 1273 | ERR_R_INTERNAL_ERROR); |
| 1283 | return (-1); | 1274 | return (-1); |
| 1284 | } | 1275 | } |
| 1285 | /* do the header */ | ||
| 1286 | l = (p - d); | ||
| 1287 | d = buf; | ||
| 1288 | *(d++) = SSL3_MT_SERVER_HELLO; | ||
| 1289 | l2n3(l, d); | ||
| 1290 | 1276 | ||
| 1291 | s->state = SSL3_ST_SW_SRVR_HELLO_B; | 1277 | ssl3_handshake_msg_finish(s, p - d); |
| 1292 | /* number of bytes to write */ | ||
| 1293 | s->init_num = p - buf; | ||
| 1294 | s->init_off = 0; | ||
| 1295 | } | 1278 | } |
| 1296 | 1279 | ||
| 1297 | /* SSL3_ST_SW_SRVR_HELLO_B */ | 1280 | /* SSL3_ST_SW_SRVR_HELLO_B */ |
| 1298 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); | 1281 | return (ssl3_handshake_write(s)); |
| 1299 | } | 1282 | } |
| 1300 | 1283 | ||
| 1301 | int | 1284 | int |
| 1302 | ssl3_send_server_done(SSL *s) | 1285 | ssl3_send_server_done(SSL *s) |
| 1303 | { | 1286 | { |
| 1304 | unsigned char *p; | ||
| 1305 | |||
| 1306 | if (s->state == SSL3_ST_SW_SRVR_DONE_A) { | 1287 | if (s->state == SSL3_ST_SW_SRVR_DONE_A) { |
| 1307 | p = (unsigned char *)s->init_buf->data; | 1288 | ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE); |
| 1308 | 1289 | ssl3_handshake_msg_finish(s, 0); | |
| 1309 | /* do the header */ | ||
| 1310 | *(p++) = SSL3_MT_SERVER_DONE; | ||
| 1311 | *(p++) = 0; | ||
| 1312 | *(p++) = 0; | ||
| 1313 | *(p++) = 0; | ||
| 1314 | 1290 | ||
| 1315 | s->state = SSL3_ST_SW_SRVR_DONE_B; | 1291 | s->state = SSL3_ST_SW_SRVR_DONE_B; |
| 1316 | /* number of bytes to write */ | ||
| 1317 | s->init_num = 4; | ||
| 1318 | s->init_off = 0; | ||
| 1319 | } | 1292 | } |
| 1320 | 1293 | ||
| 1321 | /* SSL3_ST_SW_SRVR_DONE_B */ | 1294 | /* SSL3_ST_SW_SRVR_DONE_B */ |
| 1322 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); | 1295 | return (ssl3_handshake_write(s)); |
| 1323 | } | 1296 | } |
| 1324 | 1297 | ||
| 1325 | int | 1298 | int |
| @@ -2790,37 +2763,32 @@ ssl3_send_newsession_ticket(SSL *s) | |||
| 2790 | int | 2763 | int |
| 2791 | ssl3_send_cert_status(SSL *s) | 2764 | ssl3_send_cert_status(SSL *s) |
| 2792 | { | 2765 | { |
| 2766 | unsigned char *p; | ||
| 2767 | |||
| 2793 | if (s->state == SSL3_ST_SW_CERT_STATUS_A) { | 2768 | if (s->state == SSL3_ST_SW_CERT_STATUS_A) { |
| 2794 | unsigned char *p; | ||
| 2795 | /* | 2769 | /* |
| 2796 | * Grow buffer if need be: the length calculation is as | 2770 | * Grow buffer if need be: the length calculation is as |
| 2797 | * follows 1 (message type) + 3 (message length) + | 2771 | * follows 1 (message type) + 3 (message length) + |
| 2798 | * 1 (ocsp response type) + 3 (ocsp response length) | 2772 | * 1 (ocsp response type) + 3 (ocsp response length) |
| 2799 | * + (ocsp response) | 2773 | * + (ocsp response) |
| 2800 | */ | 2774 | */ |
| 2801 | if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) | 2775 | if (!BUF_MEM_grow(s->init_buf, SSL3_HM_HEADER_LENGTH + 4 + |
| 2776 | s->tlsext_ocsp_resplen)) | ||
| 2802 | return (-1); | 2777 | return (-1); |
| 2803 | 2778 | ||
| 2804 | p = (unsigned char *)s->init_buf->data; | 2779 | p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_STATUS); |
| 2805 | 2780 | ||
| 2806 | /* do the header */ | ||
| 2807 | *(p++) = SSL3_MT_CERTIFICATE_STATUS; | ||
| 2808 | /* message length */ | ||
| 2809 | l2n3(s->tlsext_ocsp_resplen + 4, p); | ||
| 2810 | /* status type */ | ||
| 2811 | *(p++) = s->tlsext_status_type; | 2781 | *(p++) = s->tlsext_status_type; |
| 2812 | /* length of OCSP response */ | ||
| 2813 | l2n3(s->tlsext_ocsp_resplen, p); | 2782 | l2n3(s->tlsext_ocsp_resplen, p); |
| 2814 | /* actual response */ | ||
| 2815 | memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); | 2783 | memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); |
| 2816 | /* number of bytes to write */ | 2784 | |
| 2817 | s->init_num = 8 + s->tlsext_ocsp_resplen; | 2785 | ssl3_handshake_msg_finish(s, s->tlsext_ocsp_resplen + 4); |
| 2786 | |||
| 2818 | s->state = SSL3_ST_SW_CERT_STATUS_B; | 2787 | s->state = SSL3_ST_SW_CERT_STATUS_B; |
| 2819 | s->init_off = 0; | ||
| 2820 | } | 2788 | } |
| 2821 | 2789 | ||
| 2822 | /* SSL3_ST_SW_CERT_STATUS_B */ | 2790 | /* SSL3_ST_SW_CERT_STATUS_B */ |
| 2823 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); | 2791 | return (ssl3_handshake_write(s)); |
| 2824 | } | 2792 | } |
| 2825 | 2793 | ||
| 2826 | /* | 2794 | /* |
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c index 82f846d236..1c732c5b08 100644 --- a/src/lib/libssl/src/ssl/d1_srvr.c +++ b/src/lib/libssl/src/ssl/d1_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_srvr.c,v 1.47 2015/02/06 08:30:23 jsing Exp $ */ | 1 | /* $OpenBSD: d1_srvr.c,v 1.48 2015/02/07 08:56:39 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -819,82 +819,65 @@ end: | |||
| 819 | int | 819 | int |
| 820 | dtls1_send_hello_request(SSL *s) | 820 | dtls1_send_hello_request(SSL *s) |
| 821 | { | 821 | { |
| 822 | unsigned char *p; | ||
| 823 | |||
| 824 | if (s->state == SSL3_ST_SW_HELLO_REQ_A) { | 822 | if (s->state == SSL3_ST_SW_HELLO_REQ_A) { |
| 825 | p = (unsigned char *)s->init_buf->data; | 823 | ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST); |
| 826 | p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0); | 824 | ssl3_handshake_msg_finish(s, 0); |
| 827 | 825 | ||
| 828 | s->state = SSL3_ST_SW_HELLO_REQ_B; | 826 | s->state = SSL3_ST_SW_HELLO_REQ_B; |
| 829 | /* number of bytes to write */ | ||
| 830 | s->init_num = DTLS1_HM_HEADER_LENGTH; | ||
| 831 | s->init_off = 0; | ||
| 832 | |||
| 833 | /* no need to buffer this message, since there are no retransmit | ||
| 834 | * requests for it */ | ||
| 835 | } | 827 | } |
| 836 | 828 | ||
| 837 | /* SSL3_ST_SW_HELLO_REQ_B */ | 829 | /* SSL3_ST_SW_HELLO_REQ_B */ |
| 838 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | 830 | return (ssl3_handshake_write(s)); |
| 839 | } | 831 | } |
| 840 | 832 | ||
| 841 | int | 833 | int |
| 842 | dtls1_send_hello_verify_request(SSL *s) | 834 | dtls1_send_hello_verify_request(SSL *s) |
| 843 | { | 835 | { |
| 844 | unsigned int msg_len; | 836 | unsigned char *d, *p; |
| 845 | unsigned char *msg, *buf, *p; | ||
| 846 | 837 | ||
| 847 | if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { | 838 | if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { |
| 848 | buf = (unsigned char *)s->init_buf->data; | 839 | d = p = ssl3_handshake_msg_start(s, |
| 840 | DTLS1_MT_HELLO_VERIFY_REQUEST); | ||
| 849 | 841 | ||
| 850 | msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]); | ||
| 851 | *(p++) = s->version >> 8; | 842 | *(p++) = s->version >> 8; |
| 852 | *(p++) = s->version & 0xFF; | 843 | *(p++) = s->version & 0xFF; |
| 853 | 844 | ||
| 854 | if (s->ctx->app_gen_cookie_cb == NULL || | 845 | if (s->ctx->app_gen_cookie_cb == NULL || |
| 855 | s->ctx->app_gen_cookie_cb(s, s->d1->cookie, | 846 | s->ctx->app_gen_cookie_cb(s, s->d1->cookie, |
| 856 | &(s->d1->cookie_len)) == 0) { | 847 | &(s->d1->cookie_len)) == 0) { |
| 857 | SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR); | 848 | SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, |
| 849 | ERR_R_INTERNAL_ERROR); | ||
| 858 | return 0; | 850 | return 0; |
| 859 | } | 851 | } |
| 860 | 852 | ||
| 861 | *(p++) = (unsigned char) s->d1->cookie_len; | 853 | *(p++) = (unsigned char) s->d1->cookie_len; |
| 862 | memcpy(p, s->d1->cookie, s->d1->cookie_len); | 854 | memcpy(p, s->d1->cookie, s->d1->cookie_len); |
| 863 | p += s->d1->cookie_len; | 855 | p += s->d1->cookie_len; |
| 864 | msg_len = p - msg; | ||
| 865 | 856 | ||
| 866 | dtls1_set_message_header(s, buf, | 857 | ssl3_handshake_msg_finish(s, p - d); |
| 867 | DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len); | ||
| 868 | 858 | ||
| 869 | s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; | 859 | s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; |
| 870 | /* number of bytes to write */ | ||
| 871 | s->init_num = p - buf; | ||
| 872 | s->init_off = 0; | ||
| 873 | } | 860 | } |
| 874 | 861 | ||
| 875 | /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ | 862 | /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ |
| 876 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | 863 | return (ssl3_handshake_write(s)); |
| 877 | } | 864 | } |
| 878 | 865 | ||
| 879 | int | 866 | int |
| 880 | dtls1_send_server_hello(SSL *s) | 867 | dtls1_send_server_hello(SSL *s) |
| 881 | { | 868 | { |
| 882 | unsigned char *buf; | 869 | unsigned char *bufend; |
| 883 | unsigned char *p, *d; | 870 | unsigned char *p, *d; |
| 884 | unsigned int sl; | 871 | unsigned int sl; |
| 885 | unsigned long l; | ||
| 886 | 872 | ||
| 887 | if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { | 873 | if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { |
| 888 | buf = (unsigned char *)s->init_buf->data; | 874 | d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO); |
| 889 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); | ||
| 890 | |||
| 891 | /* Do the message type and length last */ | ||
| 892 | d = p= &(buf[DTLS1_HM_HEADER_LENGTH]); | ||
| 893 | 875 | ||
| 894 | *(p++) = s->version >> 8; | 876 | *(p++) = s->version >> 8; |
| 895 | *(p++) = s->version&0xff; | 877 | *(p++) = s->version & 0xff; |
| 896 | 878 | ||
| 897 | /* Random stuff */ | 879 | /* Random stuff */ |
| 880 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); | ||
| 898 | memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); | 881 | memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); |
| 899 | p += SSL3_RANDOM_SIZE; | 882 | p += SSL3_RANDOM_SIZE; |
| 900 | 883 | ||
| @@ -911,7 +894,8 @@ dtls1_send_server_hello(SSL *s) | |||
| 911 | 894 | ||
| 912 | sl = s->session->session_id_length; | 895 | sl = s->session->session_id_length; |
| 913 | if (sl > sizeof s->session->session_id) { | 896 | if (sl > sizeof s->session->session_id) { |
| 914 | SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); | 897 | SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, |
| 898 | ERR_R_INTERNAL_ERROR); | ||
| 915 | return -1; | 899 | return -1; |
| 916 | } | 900 | } |
| 917 | *(p++) = sl; | 901 | *(p++) = sl; |
| @@ -926,52 +910,35 @@ dtls1_send_server_hello(SSL *s) | |||
| 926 | /* put the compression method */ | 910 | /* put the compression method */ |
| 927 | *(p++) = 0; | 911 | *(p++) = 0; |
| 928 | 912 | ||
| 929 | if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { | 913 | bufend = (unsigned char *)s->init_buf->data + |
| 930 | SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); | 914 | SSL3_RT_MAX_PLAIN_LENGTH; |
| 915 | if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) { | ||
| 916 | SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, | ||
| 917 | ERR_R_INTERNAL_ERROR); | ||
| 931 | return -1; | 918 | return -1; |
| 932 | } | 919 | } |
| 933 | 920 | ||
| 934 | /* do the header */ | 921 | ssl3_handshake_msg_finish(s, p - d); |
| 935 | l = (p - d); | ||
| 936 | d = buf; | ||
| 937 | |||
| 938 | d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l); | ||
| 939 | 922 | ||
| 940 | s->state = SSL3_ST_SW_SRVR_HELLO_B; | 923 | s->state = SSL3_ST_SW_SRVR_HELLO_B; |
| 941 | /* number of bytes to write */ | ||
| 942 | s->init_num = p - buf; | ||
| 943 | s->init_off = 0; | ||
| 944 | |||
| 945 | /* buffer the message to handle re-xmits */ | ||
| 946 | dtls1_buffer_message(s, 0); | ||
| 947 | } | 924 | } |
| 948 | 925 | ||
| 949 | /* SSL3_ST_SW_SRVR_HELLO_B */ | 926 | /* SSL3_ST_SW_SRVR_HELLO_B */ |
| 950 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | 927 | return (ssl3_handshake_write(s)); |
| 951 | } | 928 | } |
| 952 | 929 | ||
| 953 | int | 930 | int |
| 954 | dtls1_send_server_done(SSL *s) | 931 | dtls1_send_server_done(SSL *s) |
| 955 | { | 932 | { |
| 956 | unsigned char *p; | ||
| 957 | |||
| 958 | if (s->state == SSL3_ST_SW_SRVR_DONE_A) { | 933 | if (s->state == SSL3_ST_SW_SRVR_DONE_A) { |
| 959 | p = (unsigned char *)s->init_buf->data; | 934 | ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE); |
| 960 | 935 | ssl3_handshake_msg_finish(s, 0); | |
| 961 | /* do the header */ | ||
| 962 | p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0); | ||
| 963 | 936 | ||
| 964 | s->state = SSL3_ST_SW_SRVR_DONE_B; | 937 | s->state = SSL3_ST_SW_SRVR_DONE_B; |
| 965 | /* number of bytes to write */ | ||
| 966 | s->init_num = DTLS1_HM_HEADER_LENGTH; | ||
| 967 | s->init_off = 0; | ||
| 968 | |||
| 969 | /* buffer the message to handle re-xmits */ | ||
| 970 | dtls1_buffer_message(s, 0); | ||
| 971 | } | 938 | } |
| 972 | 939 | ||
| 973 | /* SSL3_ST_SW_SRVR_DONE_B */ | 940 | /* SSL3_ST_SW_SRVR_DONE_B */ |
| 974 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | 941 | return (ssl3_handshake_write(s)); |
| 975 | } | 942 | } |
| 976 | 943 | ||
| 977 | int | 944 | int |
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index 4a2fdf1a23..32b379d98f 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.98 2015/02/06 10:04:07 jsing Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.99 2015/02/07 08:56:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -766,23 +766,15 @@ end: | |||
| 766 | int | 766 | int |
| 767 | ssl3_send_hello_request(SSL *s) | 767 | ssl3_send_hello_request(SSL *s) |
| 768 | { | 768 | { |
| 769 | unsigned char *p; | ||
| 770 | |||
| 771 | if (s->state == SSL3_ST_SW_HELLO_REQ_A) { | 769 | if (s->state == SSL3_ST_SW_HELLO_REQ_A) { |
| 772 | p = (unsigned char *)s->init_buf->data; | 770 | ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST); |
| 773 | *(p++) = SSL3_MT_HELLO_REQUEST; | 771 | ssl3_handshake_msg_finish(s, 0); |
| 774 | *(p++) = 0; | ||
| 775 | *(p++) = 0; | ||
| 776 | *(p++) = 0; | ||
| 777 | 772 | ||
| 778 | s->state = SSL3_ST_SW_HELLO_REQ_B; | 773 | s->state = SSL3_ST_SW_HELLO_REQ_B; |
| 779 | /* number of bytes to write */ | ||
| 780 | s->init_num = 4; | ||
| 781 | s->init_off = 0; | ||
| 782 | } | 774 | } |
| 783 | 775 | ||
| 784 | /* SSL3_ST_SW_HELLO_REQ_B */ | 776 | /* SSL3_ST_SW_HELLO_REQ_B */ |
| 785 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); | 777 | return (ssl3_handshake_write(s)); |
| 786 | } | 778 | } |
| 787 | 779 | ||
| 788 | int | 780 | int |
| @@ -1217,18 +1209,15 @@ err: | |||
| 1217 | int | 1209 | int |
| 1218 | ssl3_send_server_hello(SSL *s) | 1210 | ssl3_send_server_hello(SSL *s) |
| 1219 | { | 1211 | { |
| 1220 | unsigned char *buf; | 1212 | unsigned char *bufend; |
| 1221 | unsigned char *p, *d; | 1213 | unsigned char *p, *d; |
| 1222 | unsigned long l; | ||
| 1223 | int sl; | 1214 | int sl; |
| 1224 | 1215 | ||
| 1225 | if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { | 1216 | if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { |
| 1226 | buf = (unsigned char *)s->init_buf->data; | 1217 | d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO); |
| 1227 | /* Do the message type and length last */ | ||
| 1228 | d = p= &(buf[4]); | ||
| 1229 | 1218 | ||
| 1230 | *(p++) = s->version >> 8; | 1219 | *(p++) = s->version >> 8; |
| 1231 | *(p++) = s->version&0xff; | 1220 | *(p++) = s->version & 0xff; |
| 1232 | 1221 | ||
| 1233 | /* Random stuff */ | 1222 | /* Random stuff */ |
| 1234 | memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); | 1223 | memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); |
| @@ -1271,55 +1260,39 @@ ssl3_send_server_hello(SSL *s) | |||
| 1271 | 1260 | ||
| 1272 | /* put the compression method */ | 1261 | /* put the compression method */ |
| 1273 | *(p++) = 0; | 1262 | *(p++) = 0; |
| 1263 | |||
| 1274 | if (ssl_prepare_serverhello_tlsext(s) <= 0) { | 1264 | if (ssl_prepare_serverhello_tlsext(s) <= 0) { |
| 1275 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, | 1265 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, |
| 1276 | SSL_R_SERVERHELLO_TLSEXT); | 1266 | SSL_R_SERVERHELLO_TLSEXT); |
| 1277 | return (-1); | 1267 | return (-1); |
| 1278 | } | 1268 | } |
| 1279 | if ((p = ssl_add_serverhello_tlsext(s, p, | 1269 | bufend = (unsigned char *)s->init_buf->data + |
| 1280 | buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { | 1270 | SSL3_RT_MAX_PLAIN_LENGTH; |
| 1271 | if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) { | ||
| 1281 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, | 1272 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, |
| 1282 | ERR_R_INTERNAL_ERROR); | 1273 | ERR_R_INTERNAL_ERROR); |
| 1283 | return (-1); | 1274 | return (-1); |
| 1284 | } | 1275 | } |
| 1285 | /* do the header */ | ||
| 1286 | l = (p - d); | ||
| 1287 | d = buf; | ||
| 1288 | *(d++) = SSL3_MT_SERVER_HELLO; | ||
| 1289 | l2n3(l, d); | ||
| 1290 | 1276 | ||
| 1291 | s->state = SSL3_ST_SW_SRVR_HELLO_B; | 1277 | ssl3_handshake_msg_finish(s, p - d); |
| 1292 | /* number of bytes to write */ | ||
| 1293 | s->init_num = p - buf; | ||
| 1294 | s->init_off = 0; | ||
| 1295 | } | 1278 | } |
| 1296 | 1279 | ||
| 1297 | /* SSL3_ST_SW_SRVR_HELLO_B */ | 1280 | /* SSL3_ST_SW_SRVR_HELLO_B */ |
| 1298 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); | 1281 | return (ssl3_handshake_write(s)); |
| 1299 | } | 1282 | } |
| 1300 | 1283 | ||
| 1301 | int | 1284 | int |
| 1302 | ssl3_send_server_done(SSL *s) | 1285 | ssl3_send_server_done(SSL *s) |
| 1303 | { | 1286 | { |
| 1304 | unsigned char *p; | ||
| 1305 | |||
| 1306 | if (s->state == SSL3_ST_SW_SRVR_DONE_A) { | 1287 | if (s->state == SSL3_ST_SW_SRVR_DONE_A) { |
| 1307 | p = (unsigned char *)s->init_buf->data; | 1288 | ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE); |
| 1308 | 1289 | ssl3_handshake_msg_finish(s, 0); | |
| 1309 | /* do the header */ | ||
| 1310 | *(p++) = SSL3_MT_SERVER_DONE; | ||
| 1311 | *(p++) = 0; | ||
| 1312 | *(p++) = 0; | ||
| 1313 | *(p++) = 0; | ||
| 1314 | 1290 | ||
| 1315 | s->state = SSL3_ST_SW_SRVR_DONE_B; | 1291 | s->state = SSL3_ST_SW_SRVR_DONE_B; |
| 1316 | /* number of bytes to write */ | ||
| 1317 | s->init_num = 4; | ||
| 1318 | s->init_off = 0; | ||
| 1319 | } | 1292 | } |
| 1320 | 1293 | ||
| 1321 | /* SSL3_ST_SW_SRVR_DONE_B */ | 1294 | /* SSL3_ST_SW_SRVR_DONE_B */ |
| 1322 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); | 1295 | return (ssl3_handshake_write(s)); |
| 1323 | } | 1296 | } |
| 1324 | 1297 | ||
| 1325 | int | 1298 | int |
| @@ -2790,37 +2763,32 @@ ssl3_send_newsession_ticket(SSL *s) | |||
| 2790 | int | 2763 | int |
| 2791 | ssl3_send_cert_status(SSL *s) | 2764 | ssl3_send_cert_status(SSL *s) |
| 2792 | { | 2765 | { |
| 2766 | unsigned char *p; | ||
| 2767 | |||
| 2793 | if (s->state == SSL3_ST_SW_CERT_STATUS_A) { | 2768 | if (s->state == SSL3_ST_SW_CERT_STATUS_A) { |
| 2794 | unsigned char *p; | ||
| 2795 | /* | 2769 | /* |
| 2796 | * Grow buffer if need be: the length calculation is as | 2770 | * Grow buffer if need be: the length calculation is as |
| 2797 | * follows 1 (message type) + 3 (message length) + | 2771 | * follows 1 (message type) + 3 (message length) + |
| 2798 | * 1 (ocsp response type) + 3 (ocsp response length) | 2772 | * 1 (ocsp response type) + 3 (ocsp response length) |
| 2799 | * + (ocsp response) | 2773 | * + (ocsp response) |
| 2800 | */ | 2774 | */ |
| 2801 | if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) | 2775 | if (!BUF_MEM_grow(s->init_buf, SSL3_HM_HEADER_LENGTH + 4 + |
| 2776 | s->tlsext_ocsp_resplen)) | ||
| 2802 | return (-1); | 2777 | return (-1); |
| 2803 | 2778 | ||
| 2804 | p = (unsigned char *)s->init_buf->data; | 2779 | p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_STATUS); |
| 2805 | 2780 | ||
| 2806 | /* do the header */ | ||
| 2807 | *(p++) = SSL3_MT_CERTIFICATE_STATUS; | ||
| 2808 | /* message length */ | ||
| 2809 | l2n3(s->tlsext_ocsp_resplen + 4, p); | ||
| 2810 | /* status type */ | ||
| 2811 | *(p++) = s->tlsext_status_type; | 2781 | *(p++) = s->tlsext_status_type; |
| 2812 | /* length of OCSP response */ | ||
| 2813 | l2n3(s->tlsext_ocsp_resplen, p); | 2782 | l2n3(s->tlsext_ocsp_resplen, p); |
| 2814 | /* actual response */ | ||
| 2815 | memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); | 2783 | memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); |
| 2816 | /* number of bytes to write */ | 2784 | |
| 2817 | s->init_num = 8 + s->tlsext_ocsp_resplen; | 2785 | ssl3_handshake_msg_finish(s, s->tlsext_ocsp_resplen + 4); |
| 2786 | |||
| 2818 | s->state = SSL3_ST_SW_CERT_STATUS_B; | 2787 | s->state = SSL3_ST_SW_CERT_STATUS_B; |
| 2819 | s->init_off = 0; | ||
| 2820 | } | 2788 | } |
| 2821 | 2789 | ||
| 2822 | /* SSL3_ST_SW_CERT_STATUS_B */ | 2790 | /* SSL3_ST_SW_CERT_STATUS_B */ |
| 2823 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); | 2791 | return (ssl3_handshake_write(s)); |
| 2824 | } | 2792 | } |
| 2825 | 2793 | ||
| 2826 | /* | 2794 | /* |