diff options
| author | jsing <> | 2020-10-03 18:01:55 +0000 |
|---|---|---|
| committer | jsing <> | 2020-10-03 18:01:55 +0000 |
| commit | 3aed61703f68a54e3f14a52befd98a4b9b9a59b8 (patch) | |
| tree | 2551d0043eb97a752fc5f4f898fb518c397c443c /src/lib/libssl/ssl_clnt.c | |
| parent | 7ec834bc3417b066072208fd7b33985994ff8ec2 (diff) | |
| download | openbsd-3aed61703f68a54e3f14a52befd98a4b9b9a59b8.tar.gz openbsd-3aed61703f68a54e3f14a52befd98a4b9b9a59b8.tar.bz2 openbsd-3aed61703f68a54e3f14a52befd98a4b9b9a59b8.zip | |
Merge d1_{clnt,srvr}.c into ssl_{clnt,srvr}.c
The d1_{clnt,srvr}.c contain a single function each - merge these into the
ssl_{clnt,srvr}.c, renaming them with an ssl3_ prefix for consistency.
ok beck@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_clnt.c')
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 60 |
1 files changed, 58 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index f11dcaa107..3d11aaaf36 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.73 2020/09/24 18:12:00 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.74 2020/10/03 18:01:55 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -318,7 +318,7 @@ ssl3_connect(SSL *s) | |||
| 318 | 318 | ||
| 319 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: | 319 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: |
| 320 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: | 320 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: |
| 321 | ret = dtls1_get_hello_verify(s); | 321 | ret = ssl3_get_dtls_hello_verify(s); |
| 322 | if (ret <= 0) | 322 | if (ret <= 0) |
| 323 | goto end; | 323 | goto end; |
| 324 | dtls1_stop_timer(s); | 324 | dtls1_stop_timer(s); |
| @@ -794,6 +794,62 @@ err: | |||
| 794 | } | 794 | } |
| 795 | 795 | ||
| 796 | int | 796 | int |
| 797 | ssl3_get_dtls_hello_verify(SSL *s) | ||
| 798 | { | ||
| 799 | long n; | ||
| 800 | int al, ok = 0; | ||
| 801 | size_t cookie_len; | ||
| 802 | uint16_t ssl_version; | ||
| 803 | CBS hello_verify_request, cookie; | ||
| 804 | |||
| 805 | n = ssl3_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, | ||
| 806 | DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list, &ok); | ||
| 807 | if (!ok) | ||
| 808 | return ((int)n); | ||
| 809 | |||
| 810 | if (S3I(s)->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { | ||
| 811 | D1I(s)->send_cookie = 0; | ||
| 812 | S3I(s)->tmp.reuse_message = 1; | ||
| 813 | return (1); | ||
| 814 | } | ||
| 815 | |||
| 816 | if (n < 0) | ||
| 817 | goto truncated; | ||
| 818 | |||
| 819 | CBS_init(&hello_verify_request, s->internal->init_msg, n); | ||
| 820 | |||
| 821 | if (!CBS_get_u16(&hello_verify_request, &ssl_version)) | ||
| 822 | goto truncated; | ||
| 823 | |||
| 824 | if (ssl_version != s->version) { | ||
| 825 | SSLerror(s, SSL_R_WRONG_SSL_VERSION); | ||
| 826 | s->version = (s->version & 0xff00) | (ssl_version & 0xff); | ||
| 827 | al = SSL_AD_PROTOCOL_VERSION; | ||
| 828 | goto f_err; | ||
| 829 | } | ||
| 830 | |||
| 831 | if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie)) | ||
| 832 | goto truncated; | ||
| 833 | |||
| 834 | if (!CBS_write_bytes(&cookie, D1I(s)->cookie, | ||
| 835 | sizeof(D1I(s)->cookie), &cookie_len)) { | ||
| 836 | D1I(s)->cookie_len = 0; | ||
| 837 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 838 | goto f_err; | ||
| 839 | } | ||
| 840 | D1I(s)->cookie_len = cookie_len; | ||
| 841 | D1I(s)->send_cookie = 1; | ||
| 842 | |||
| 843 | return 1; | ||
| 844 | |||
| 845 | truncated: | ||
| 846 | al = SSL_AD_DECODE_ERROR; | ||
| 847 | f_err: | ||
| 848 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 849 | return -1; | ||
| 850 | } | ||
| 851 | |||
| 852 | int | ||
| 797 | ssl3_get_server_hello(SSL *s) | 853 | ssl3_get_server_hello(SSL *s) |
| 798 | { | 854 | { |
| 799 | CBS cbs, server_random, session_id; | 855 | CBS cbs, server_random, session_id; |