Replace dtls1_client_hello() with ssl3_client_hello() - both are basically

the same code, with two slight differences for DTLS handling. Also, make use of send_cookie to determine if the client random needs to be preserved, rather than testing if it is zeroed (hopefully your random number generator never returned all zeros, since the existing code would break). Inspired by BoringSSL. ok doug@
author: jsing <> 2015-09-02 17:59:15 +0000
committer: jsing <> 2015-09-02 17:59:15 +0000
commit: 6979bbfe4fd79a2951b19171936b69968db66c1e (patch)
tree: 5ed4d431f7e35e43a4977f14c4711fe9c9af39e0 /src/lib/libssl/d1_clnt.c
parent: 7a0325c92218252068766465cba0cc0eb35d0c93 (diff)
download: openbsd-6979bbfe4fd79a2951b19171936b69968db66c1e.tar.gz
openbsd-6979bbfe4fd79a2951b19171936b69968db66c1e.tar.bz2
openbsd-6979bbfe4fd79a2951b19171936b69968db66c1e.zip
1 files changed, 6 insertions, 99 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index b087535ce1..23d6b372c9 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.47 2015/07/15 18:35:34 beck Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.48 2015/09/02 17:59:15 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -263,7 +263,7 @@ dtls1_connect(SSL *s)
                        }
                        dtls1_start_timer(s);
-                        ret = dtls1_client_hello(s);
+                        ret = ssl3_client_hello(s);
                        if (ret <= 0)
                                goto end;
@@ -275,9 +275,10 @@ dtls1_connect(SSL *s)
                        s->init_num = 0;
-                                /* turn on buffering for the next lot of output */
+                        /* turn on buffering for the next lot of output */
-                                if (s->bbio != s->wbio)
+                        if (s->bbio != s->wbio)
-                                        s->wbio = BIO_push(s->bbio, s->wbio);
+                                s->wbio = BIO_push(s->bbio, s->wbio);
                        break;
                case SSL3_ST_CR_SRVR_HELLO_A:
@@ -603,100 +604,6 @@ end:
        return (ret);
 }
-int
-dtls1_client_hello(SSL *s)
-{
-        unsigned char *bufend, *d, *p;
-        unsigned int i;
-        if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
-                SSL_SESSION *sess = s->session;
-                if ((s->session == NULL) ||
-                    (s->session->ssl_version != s->version) ||
-                    (!sess->session_id_length && !sess->tlsext_tick) ||
-                    (s->session->not_resumable)) {
-                        if (!ssl_get_new_session(s, 0))
-                                goto err;
-                }
-                /* else use the pre-loaded session */
-                p = s->s3->client_random;
-                /* if client_random is initialized, reuse it, we are
-                 * required to use same upon reply to HelloVerify */
-                for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)
-                        ;
-                if (i == sizeof(s->s3->client_random))
-                        arc4random_buf(p, sizeof(s->s3->client_random));
-                d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
-                *(p++) = s->version >> 8;
-                *(p++) = s->version&0xff;
-                s->client_version = s->version;
-                /* Random stuff */
-                memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
-                p += SSL3_RANDOM_SIZE;
-                /* Session ID */
-                if (s->new_session)
-                        i = 0;
-                else
-                        i = s->session->session_id_length;
-                *(p++) = i;
-                if (i != 0) {
-                        if (i > sizeof s->session->session_id) {
-                                SSLerr(SSL_F_DTLS1_CLIENT_HELLO,
-                                    ERR_R_INTERNAL_ERROR);
-                                goto err;
-                        }
-                        memcpy(p, s->session->session_id, i);
-                        p += i;
-                }
-                /* cookie stuff */
-                if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
-                        SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-                *(p++) = s->d1->cookie_len;
-                memcpy(p, s->d1->cookie, s->d1->cookie_len);
-                p += s->d1->cookie_len;
-                /* Ciphers supported */
-                i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
-                if (i == 0) {
-                        SSLerr(SSL_F_DTLS1_CLIENT_HELLO,
-                            SSL_R_NO_CIPHERS_AVAILABLE);
-                        goto err;
-                }
-                s2n(i, p);
-                p += i;
-                /* add in (no) COMPRESSION */
-                *(p++) = 1;
-                *(p++) = 0; /* Add the NULL method */
-                bufend = (unsigned char *)s->init_buf->data +
-                    SSL3_RT_MAX_PLAIN_LENGTH;
-                if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
-                        SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-                ssl3_handshake_msg_finish(s, p - d);
-                s->state = SSL3_ST_CW_CLNT_HELLO_B;
-        }
-        /* SSL3_ST_CW_CLNT_HELLO_B */
-        return (ssl3_handshake_write(s));
-err:
-        return (-1);
-}
 static int
 dtls1_get_hello_verify(SSL *s)
 {
author	jsing <>	2015-09-02 17:59:15 +0000
committer	jsing <>	2015-09-02 17:59:15 +0000
commit	6979bbfe4fd79a2951b19171936b69968db66c1e (patch)
tree	5ed4d431f7e35e43a4977f14c4711fe9c9af39e0 /src/lib/libssl/d1_clnt.c
parent	7a0325c92218252068766465cba0cc0eb35d0c93 (diff)
download	openbsd-6979bbfe4fd79a2951b19171936b69968db66c1e.tar.gz openbsd-6979bbfe4fd79a2951b19171936b69968db66c1e.tar.bz2 openbsd-6979bbfe4fd79a2951b19171936b69968db66c1e.zip

diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index b087535ce1..23d6b372c9 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_clnt.c,v 1.47 2015/07/15 18:35:34 beck Exp $ */	1	/* $OpenBSD: d1_clnt.c,v 1.48 2015/09/02 17:59:15 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -263,7 +263,7 @@ dtls1_connect(SSL *s)
263	}	263	}
264		264
265	dtls1_start_timer(s);	265	dtls1_start_timer(s);
266	ret = dtls1_client_hello(s);	266	ret = ssl3_client_hello(s);
267	if (ret <= 0)	267	if (ret <= 0)
268	goto end;	268	goto end;
269		269
@@ -275,9 +275,10 @@ dtls1_connect(SSL *s)
275		275
276	s->init_num = 0;	276	s->init_num = 0;
277		277
278	/* turn on buffering for the next lot of output */	278	/* turn on buffering for the next lot of output */
279	if (s->bbio != s->wbio)	279	if (s->bbio != s->wbio)
280	s->wbio = BIO_push(s->bbio, s->wbio);	280	s->wbio = BIO_push(s->bbio, s->wbio);
		281
281	break;	282	break;
282		283
283	case SSL3_ST_CR_SRVR_HELLO_A:	284	case SSL3_ST_CR_SRVR_HELLO_A:
@@ -603,100 +604,6 @@ end:
603	return (ret);	604	return (ret);
604	}	605	}
605		606
606	int
607	dtls1_client_hello(SSL *s)
608	{
609	unsigned char bufend, d, *p;
610	unsigned int i;
611
612	if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
613	SSL_SESSION *sess = s->session;
614
615	if ((s->session == NULL) \|\|
616	(s->session->ssl_version != s->version) \|\|
617	(!sess->session_id_length && !sess->tlsext_tick) \|\|
618	(s->session->not_resumable)) {
619	if (!ssl_get_new_session(s, 0))
620	goto err;
621	}
622	/* else use the pre-loaded session */
623
624	p = s->s3->client_random;
625
626	/* if client_random is initialized, reuse it, we are
627	* required to use same upon reply to HelloVerify */
628	for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)
629	;
630	if (i == sizeof(s->s3->client_random))
631	arc4random_buf(p, sizeof(s->s3->client_random));
632
633	d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
634
635	*(p++) = s->version >> 8;
636	*(p++) = s->version&0xff;
637	s->client_version = s->version;
638
639	/* Random stuff */
640	memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
641	p += SSL3_RANDOM_SIZE;
642
643	/* Session ID */
644	if (s->new_session)
645	i = 0;
646	else
647	i = s->session->session_id_length;
648	*(p++) = i;
649	if (i != 0) {
650	if (i > sizeof s->session->session_id) {
651	SSLerr(SSL_F_DTLS1_CLIENT_HELLO,
652	ERR_R_INTERNAL_ERROR);
653	goto err;
654	}
655	memcpy(p, s->session->session_id, i);
656	p += i;
657	}
658
659	/* cookie stuff */
660	if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
661	SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
662	goto err;
663	}
664	*(p++) = s->d1->cookie_len;
665	memcpy(p, s->d1->cookie, s->d1->cookie_len);
666	p += s->d1->cookie_len;
667
668	/* Ciphers supported */
669	i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
670	if (i == 0) {
671	SSLerr(SSL_F_DTLS1_CLIENT_HELLO,
672	SSL_R_NO_CIPHERS_AVAILABLE);
673	goto err;
674	}
675	s2n(i, p);
676	p += i;
677
678	/* add in (no) COMPRESSION */
679	*(p++) = 1;
680	(p++) = 0; / Add the NULL method */
681
682	bufend = (unsigned char *)s->init_buf->data +
683	SSL3_RT_MAX_PLAIN_LENGTH;
684	if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
685	SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
686	goto err;
687	}
688
689	ssl3_handshake_msg_finish(s, p - d);
690
691	s->state = SSL3_ST_CW_CLNT_HELLO_B;
692	}
693
694	/* SSL3_ST_CW_CLNT_HELLO_B */
695	return (ssl3_handshake_write(s));
696	err:
697	return (-1);
698	}
699
700	static int	607	static int
701	dtls1_get_hello_verify(SSL *s)	608	dtls1_get_hello_verify(SSL *s)
702	{	609	{