Convert several of the server side handshake functions to the new handshake

message handling routines. ok miod@
author: jsing <> 2015-02-07 08:56:39 +0000
committer: jsing <> 2015-02-07 08:56:39 +0000
commit: fa55b09a9d68c9b8034bc1953d02a2baf74096e1 (patch)
tree: 3b09a04fd0553fd832021ff25730adf392c1cbf7 /src/lib/libssl/d1_srvr.c
parent: 3dee73e415990dc0cfea4edce3f063286558a70e (diff)
download: openbsd-fa55b09a9d68c9b8034bc1953d02a2baf74096e1.tar.gz
openbsd-fa55b09a9d68c9b8034bc1953d02a2baf74096e1.tar.bz2
openbsd-fa55b09a9d68c9b8034bc1953d02a2baf74096e1.zip
1 files changed, 29 insertions, 62 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 82f846d236..1c732c5b08 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.47 2015/02/06 08:30:23 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.48 2015/02/07 08:56:39 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -819,82 +819,65 @@ end:
 int
 dtls1_send_hello_request(SSL *s)
 {
-        unsigned char *p;
        if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
-                p = (unsigned char *)s->init_buf->data;
+                ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);
-                p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);
+                ssl3_handshake_msg_finish(s, 0);
                s->state = SSL3_ST_SW_HELLO_REQ_B;
-                /* number of bytes to write */
-                s->init_num = DTLS1_HM_HEADER_LENGTH;
-                s->init_off = 0;
-                /* no need to buffer this message, since there are no retransmit
-                 * requests for it */
        }
        /* SSL3_ST_SW_HELLO_REQ_B */
-        return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+        return (ssl3_handshake_write(s));
 }
 int
 dtls1_send_hello_verify_request(SSL *s)
 {
-        unsigned int msg_len;
+        unsigned char *d, *p;
-        unsigned char *msg, *buf, *p;
        if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
-                buf = (unsigned char *)s->init_buf->data;
+                d = p = ssl3_handshake_msg_start(s,
+                    DTLS1_MT_HELLO_VERIFY_REQUEST);
-                msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
                *(p++) = s->version >> 8;
                *(p++) = s->version & 0xFF;
                if (s->ctx->app_gen_cookie_cb == NULL ||
-                        s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
+                    s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
-                &(s->d1->cookie_len)) == 0) {
+                        &(s->d1->cookie_len)) == 0) {
-                        SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR);
+                        SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
+                            ERR_R_INTERNAL_ERROR);
                        return 0;
                }
                *(p++) = (unsigned char) s->d1->cookie_len;
                memcpy(p, s->d1->cookie, s->d1->cookie_len);
                p += s->d1->cookie_len;
-                msg_len = p - msg;
-                dtls1_set_message_header(s, buf,
+                ssl3_handshake_msg_finish(s, p - d);
-                DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);
                s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
-                /* number of bytes to write */
-                s->init_num = p - buf;
-                s->init_off = 0;
        }
        /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
-        return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+        return (ssl3_handshake_write(s));
 }
 int
 dtls1_send_server_hello(SSL *s)
 {
-        unsigned char *buf;
+        unsigned char *bufend;
        unsigned char *p, *d;
        unsigned int sl;
-        unsigned long l;
        if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
-                buf = (unsigned char *)s->init_buf->data;
+                d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);
-                arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
-                /* Do the message type and length last */
-                d = p= &(buf[DTLS1_HM_HEADER_LENGTH]);
                *(p++) = s->version >> 8;
-                *(p++) = s->version&0xff;
+                *(p++) = s->version & 0xff;
                /* Random stuff */
+                arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
                memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
                p += SSL3_RANDOM_SIZE;
@@ -911,7 +894,8 @@ dtls1_send_server_hello(SSL *s)
                sl = s->session->session_id_length;
                if (sl > sizeof s->session->session_id) {
-                        SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+                        SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,
+                            ERR_R_INTERNAL_ERROR);
                        return -1;
                }
                *(p++) = sl;
@@ -926,52 +910,35 @@ dtls1_send_server_hello(SSL *s)
                /* put the compression method */
                *(p++) = 0;
-                if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
+                bufend = (unsigned char *)s->init_buf->data +
-                        SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+                    SSL3_RT_MAX_PLAIN_LENGTH;
+                if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) {
+                        SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,
+                            ERR_R_INTERNAL_ERROR);
                        return -1;
                }
-                /* do the header */
+                ssl3_handshake_msg_finish(s, p - d);
-                l = (p - d);
-                d = buf;
-                d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
                s->state = SSL3_ST_SW_SRVR_HELLO_B;
-                /* number of bytes to write */
-                s->init_num = p - buf;
-                s->init_off = 0;
-                /* buffer the message to handle re-xmits */
-                dtls1_buffer_message(s, 0);
        }
        /* SSL3_ST_SW_SRVR_HELLO_B */
-        return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+        return (ssl3_handshake_write(s));
 }
 int
 dtls1_send_server_done(SSL *s)
 {
-        unsigned char *p;
        if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
-                p = (unsigned char *)s->init_buf->data;
+                ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);
+                ssl3_handshake_msg_finish(s, 0);
-                /* do the header */
-                p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
                s->state = SSL3_ST_SW_SRVR_DONE_B;
-                /* number of bytes to write */
-                s->init_num = DTLS1_HM_HEADER_LENGTH;
-                s->init_off = 0;
-                /* buffer the message to handle re-xmits */
-                dtls1_buffer_message(s, 0);
        }
        /* SSL3_ST_SW_SRVR_DONE_B */
-        return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+        return (ssl3_handshake_write(s));
 }
 int
author	jsing <>	2015-02-07 08:56:39 +0000
committer	jsing <>	2015-02-07 08:56:39 +0000
commit	fa55b09a9d68c9b8034bc1953d02a2baf74096e1 (patch)
tree	3b09a04fd0553fd832021ff25730adf392c1cbf7 /src/lib/libssl/d1_srvr.c
parent	3dee73e415990dc0cfea4edce3f063286558a70e (diff)
download	openbsd-fa55b09a9d68c9b8034bc1953d02a2baf74096e1.tar.gz openbsd-fa55b09a9d68c9b8034bc1953d02a2baf74096e1.tar.bz2 openbsd-fa55b09a9d68c9b8034bc1953d02a2baf74096e1.zip

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 82f846d236..1c732c5b08 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_srvr.c,v 1.47 2015/02/06 08:30:23 jsing Exp $ */	1	/* $OpenBSD: d1_srvr.c,v 1.48 2015/02/07 08:56:39 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -819,82 +819,65 @@ end:
819	int	819	int
820	dtls1_send_hello_request(SSL *s)	820	dtls1_send_hello_request(SSL *s)
821	{	821	{
822	unsigned char *p;
823
824	if (s->state == SSL3_ST_SW_HELLO_REQ_A) {	822	if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
825	p = (unsigned char *)s->init_buf->data;	823	ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);
826	p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);	824	ssl3_handshake_msg_finish(s, 0);
827		825
828	s->state = SSL3_ST_SW_HELLO_REQ_B;	826	s->state = SSL3_ST_SW_HELLO_REQ_B;
829	/* number of bytes to write */
830	s->init_num = DTLS1_HM_HEADER_LENGTH;
831	s->init_off = 0;
832
833	/* no need to buffer this message, since there are no retransmit
834	* requests for it */
835	}	827	}
836		828
837	/* SSL3_ST_SW_HELLO_REQ_B */	829	/* SSL3_ST_SW_HELLO_REQ_B */
838	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));	830	return (ssl3_handshake_write(s));
839	}	831	}
840		832
841	int	833	int
842	dtls1_send_hello_verify_request(SSL *s)	834	dtls1_send_hello_verify_request(SSL *s)
843	{	835	{
844	unsigned int msg_len;	836	unsigned char d, p;
845	unsigned char msg, buf, *p;
846		837
847	if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {	838	if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
848	buf = (unsigned char *)s->init_buf->data;	839	d = p = ssl3_handshake_msg_start(s,
		840	DTLS1_MT_HELLO_VERIFY_REQUEST);
849		841
850	msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
851	*(p++) = s->version >> 8;	842	*(p++) = s->version >> 8;
852	*(p++) = s->version & 0xFF;	843	*(p++) = s->version & 0xFF;
853		844
854	if (s->ctx->app_gen_cookie_cb == NULL \|\|	845	if (s->ctx->app_gen_cookie_cb == NULL \|\|
855	s->ctx->app_gen_cookie_cb(s, s->d1->cookie,	846	s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
856	&(s->d1->cookie_len)) == 0) {	847	&(s->d1->cookie_len)) == 0) {
857	SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR);	848	SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
		849	ERR_R_INTERNAL_ERROR);
858	return 0;	850	return 0;
859	}	851	}
860		852
861	*(p++) = (unsigned char) s->d1->cookie_len;	853	*(p++) = (unsigned char) s->d1->cookie_len;
862	memcpy(p, s->d1->cookie, s->d1->cookie_len);	854	memcpy(p, s->d1->cookie, s->d1->cookie_len);
863	p += s->d1->cookie_len;	855	p += s->d1->cookie_len;
864	msg_len = p - msg;
865		856
866	dtls1_set_message_header(s, buf,	857	ssl3_handshake_msg_finish(s, p - d);
867	DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);
868		858
869	s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;	859	s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
870	/* number of bytes to write */
871	s->init_num = p - buf;
872	s->init_off = 0;
873	}	860	}
874		861
875	/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */	862	/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
876	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));	863	return (ssl3_handshake_write(s));
877	}	864	}
878		865
879	int	866	int
880	dtls1_send_server_hello(SSL *s)	867	dtls1_send_server_hello(SSL *s)
881	{	868	{
882	unsigned char *buf;	869	unsigned char *bufend;
883	unsigned char p, d;	870	unsigned char p, d;
884	unsigned int sl;	871	unsigned int sl;
885	unsigned long l;
886		872
887	if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {	873	if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
888	buf = (unsigned char *)s->init_buf->data;	874	d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);
889	arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
890
891	/* Do the message type and length last */
892	d = p= &(buf[DTLS1_HM_HEADER_LENGTH]);
893		875
894	*(p++) = s->version >> 8;	876	*(p++) = s->version >> 8;
895	*(p++) = s->version&0xff;	877	*(p++) = s->version & 0xff;
896		878
897	/* Random stuff */	879	/* Random stuff */
		880	arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
898	memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);	881	memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
899	p += SSL3_RANDOM_SIZE;	882	p += SSL3_RANDOM_SIZE;
900		883
@@ -911,7 +894,8 @@ dtls1_send_server_hello(SSL *s)
911		894
912	sl = s->session->session_id_length;	895	sl = s->session->session_id_length;
913	if (sl > sizeof s->session->session_id) {	896	if (sl > sizeof s->session->session_id) {
914	SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);	897	SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,
		898	ERR_R_INTERNAL_ERROR);
915	return -1;	899	return -1;
916	}	900	}
917	*(p++) = sl;	901	*(p++) = sl;
@@ -926,52 +910,35 @@ dtls1_send_server_hello(SSL *s)
926	/* put the compression method */	910	/* put the compression method */
927	*(p++) = 0;	911	*(p++) = 0;
928		912
929	if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {	913	bufend = (unsigned char *)s->init_buf->data +
930	SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);	914	SSL3_RT_MAX_PLAIN_LENGTH;
		915	if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) {
		916	SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,
		917	ERR_R_INTERNAL_ERROR);
931	return -1;	918	return -1;
932	}	919	}
933		920
934	/* do the header */	921	ssl3_handshake_msg_finish(s, p - d);
935	l = (p - d);
936	d = buf;
937
938	d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
939		922
940	s->state = SSL3_ST_SW_SRVR_HELLO_B;	923	s->state = SSL3_ST_SW_SRVR_HELLO_B;
941	/* number of bytes to write */
942	s->init_num = p - buf;
943	s->init_off = 0;
944
945	/* buffer the message to handle re-xmits */
946	dtls1_buffer_message(s, 0);
947	}	924	}
948		925
949	/* SSL3_ST_SW_SRVR_HELLO_B */	926	/* SSL3_ST_SW_SRVR_HELLO_B */
950	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));	927	return (ssl3_handshake_write(s));
951	}	928	}
952		929
953	int	930	int
954	dtls1_send_server_done(SSL *s)	931	dtls1_send_server_done(SSL *s)
955	{	932	{
956	unsigned char *p;
957
958	if (s->state == SSL3_ST_SW_SRVR_DONE_A) {	933	if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
959	p = (unsigned char *)s->init_buf->data;	934	ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);
960		935	ssl3_handshake_msg_finish(s, 0);
961	/* do the header */
962	p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
963		936
964	s->state = SSL3_ST_SW_SRVR_DONE_B;	937	s->state = SSL3_ST_SW_SRVR_DONE_B;
965	/* number of bytes to write */
966	s->init_num = DTLS1_HM_HEADER_LENGTH;
967	s->init_off = 0;
968
969	/* buffer the message to handle re-xmits */
970	dtls1_buffer_message(s, 0);
971	}	938	}
972		939
973	/* SSL3_ST_SW_SRVR_DONE_B */	940	/* SSL3_ST_SW_SRVR_DONE_B */
974	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));	941	return (ssl3_handshake_write(s));
975	}	942	}
976		943
977	int	944	int