Convert all of the straight forward client handshake handling code to use

the new handshake functions. ok miod@
author: jsing <> 2014-12-14 16:19:38 +0000
committer: jsing <> 2014-12-14 16:19:38 +0000
commit: 9d7627cb78b8d58f06310b08151767a7309504dc (patch)
tree: cbd847f515646f61373c178d71312104700ac3da /src/lib/libssl/d1_clnt.c
parent: 07ed3281a22942e6f12d90c428ffd29e5f4f1ddb (diff)
download: openbsd-9d7627cb78b8d58f06310b08151767a7309504dc.tar.gz
openbsd-9d7627cb78b8d58f06310b08151767a7309504dc.tar.bz2
openbsd-9d7627cb78b8d58f06310b08151767a7309504dc.zip
1 files changed, 19 insertions, 52 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 490e2849f1..3687f5917c 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.40 2014/12/10 15:43:31 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.41 2014/12/14 16:19:38 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -759,14 +759,12 @@ end:
 int
 dtls1_client_hello(SSL *s)
 {
-        unsigned char *buf;
+        unsigned char *bufend, *d, *p;
-        unsigned char *p, *d;
        unsigned int i;
-        unsigned long l;
-        buf = (unsigned char *)s->init_buf->data;
        if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
                SSL_SESSION *sess = s->session;
                if ((s->session == NULL) ||
                    (s->session->ssl_version != s->version) ||
                    (!sess->session_id_length && !sess->tlsext_tick) ||
@@ -785,8 +783,7 @@ dtls1_client_hello(SSL *s)
                if (i == sizeof(s->s3->client_random))
                        arc4random_buf(p, sizeof(s->s3->client_random));
-                /* Do the message type and length last */
+                d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
-                d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
                *(p++) = s->version >> 8;
                *(p++) = s->version&0xff;
@@ -835,29 +832,20 @@ dtls1_client_hello(SSL *s)
                *(p++) = 1;
                *(p++) = 0; /* Add the NULL method */
-                if ((p = ssl_add_clienthello_tlsext(s, p,
+                bufend = (unsigned char *)s->init_buf->data +
-                    buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
+                    SSL3_RT_MAX_PLAIN_LENGTH;
+                if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
                        SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
                        goto err;
                }
-                l = (p - d);
+                ssl3_handshake_msg_finish(s, p - d);
-                d = buf;
-                d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO,
-                    l, 0, l);
                s->state = SSL3_ST_CW_CLNT_HELLO_B;
-                /* number of bytes to write */
-                s->init_num = p - buf;
-                s->init_off = 0;
-                /* buffer the message to handle re-xmits */
-                dtls1_buffer_message(s, 0);
        }
        /* SSL3_ST_CW_CLNT_HELLO_B */
-        return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+        return (ssl3_handshake_write(s));
 err:
        return (-1);
 }
@@ -919,10 +907,9 @@ f_err:
 int
 dtls1_send_client_key_exchange(SSL *s)
 {
-        unsigned char *p, *d;
+        unsigned char *p, *q;
        int n;
        unsigned long alg_k;
-        unsigned char *q;
        EVP_PKEY *pkey = NULL;
        EC_KEY *clnt_ecdh = NULL;
        const EC_POINT *srvr_ecpoint = NULL;
@@ -932,8 +919,7 @@ dtls1_send_client_key_exchange(SSL *s)
        BN_CTX * bn_ctx = NULL;
        if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
-                d = (unsigned char *)s->init_buf->data;
+                p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE);
-                p = &(d[DTLS1_HM_HEADER_LENGTH]);
                alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
@@ -1217,26 +1203,13 @@ dtls1_send_client_key_exchange(SSL *s)
                        goto err;
                }
-                d = dtls1_set_message_header(s, d,
+                ssl3_handshake_msg_finish(s, n);
-                    SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
-                /*
-                 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
-                 l2n3(n,d);
-                 l2n(s->d1->handshake_write_seq,d);
-                 s->d1->handshake_write_seq++;
-                */
                s->state = SSL3_ST_CW_KEY_EXCH_B;
-                /* number of bytes to write */
-                s->init_num = n + DTLS1_HM_HEADER_LENGTH;
-                s->init_off = 0;
-                /* buffer the message to handle re-xmits */
-                dtls1_buffer_message(s, 0);
        }
        /* SSL3_ST_CW_KEY_EXCH_B */
-        return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+        return (ssl3_handshake_write(s));
 err:
        BN_CTX_free(bn_ctx);
@@ -1249,7 +1222,7 @@ err:
 int
 dtls1_send_client_verify(SSL *s)
 {
-        unsigned char *p, *d;
+        unsigned char *p;
        unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
        EVP_PKEY *pkey;
        unsigned u = 0;
@@ -1257,8 +1230,8 @@ dtls1_send_client_verify(SSL *s)
        int j;
        if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
-                d = (unsigned char *)s->init_buf->data;
+                p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
-                p = &(d[DTLS1_HM_HEADER_LENGTH]);
                pkey = s->cert->key->privatekey;
                s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
@@ -1304,20 +1277,14 @@ dtls1_send_client_verify(SSL *s)
                        goto err;
                }
-                d = dtls1_set_message_header(s, d,
+                ssl3_handshake_msg_finish(s, n);
-                    SSL3_MT_CERTIFICATE_VERIFY, n, 0, n);
-                s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH;
-                s->init_off = 0;
-                /* buffer the message to handle re-xmits */
-                dtls1_buffer_message(s, 0);
                s->state = SSL3_ST_CW_CERT_VRFY_B;
        }
        /* s->state = SSL3_ST_CW_CERT_VRFY_B */
-        return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+        return (ssl3_handshake_write(s));
 err:
        return (-1);
 }
author	jsing <>	2014-12-14 16:19:38 +0000
committer	jsing <>	2014-12-14 16:19:38 +0000
commit	9d7627cb78b8d58f06310b08151767a7309504dc (patch)
tree	cbd847f515646f61373c178d71312104700ac3da /src/lib/libssl/d1_clnt.c
parent	07ed3281a22942e6f12d90c428ffd29e5f4f1ddb (diff)
download	openbsd-9d7627cb78b8d58f06310b08151767a7309504dc.tar.gz openbsd-9d7627cb78b8d58f06310b08151767a7309504dc.tar.bz2 openbsd-9d7627cb78b8d58f06310b08151767a7309504dc.zip

diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index 490e2849f1..3687f5917c 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_clnt.c,v 1.40 2014/12/10 15:43:31 jsing Exp $ */	1	/* $OpenBSD: d1_clnt.c,v 1.41 2014/12/14 16:19:38 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -759,14 +759,12 @@ end:
759	int	759	int
760	dtls1_client_hello(SSL *s)	760	dtls1_client_hello(SSL *s)
761	{	761	{
762	unsigned char *buf;	762	unsigned char bufend, d, *p;
763	unsigned char p, d;
764	unsigned int i;	763	unsigned int i;
765	unsigned long l;
766		764
767	buf = (unsigned char *)s->init_buf->data;
768	if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {	765	if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
769	SSL_SESSION *sess = s->session;	766	SSL_SESSION *sess = s->session;
		767
770	if ((s->session == NULL) \|\|	768	if ((s->session == NULL) \|\|
771	(s->session->ssl_version != s->version) \|\|	769	(s->session->ssl_version != s->version) \|\|
772	(!sess->session_id_length && !sess->tlsext_tick) \|\|	770	(!sess->session_id_length && !sess->tlsext_tick) \|\|
@@ -785,8 +783,7 @@ dtls1_client_hello(SSL *s)
785	if (i == sizeof(s->s3->client_random))	783	if (i == sizeof(s->s3->client_random))
786	arc4random_buf(p, sizeof(s->s3->client_random));	784	arc4random_buf(p, sizeof(s->s3->client_random));
787		785
788	/* Do the message type and length last */	786	d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
789	d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
790		787
791	*(p++) = s->version >> 8;	788	*(p++) = s->version >> 8;
792	*(p++) = s->version&0xff;	789	*(p++) = s->version&0xff;
@@ -835,29 +832,20 @@ dtls1_client_hello(SSL *s)
835	*(p++) = 1;	832	*(p++) = 1;
836	(p++) = 0; / Add the NULL method */	833	(p++) = 0; / Add the NULL method */
837		834
838	if ((p = ssl_add_clienthello_tlsext(s, p,	835	bufend = (unsigned char *)s->init_buf->data +
839	buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {	836	SSL3_RT_MAX_PLAIN_LENGTH;
		837	if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
840	SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);	838	SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
841	goto err;	839	goto err;
842	}	840	}
843		841
844	l = (p - d);	842	ssl3_handshake_msg_finish(s, p - d);
845	d = buf;
846
847	d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO,
848	l, 0, l);
849		843
850	s->state = SSL3_ST_CW_CLNT_HELLO_B;	844	s->state = SSL3_ST_CW_CLNT_HELLO_B;
851	/* number of bytes to write */
852	s->init_num = p - buf;
853	s->init_off = 0;
854
855	/* buffer the message to handle re-xmits */
856	dtls1_buffer_message(s, 0);
857	}	845	}
858		846
859	/* SSL3_ST_CW_CLNT_HELLO_B */	847	/* SSL3_ST_CW_CLNT_HELLO_B */
860	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));	848	return (ssl3_handshake_write(s));
861	err:	849	err:
862	return (-1);	850	return (-1);
863	}	851	}
@@ -919,10 +907,9 @@ f_err:
919	int	907	int
920	dtls1_send_client_key_exchange(SSL *s)	908	dtls1_send_client_key_exchange(SSL *s)
921	{	909	{
922	unsigned char p, d;	910	unsigned char p, q;
923	int n;	911	int n;
924	unsigned long alg_k;	912	unsigned long alg_k;
925	unsigned char *q;
926	EVP_PKEY *pkey = NULL;	913	EVP_PKEY *pkey = NULL;
927	EC_KEY *clnt_ecdh = NULL;	914	EC_KEY *clnt_ecdh = NULL;
928	const EC_POINT *srvr_ecpoint = NULL;	915	const EC_POINT *srvr_ecpoint = NULL;
@@ -932,8 +919,7 @@ dtls1_send_client_key_exchange(SSL *s)
932	BN_CTX * bn_ctx = NULL;	919	BN_CTX * bn_ctx = NULL;
933		920
934	if (s->state == SSL3_ST_CW_KEY_EXCH_A) {	921	if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
935	d = (unsigned char *)s->init_buf->data;	922	p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE);
936	p = &(d[DTLS1_HM_HEADER_LENGTH]);
937		923
938	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;	924	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
939		925
@@ -1217,26 +1203,13 @@ dtls1_send_client_key_exchange(SSL *s)
1217	goto err;	1203	goto err;
1218	}	1204	}
1219		1205
1220	d = dtls1_set_message_header(s, d,	1206	ssl3_handshake_msg_finish(s, n);
1221	SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
1222	/*
1223	*(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
1224	l2n3(n,d);
1225	l2n(s->d1->handshake_write_seq,d);
1226	s->d1->handshake_write_seq++;
1227	*/
1228		1207
1229	s->state = SSL3_ST_CW_KEY_EXCH_B;	1208	s->state = SSL3_ST_CW_KEY_EXCH_B;
1230	/* number of bytes to write */
1231	s->init_num = n + DTLS1_HM_HEADER_LENGTH;
1232	s->init_off = 0;
1233
1234	/* buffer the message to handle re-xmits */
1235	dtls1_buffer_message(s, 0);
1236	}	1209	}
1237		1210
1238	/* SSL3_ST_CW_KEY_EXCH_B */	1211	/* SSL3_ST_CW_KEY_EXCH_B */
1239	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));	1212	return (ssl3_handshake_write(s));
1240		1213
1241	err:	1214	err:
1242	BN_CTX_free(bn_ctx);	1215	BN_CTX_free(bn_ctx);
@@ -1249,7 +1222,7 @@ err:
1249	int	1222	int
1250	dtls1_send_client_verify(SSL *s)	1223	dtls1_send_client_verify(SSL *s)
1251	{	1224	{
1252	unsigned char p, d;	1225	unsigned char *p;
1253	unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];	1226	unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
1254	EVP_PKEY *pkey;	1227	EVP_PKEY *pkey;
1255	unsigned u = 0;	1228	unsigned u = 0;
@@ -1257,8 +1230,8 @@ dtls1_send_client_verify(SSL *s)
1257	int j;	1230	int j;
1258		1231
1259	if (s->state == SSL3_ST_CW_CERT_VRFY_A) {	1232	if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
1260	d = (unsigned char *)s->init_buf->data;	1233	p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
1261	p = &(d[DTLS1_HM_HEADER_LENGTH]);	1234
1262	pkey = s->cert->key->privatekey;	1235	pkey = s->cert->key->privatekey;
1263		1236
1264	s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,	1237	s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
@@ -1304,20 +1277,14 @@ dtls1_send_client_verify(SSL *s)
1304	goto err;	1277	goto err;
1305	}	1278	}
1306		1279
1307	d = dtls1_set_message_header(s, d,	1280	ssl3_handshake_msg_finish(s, n);
1308	SSL3_MT_CERTIFICATE_VERIFY, n, 0, n);
1309
1310	s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH;
1311	s->init_off = 0;
1312
1313	/* buffer the message to handle re-xmits */
1314	dtls1_buffer_message(s, 0);
1315		1281
1316	s->state = SSL3_ST_CW_CERT_VRFY_B;	1282	s->state = SSL3_ST_CW_CERT_VRFY_B;
1317	}	1283	}
1318		1284
1319	/* s->state = SSL3_ST_CW_CERT_VRFY_B */	1285	/* s->state = SSL3_ST_CW_CERT_VRFY_B */
1320	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));	1286	return (ssl3_handshake_write(s));
		1287
1321	err:	1288	err:
1322	return (-1);	1289	return (-1);
1323	}	1290	}