Now that ssl3_send_{client,server}_certificate() are using the common

handshake functions, we can remove more copied code from DTLS.
author: jsing <> 2016-12-06 13:38:11 +0000
committer: jsing <> 2016-12-06 13:38:11 +0000
commit: 95a901d22cb8e548a73bd42d95b1bdf70996f7f2 (patch)
tree: 637189bfb9f1969f946ec330944d4038db2c5cb9 /src/lib/libssl/d1_clnt.c
parent: 21ff89ebbb4bdd4d2a5dee38cb8d4960c200234c (diff)
download: openbsd-95a901d22cb8e548a73bd42d95b1bdf70996f7f2.tar.gz
openbsd-95a901d22cb8e548a73bd42d95b1bdf70996f7f2.tar.bz2
openbsd-95a901d22cb8e548a73bd42d95b1bdf70996f7f2.zip
1 files changed, 2 insertions, 67 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 07ae92f4c9..42e149f864 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.58 2016/11/04 19:11:43 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.59 2016/12/06 13:38:11 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -384,7 +384,7 @@ dtls1_connect(SSL *s)
                case SSL3_ST_CW_CERT_C:
                case SSL3_ST_CW_CERT_D:
                        dtls1_start_timer(s);
-                        ret = dtls1_send_client_certificate(s);
+                        ret = ssl3_send_client_certificate(s);
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_CW_KEY_EXCH_A;
@@ -657,68 +657,3 @@ f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
        return -1;
 }
-int
-dtls1_send_client_certificate(SSL *s)
-{
-        X509 *x509 = NULL;
-        EVP_PKEY *pkey = NULL;
-        int i;
-        unsigned long l;
-        if (s->state == SSL3_ST_CW_CERT_A) {
-                if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
-                    (s->cert->key->privatekey == NULL))
-                        s->state = SSL3_ST_CW_CERT_B;
-                else
-                        s->state = SSL3_ST_CW_CERT_C;
-        }
-        /* We need to get a client cert */
-        if (s->state == SSL3_ST_CW_CERT_B) {
-                /* If we get an error, we need to
-                 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
-                 * We then get retied later */
-                i = 0;
-                i = ssl_do_client_cert_cb(s, &x509, &pkey);
-                if (i < 0) {
-                        s->rwstate = SSL_X509_LOOKUP;
-                        return (-1);
-                }
-                s->rwstate = SSL_NOTHING;
-                if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
-                        s->state = SSL3_ST_CW_CERT_B;
-                        if (!SSL_use_certificate(s, x509) ||
-                            !SSL_use_PrivateKey(s, pkey))
-                                i = 0;
-                } else if (i == 1) {
-                        i = 0;
-                        SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,
-                            SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
-                }
-                X509_free(x509);
-                EVP_PKEY_free(pkey);
-                if (i == 0)
-                        s->s3->tmp.cert_req = 2;
-                /* Ok, we have a cert */
-                s->state = SSL3_ST_CW_CERT_C;
-        }
-        if (s->state == SSL3_ST_CW_CERT_C) {
-                s->state = SSL3_ST_CW_CERT_D;
-                l = dtls1_output_cert_chain(s,
-                    (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
-                s->init_num = (int)l;
-                s->init_off = 0;
-                /* set header called by dtls1_output_cert_chain() */
-                /* buffer the message to handle re-xmits */
-                dtls1_buffer_message(s, 0);
-        }
-        /* SSL3_ST_CW_CERT_D */
-        return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
-}
author	jsing <>	2016-12-06 13:38:11 +0000
committer	jsing <>	2016-12-06 13:38:11 +0000
commit	95a901d22cb8e548a73bd42d95b1bdf70996f7f2 (patch)
tree	637189bfb9f1969f946ec330944d4038db2c5cb9 /src/lib/libssl/d1_clnt.c
parent	21ff89ebbb4bdd4d2a5dee38cb8d4960c200234c (diff)
download	openbsd-95a901d22cb8e548a73bd42d95b1bdf70996f7f2.tar.gz openbsd-95a901d22cb8e548a73bd42d95b1bdf70996f7f2.tar.bz2 openbsd-95a901d22cb8e548a73bd42d95b1bdf70996f7f2.zip

diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index 07ae92f4c9..42e149f864 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_clnt.c,v 1.58 2016/11/04 19:11:43 jsing Exp $ */	1	/* $OpenBSD: d1_clnt.c,v 1.59 2016/12/06 13:38:11 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -384,7 +384,7 @@ dtls1_connect(SSL *s)
384	case SSL3_ST_CW_CERT_C:	384	case SSL3_ST_CW_CERT_C:
385	case SSL3_ST_CW_CERT_D:	385	case SSL3_ST_CW_CERT_D:
386	dtls1_start_timer(s);	386	dtls1_start_timer(s);
387	ret = dtls1_send_client_certificate(s);	387	ret = ssl3_send_client_certificate(s);
388	if (ret <= 0)	388	if (ret <= 0)
389	goto end;	389	goto end;
390	s->state = SSL3_ST_CW_KEY_EXCH_A;	390	s->state = SSL3_ST_CW_KEY_EXCH_A;
@@ -657,68 +657,3 @@ f_err:
657	ssl3_send_alert(s, SSL3_AL_FATAL, al);	657	ssl3_send_alert(s, SSL3_AL_FATAL, al);
658	return -1;	658	return -1;
659	}	659	}
660
661	int
662	dtls1_send_client_certificate(SSL *s)
663	{
664	X509 *x509 = NULL;
665	EVP_PKEY *pkey = NULL;
666	int i;
667	unsigned long l;
668
669	if (s->state == SSL3_ST_CW_CERT_A) {
670	if ((s->cert == NULL) \|\| (s->cert->key->x509 == NULL) \|\|
671	(s->cert->key->privatekey == NULL))
672	s->state = SSL3_ST_CW_CERT_B;
673	else
674	s->state = SSL3_ST_CW_CERT_C;
675	}
676
677	/* We need to get a client cert */
678	if (s->state == SSL3_ST_CW_CERT_B) {
679	/* If we get an error, we need to
680	* ssl->rwstate=SSL_X509_LOOKUP; return(-1);
681	* We then get retied later */
682	i = 0;
683	i = ssl_do_client_cert_cb(s, &x509, &pkey);
684	if (i < 0) {
685	s->rwstate = SSL_X509_LOOKUP;
686	return (-1);
687	}
688	s->rwstate = SSL_NOTHING;
689	if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
690	s->state = SSL3_ST_CW_CERT_B;
691	if (!SSL_use_certificate(s, x509) \|\|
692	!SSL_use_PrivateKey(s, pkey))
693	i = 0;
694	} else if (i == 1) {
695	i = 0;
696	SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,
697	SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
698	}
699
700	X509_free(x509);
701	EVP_PKEY_free(pkey);
702	if (i == 0)
703	s->s3->tmp.cert_req = 2;
704
705	/* Ok, we have a cert */
706	s->state = SSL3_ST_CW_CERT_C;
707	}
708
709	if (s->state == SSL3_ST_CW_CERT_C) {
710	s->state = SSL3_ST_CW_CERT_D;
711	l = dtls1_output_cert_chain(s,
712	(s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
713	s->init_num = (int)l;
714	s->init_off = 0;
715
716	/* set header called by dtls1_output_cert_chain() */
717
718	/* buffer the message to handle re-xmits */
719	dtls1_buffer_message(s, 0);
720	}
721
722	/* SSL3_ST_CW_CERT_D */
723	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
724	}