Now that ssl3_send_{client,server}_certificate() are using the common

handshake functions, we can remove more copied code from DTLS.
author: jsing <> 2016-12-06 13:38:11 +0000
committer: jsing <> 2016-12-06 13:38:11 +0000
commit: 433337f9d78f0abdcbf97c4205b00e85f598f704 (patch)
tree: 637189bfb9f1969f946ec330944d4038db2c5cb9 /src/lib/libssl/d1_both.c
parent: 1af568a4129a2a3a60c8d78813849bb19fb270b4 (diff)
download: openbsd-433337f9d78f0abdcbf97c4205b00e85f598f704.tar.gz
openbsd-433337f9d78f0abdcbf97c4205b00e85f598f704.tar.bz2
openbsd-433337f9d78f0abdcbf97c4205b00e85f598f704.zip
1 files changed, 1 insertions, 75 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index bce084f1ee..7f9d5af4ce 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.39 2016/03/06 14:52:15 beck Exp $ */
+/* $OpenBSD: d1_both.c,v 1.40 2016/12/06 13:38:11 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -936,80 +936,6 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b)
        return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
 }
-static int
-dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
-{
-        int n;
-        unsigned char *p;
-        n = i2d_X509(x, NULL);
-        if (!BUF_MEM_grow_clean(buf, n + (*l) + 3)) {
-                SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
-                return 0;
-        }
-        p = (unsigned char *)&(buf->data[*l]);
-        l2n3(n, p);
-        i2d_X509(x, &p);
-        *l += n + 3;
-        return 1;
-}
-unsigned long
-dtls1_output_cert_chain(SSL *s, X509 *x)
-{
-        unsigned char *p;
-        int i;
-        unsigned long l = 3 + DTLS1_HM_HEADER_LENGTH;
-        BUF_MEM *buf;
-        /* TLSv1 sends a chain with nothing in it, instead of an alert */
-        buf = s->init_buf;
-        if (!BUF_MEM_grow_clean(buf, 10)) {
-                SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
-                return (0);
-        }
-        if (x != NULL) {
-                X509_STORE_CTX xs_ctx;
-                if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
-                    x, NULL)) {
-                        SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
-                        return (0);
-                }
-                X509_verify_cert(&xs_ctx);
-                /* Don't leave errors in the queue */
-                ERR_clear_error();
-                for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
-                        x = sk_X509_value(xs_ctx.chain, i);
-                        if (!dtls1_add_cert_to_buf(buf, &l, x)) {
-                                X509_STORE_CTX_cleanup(&xs_ctx);
-                                return 0;
-                        }
-                }
-                X509_STORE_CTX_cleanup(&xs_ctx);
-        }
-        /* Thawte special :-) */
-        for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
-                x = sk_X509_value(s->ctx->extra_certs, i);
-                if (!dtls1_add_cert_to_buf(buf, &l, x))
-                        return 0;
-        }
-        l -= (3 + DTLS1_HM_HEADER_LENGTH);
-        p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
-        l2n3(l, p);
-        l += 3;
-        p = (unsigned char *)&(buf->data[0]);
-        p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
-        l += DTLS1_HM_HEADER_LENGTH;
-        return (l);
-}
 int
 dtls1_read_failed(SSL *s, int code)
 {
author	jsing <>	2016-12-06 13:38:11 +0000
committer	jsing <>	2016-12-06 13:38:11 +0000
commit	433337f9d78f0abdcbf97c4205b00e85f598f704 (patch)
tree	637189bfb9f1969f946ec330944d4038db2c5cb9 /src/lib/libssl/d1_both.c
parent	1af568a4129a2a3a60c8d78813849bb19fb270b4 (diff)
download	openbsd-433337f9d78f0abdcbf97c4205b00e85f598f704.tar.gz openbsd-433337f9d78f0abdcbf97c4205b00e85f598f704.tar.bz2 openbsd-433337f9d78f0abdcbf97c4205b00e85f598f704.zip

diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index bce084f1ee..7f9d5af4ce 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_both.c,v 1.39 2016/03/06 14:52:15 beck Exp $ */	1	/* $OpenBSD: d1_both.c,v 1.40 2016/12/06 13:38:11 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -936,80 +936,6 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b)
936	return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));	936	return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
937	}	937	}
938		938
939	static int
940	dtls1_add_cert_to_buf(BUF_MEM buf, unsigned long l, X509 *x)
941	{
942	int n;
943	unsigned char *p;
944
945	n = i2d_X509(x, NULL);
946	if (!BUF_MEM_grow_clean(buf, n + (*l) + 3)) {
947	SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
948	return 0;
949	}
950	p = (unsigned char )&(buf->data[l]);
951	l2n3(n, p);
952	i2d_X509(x, &p);
953	*l += n + 3;
954
955	return 1;
956	}
957
958	unsigned long
959	dtls1_output_cert_chain(SSL s, X509 x)
960	{
961	unsigned char *p;
962	int i;
963	unsigned long l = 3 + DTLS1_HM_HEADER_LENGTH;
964	BUF_MEM *buf;
965
966	/* TLSv1 sends a chain with nothing in it, instead of an alert */
967	buf = s->init_buf;
968	if (!BUF_MEM_grow_clean(buf, 10)) {
969	SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
970	return (0);
971	}
972	if (x != NULL) {
973	X509_STORE_CTX xs_ctx;
974
975	if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
976	x, NULL)) {
977	SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
978	return (0);
979	}
980
981	X509_verify_cert(&xs_ctx);
982	/* Don't leave errors in the queue */
983	ERR_clear_error();
984	for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
985	x = sk_X509_value(xs_ctx.chain, i);
986
987	if (!dtls1_add_cert_to_buf(buf, &l, x)) {
988	X509_STORE_CTX_cleanup(&xs_ctx);
989	return 0;
990	}
991	}
992	X509_STORE_CTX_cleanup(&xs_ctx);
993	}
994	/* Thawte special :-) */
995	for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
996	x = sk_X509_value(s->ctx->extra_certs, i);
997	if (!dtls1_add_cert_to_buf(buf, &l, x))
998	return 0;
999	}
1000
1001	l -= (3 + DTLS1_HM_HEADER_LENGTH);
1002
1003	p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1004	l2n3(l, p);
1005	l += 3;
1006	p = (unsigned char *)&(buf->data[0]);
1007	p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
1008
1009	l += DTLS1_HM_HEADER_LENGTH;
1010	return (l);
1011	}
1012
1013	int	939	int
1014	dtls1_read_failed(SSL *s, int code)	940	dtls1_read_failed(SSL *s, int code)
1015	{	941	{