diff options
| author | jsing <> | 2016-12-06 13:17:52 +0000 |
|---|---|---|
| committer | jsing <> | 2016-12-06 13:17:52 +0000 |
| commit | 21ff89ebbb4bdd4d2a5dee38cb8d4960c200234c (patch) | |
| tree | 1fdde047a06562dfe0a7deea73601bac8a4d15e4 /src/lib/libssl/s3_srvr.c | |
| parent | 3472b6f5a290febbe7727d2886dce3ddeb0798e4 (diff) | |
| download | openbsd-21ff89ebbb4bdd4d2a5dee38cb8d4960c200234c.tar.gz openbsd-21ff89ebbb4bdd4d2a5dee38cb8d4960c200234c.tar.bz2 openbsd-21ff89ebbb4bdd4d2a5dee38cb8d4960c200234c.zip | |
Convert certificate handshake message generation to CBB, with some clean
up and restructure.
This also adds CBB based variants of the ssl3_handshake_msg_{start,finish}
functions - for the time being these use a CBB to build the messages, then
copy back into the init_buf.
ok doug@
Diffstat (limited to 'src/lib/libssl/s3_srvr.c')
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index cbdc7bc6bc..c979031933 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.135 2016/12/04 14:20:13 jsing Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.136 2016/12/06 13:17:52 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2524,25 +2524,40 @@ err: | |||
| 2524 | int | 2524 | int |
| 2525 | ssl3_send_server_certificate(SSL *s) | 2525 | ssl3_send_server_certificate(SSL *s) |
| 2526 | { | 2526 | { |
| 2527 | unsigned long l; | 2527 | CBB cbb, server_cert; |
| 2528 | X509 *x; | 2528 | X509 *x; |
| 2529 | 2529 | ||
| 2530 | /* | ||
| 2531 | * Server Certificate - RFC 5246, section 7.4.2. | ||
| 2532 | */ | ||
| 2533 | |||
| 2534 | memset(&cbb, 0, sizeof(cbb)); | ||
| 2535 | |||
| 2530 | if (s->state == SSL3_ST_SW_CERT_A) { | 2536 | if (s->state == SSL3_ST_SW_CERT_A) { |
| 2531 | x = ssl_get_server_send_cert(s); | 2537 | if ((x = ssl_get_server_send_cert(s)) == NULL) { |
| 2532 | if (x == NULL) { | ||
| 2533 | SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, | 2538 | SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, |
| 2534 | ERR_R_INTERNAL_ERROR); | 2539 | ERR_R_INTERNAL_ERROR); |
| 2535 | return (0); | 2540 | return (0); |
| 2536 | } | 2541 | } |
| 2537 | 2542 | ||
| 2538 | l = ssl3_output_cert_chain(s, x); | 2543 | if (!ssl3_handshake_msg_start_cbb(s, &cbb, &server_cert, |
| 2544 | SSL3_MT_CERTIFICATE)) | ||
| 2545 | goto err; | ||
| 2546 | if (!ssl3_output_cert_chain(s, &server_cert, x)) | ||
| 2547 | goto err; | ||
| 2548 | if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) | ||
| 2549 | goto err; | ||
| 2550 | |||
| 2539 | s->state = SSL3_ST_SW_CERT_B; | 2551 | s->state = SSL3_ST_SW_CERT_B; |
| 2540 | s->init_num = (int)l; | ||
| 2541 | s->init_off = 0; | ||
| 2542 | } | 2552 | } |
| 2543 | 2553 | ||
| 2544 | /* SSL3_ST_SW_CERT_B */ | 2554 | /* SSL3_ST_SW_CERT_B */ |
| 2545 | return (ssl3_handshake_write(s)); | 2555 | return (ssl3_handshake_write(s)); |
| 2556 | |||
| 2557 | err: | ||
| 2558 | CBB_cleanup(&cbb); | ||
| 2559 | |||
| 2560 | return (0); | ||
| 2546 | } | 2561 | } |
| 2547 | 2562 | ||
| 2548 | /* send a new session ticket (not necessarily for a new session) */ | 2563 | /* send a new session ticket (not necessarily for a new session) */ |