diff options
| author | jsing <> | 2016-12-06 13:17:52 +0000 |
|---|---|---|
| committer | jsing <> | 2016-12-06 13:17:52 +0000 |
| commit | 1af568a4129a2a3a60c8d78813849bb19fb270b4 (patch) | |
| tree | 1fdde047a06562dfe0a7deea73601bac8a4d15e4 /src/lib/libssl/s3_clnt.c | |
| parent | 8472f14c70190483732d410076d2ec66ac7e9f9d (diff) | |
| download | openbsd-1af568a4129a2a3a60c8d78813849bb19fb270b4.tar.gz openbsd-1af568a4129a2a3a60c8d78813849bb19fb270b4.tar.bz2 openbsd-1af568a4129a2a3a60c8d78813849bb19fb270b4.zip | |
Convert certificate handshake message generation to CBB, with some clean
up and restructure.
This also adds CBB based variants of the ssl3_handshake_msg_{start,finish}
functions - for the time being these use a CBB to build the messages, then
copy back into the init_buf.
ok doug@
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index f39ae7fab3..772bb703dd 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.149 2016/12/04 14:32:30 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.150 2016/12/06 13:17:52 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2433,10 +2433,12 @@ err: | |||
| 2433 | int | 2433 | int |
| 2434 | ssl3_send_client_certificate(SSL *s) | 2434 | ssl3_send_client_certificate(SSL *s) |
| 2435 | { | 2435 | { |
| 2436 | X509 *x509 = NULL; | 2436 | EVP_PKEY *pkey = NULL; |
| 2437 | EVP_PKEY *pkey = NULL; | 2437 | X509 *x509 = NULL; |
| 2438 | int i; | 2438 | CBB cbb, client_cert; |
| 2439 | unsigned long l; | 2439 | int i; |
| 2440 | |||
| 2441 | memset(&cbb, 0, sizeof(cbb)); | ||
| 2440 | 2442 | ||
| 2441 | if (s->state == SSL3_ST_CW_CERT_A) { | 2443 | if (s->state == SSL3_ST_CW_CERT_A) { |
| 2442 | if ((s->cert == NULL) || (s->cert->key->x509 == NULL) || | 2444 | if ((s->cert == NULL) || (s->cert->key->x509 == NULL) || |
| @@ -2480,14 +2482,25 @@ ssl3_send_client_certificate(SSL *s) | |||
| 2480 | } | 2482 | } |
| 2481 | 2483 | ||
| 2482 | if (s->state == SSL3_ST_CW_CERT_C) { | 2484 | if (s->state == SSL3_ST_CW_CERT_C) { |
| 2485 | if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert, | ||
| 2486 | SSL3_MT_CERTIFICATE)) | ||
| 2487 | goto err; | ||
| 2488 | if (!ssl3_output_cert_chain(s, &client_cert, | ||
| 2489 | (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509)) | ||
| 2490 | goto err; | ||
| 2491 | if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) | ||
| 2492 | goto err; | ||
| 2493 | |||
| 2483 | s->state = SSL3_ST_CW_CERT_D; | 2494 | s->state = SSL3_ST_CW_CERT_D; |
| 2484 | l = ssl3_output_cert_chain(s, | ||
| 2485 | (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509); | ||
| 2486 | s->init_num = (int)l; | ||
| 2487 | s->init_off = 0; | ||
| 2488 | } | 2495 | } |
| 2496 | |||
| 2489 | /* SSL3_ST_CW_CERT_D */ | 2497 | /* SSL3_ST_CW_CERT_D */ |
| 2490 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); | 2498 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); |
| 2499 | |||
| 2500 | err: | ||
| 2501 | CBB_cleanup(&cbb); | ||
| 2502 | |||
| 2503 | return (0); | ||
| 2491 | } | 2504 | } |
| 2492 | 2505 | ||
| 2493 | #define has_bits(i,m) (((i)&(m)) == (m)) | 2506 | #define has_bits(i,m) (((i)&(m)) == (m)) |