Convert ssl3_send_change_cipher_spec() to use CBB and make it handle DTLS,

which allows us to drop dtls1_send_change_cipher_spec() entirely. ok inoguchi@
author: jsing <> 2017-10-08 16:24:02 +0000
committer: jsing <> 2017-10-08 16:24:02 +0000
commit: ba9ebd2e46ba795dd4f082910e89df705f1e264b (patch)
tree: 3353b68b503515d359d87d0e023b6b9bc1e1453c /src/lib/libssl/d1_both.c
parent: 7819e9da1462ce9c60996aaf73ca0c06f0a2424b (diff)
download: openbsd-ba9ebd2e46ba795dd4f082910e89df705f1e264b.tar.gz
openbsd-ba9ebd2e46ba795dd4f082910e89df705f1e264b.tar.bz2
openbsd-ba9ebd2e46ba795dd4f082910e89df705f1e264b.zip
1 files changed, 2 insertions, 39 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 6b86cfc03e..42f8cbd537 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.51 2017/05/07 04:22:24 beck Exp $ */
+/* $OpenBSD: d1_both.c,v 1.52 2017/10/08 16:24:02 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -162,9 +162,6 @@ static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
 static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
    unsigned long frag_len);
 static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
-static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
-    unsigned long len, unsigned short seq_num, unsigned long frag_off,
-    unsigned long frag_len);
 static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max,
    int *ok);
@@ -895,40 +892,6 @@ f_err:
        return (-1);
 }
-/*
- * for these 2 messages, we need to
- * ssl->enc_read_ctx                    re-init
- * ssl->s3->internal->read_sequence             zero
- * ssl->s3->internal->read_mac_secret           re-init
- * ssl->session->read_sym_enc           assign
- * ssl->session->read_hash              assign
- */
-int
-dtls1_send_change_cipher_spec(SSL *s, int a, int b)
-{
-        unsigned char *p;
-        if (S3I(s)->hs.state == a) {
-                p = (unsigned char *)s->internal->init_buf->data;
-                *p++=SSL3_MT_CCS;
-                D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq;
-                s->internal->init_num = DTLS1_CCS_HEADER_LENGTH;
-                s->internal->init_off = 0;
-                dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
-                    D1I(s)->handshake_write_seq, 0, 0);
-                /* buffer the message to handle re-xmits */
-                dtls1_buffer_message(s, 1);
-                S3I(s)->hs.state = b;
-        }
-        /* SSL3_ST_CW_CHANGE_B */
-        return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
-}
 int
 dtls1_read_failed(SSL *s, int code)
 {
@@ -1182,7 +1145,7 @@ dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len,
 }
 /* don't actually do the writing, wait till the MTU has been retrieved */
-static void
+void
 dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
    unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
 {
author	jsing <>	2017-10-08 16:24:02 +0000
committer	jsing <>	2017-10-08 16:24:02 +0000
commit	ba9ebd2e46ba795dd4f082910e89df705f1e264b (patch)
tree	3353b68b503515d359d87d0e023b6b9bc1e1453c /src/lib/libssl/d1_both.c
parent	7819e9da1462ce9c60996aaf73ca0c06f0a2424b (diff)
download	openbsd-ba9ebd2e46ba795dd4f082910e89df705f1e264b.tar.gz openbsd-ba9ebd2e46ba795dd4f082910e89df705f1e264b.tar.bz2 openbsd-ba9ebd2e46ba795dd4f082910e89df705f1e264b.zip

diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index 6b86cfc03e..42f8cbd537 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_both.c,v 1.51 2017/05/07 04:22:24 beck Exp $ */	1	/* $OpenBSD: d1_both.c,v 1.52 2017/10/08 16:24:02 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -162,9 +162,6 @@ static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
162	static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,	162	static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
163	unsigned long frag_len);	163	unsigned long frag_len);
164	static unsigned char dtls1_write_message_header(SSL s, unsigned char *p);	164	static unsigned char dtls1_write_message_header(SSL s, unsigned char *p);
165	static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
166	unsigned long len, unsigned short seq_num, unsigned long frag_off,
167	unsigned long frag_len);
168	static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max,	165	static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max,
169	int *ok);	166	int *ok);
170		167
@@ -895,40 +892,6 @@ f_err:
895	return (-1);	892	return (-1);
896	}	893	}
897		894
898	/*
899	* for these 2 messages, we need to
900	* ssl->enc_read_ctx re-init
901	* ssl->s3->internal->read_sequence zero
902	* ssl->s3->internal->read_mac_secret re-init
903	* ssl->session->read_sym_enc assign
904	* ssl->session->read_hash assign
905	*/
906	int
907	dtls1_send_change_cipher_spec(SSL *s, int a, int b)
908	{
909	unsigned char *p;
910
911	if (S3I(s)->hs.state == a) {
912	p = (unsigned char *)s->internal->init_buf->data;
913	*p++=SSL3_MT_CCS;
914	D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq;
915	s->internal->init_num = DTLS1_CCS_HEADER_LENGTH;
916
917	s->internal->init_off = 0;
918
919	dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
920	D1I(s)->handshake_write_seq, 0, 0);
921
922	/* buffer the message to handle re-xmits */
923	dtls1_buffer_message(s, 1);
924
925	S3I(s)->hs.state = b;
926	}
927
928	/* SSL3_ST_CW_CHANGE_B */
929	return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
930	}
931
932	int	895	int
933	dtls1_read_failed(SSL *s, int code)	896	dtls1_read_failed(SSL *s, int code)
934	{	897	{
@@ -1182,7 +1145,7 @@ dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len,
1182	}	1145	}
1183		1146
1184	/* don't actually do the writing, wait till the MTU has been retrieved */	1147	/* don't actually do the writing, wait till the MTU has been retrieved */
1185	static void	1148	void
1186	dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,	1149	dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
1187	unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)	1150	unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
1188	{	1151	{