Convert various handshake message generation functions to CBB.

ok beck@ inoguchi@
author: jsing <> 2017-03-05 14:24:12 +0000
committer: jsing <> 2017-03-05 14:24:12 +0000
commit: b7e97f3829f43765f12691c1665b5e6017d75d28 (patch)
tree: 6fbb1cdc98eee28de2283fa4a24cba271159b124 /src/lib/libssl/ssl_srvr.c
parent: 09f0e9b21348ea5dac5102d84e10045c88358c5c (diff)
download: openbsd-b7e97f3829f43765f12691c1665b5e6017d75d28.tar.gz
openbsd-b7e97f3829f43765f12691c1665b5e6017d75d28.tar.bz2
openbsd-b7e97f3829f43765f12691c1665b5e6017d75d28.zip
1 files changed, 48 insertions, 22 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index ddf8755707..09ea657174 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.8 2017/03/01 14:01:24 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.9 2017/03/05 14:24:12 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -705,15 +705,27 @@ end:
 int
 ssl3_send_hello_request(SSL *s)
 {
+        CBB cbb, hello;
+        memset(&cbb, 0, sizeof(cbb));
        if (s->internal->state == SSL3_ST_SW_HELLO_REQ_A) {
-                ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);
+                if (!ssl3_handshake_msg_start_cbb(s, &cbb, &hello,
-                ssl3_handshake_msg_finish(s, 0);
+                    SSL3_MT_HELLO_REQUEST))
+                        goto err;
+                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
+                        goto err;
                s->internal->state = SSL3_ST_SW_HELLO_REQ_B;
        }
        /* SSL3_ST_SW_HELLO_REQ_B */
        return (ssl3_handshake_write(s));
+ err:
+        CBB_cleanup(&cbb);
+        return (-1);
 }
 int
@@ -1166,15 +1178,27 @@ ssl3_send_server_hello(SSL *s)
 int
 ssl3_send_server_done(SSL *s)
 {
+        CBB cbb, done;
+        memset(&cbb, 0, sizeof(cbb));
        if (s->internal->state == SSL3_ST_SW_SRVR_DONE_A) {
-                ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);
+                if (!ssl3_handshake_msg_start_cbb(s, &cbb, &done,
-                ssl3_handshake_msg_finish(s, 0);
+                    SSL3_MT_SERVER_DONE))
+                        goto err;
+                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
+                        goto err;
                s->internal->state = SSL3_ST_SW_SRVR_DONE_B;
        }
        /* SSL3_ST_SW_SRVR_DONE_B */
        return (ssl3_handshake_write(s));
+ err:
+        CBB_cleanup(&cbb);
+        return (-1);
 }
 int
@@ -2718,32 +2742,34 @@ ssl3_send_newsession_ticket(SSL *s)
 int
 ssl3_send_cert_status(SSL *s)
 {
-        unsigned char *p;
+        CBB cbb, certstatus, ocspresp;
+        memset(&cbb, 0, sizeof(cbb));
        if (s->internal->state == SSL3_ST_SW_CERT_STATUS_A) {
-                /*
+                if (!ssl3_handshake_msg_start_cbb(s, &cbb, &certstatus,
-                 * Grow buffer if need be: the length calculation is as
+                    SSL3_MT_CERTIFICATE_STATUS))
-                 * follows 1 (message type) + 3 (message length) +
+                        goto err;
-                 * 1 (ocsp response type) + 3 (ocsp response length)
+                if (!CBB_add_u8(&certstatus, s->tlsext_status_type))
-                 * + (ocsp response)
+                        goto err;
-                 */
+                if (!CBB_add_u24_length_prefixed(&certstatus, &ocspresp))
-                if (!BUF_MEM_grow(s->internal->init_buf, SSL3_HM_HEADER_LENGTH + 4 +
+                        goto err;
+                if (!CBB_add_bytes(&ocspresp, s->internal->tlsext_ocsp_resp,
                    s->internal->tlsext_ocsp_resplen))
-                        return (-1);
+                        goto err;
+                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
-                p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_STATUS);
+                        goto err;
-                *(p++) = s->tlsext_status_type;
-                l2n3(s->internal->tlsext_ocsp_resplen, p);
-                memcpy(p, s->internal->tlsext_ocsp_resp, s->internal->tlsext_ocsp_resplen);
-                ssl3_handshake_msg_finish(s, s->internal->tlsext_ocsp_resplen + 4);
                s->internal->state = SSL3_ST_SW_CERT_STATUS_B;
        }
        /* SSL3_ST_SW_CERT_STATUS_B */
        return (ssl3_handshake_write(s));
+ err:
+        CBB_cleanup(&cbb);
+        return (-1);
 }
 /*
author	jsing <>	2017-03-05 14:24:12 +0000
committer	jsing <>	2017-03-05 14:24:12 +0000
commit	b7e97f3829f43765f12691c1665b5e6017d75d28 (patch)
tree	6fbb1cdc98eee28de2283fa4a24cba271159b124 /src/lib/libssl/ssl_srvr.c
parent	09f0e9b21348ea5dac5102d84e10045c88358c5c (diff)
download	openbsd-b7e97f3829f43765f12691c1665b5e6017d75d28.tar.gz openbsd-b7e97f3829f43765f12691c1665b5e6017d75d28.tar.bz2 openbsd-b7e97f3829f43765f12691c1665b5e6017d75d28.zip

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index ddf8755707..09ea657174 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.8 2017/03/01 14:01:24 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.9 2017/03/05 14:24:12 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -705,15 +705,27 @@ end:
705	int	705	int
706	ssl3_send_hello_request(SSL *s)	706	ssl3_send_hello_request(SSL *s)
707	{	707	{
		708	CBB cbb, hello;
		709
		710	memset(&cbb, 0, sizeof(cbb));
		711
708	if (s->internal->state == SSL3_ST_SW_HELLO_REQ_A) {	712	if (s->internal->state == SSL3_ST_SW_HELLO_REQ_A) {
709	ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);	713	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &hello,
710	ssl3_handshake_msg_finish(s, 0);	714	SSL3_MT_HELLO_REQUEST))
		715	goto err;
		716	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
		717	goto err;
711		718
712	s->internal->state = SSL3_ST_SW_HELLO_REQ_B;	719	s->internal->state = SSL3_ST_SW_HELLO_REQ_B;
713	}	720	}
714		721
715	/* SSL3_ST_SW_HELLO_REQ_B */	722	/* SSL3_ST_SW_HELLO_REQ_B */
716	return (ssl3_handshake_write(s));	723	return (ssl3_handshake_write(s));
		724
		725	err:
		726	CBB_cleanup(&cbb);
		727
		728	return (-1);
717	}	729	}
718		730
719	int	731	int
@@ -1166,15 +1178,27 @@ ssl3_send_server_hello(SSL *s)
1166	int	1178	int
1167	ssl3_send_server_done(SSL *s)	1179	ssl3_send_server_done(SSL *s)
1168	{	1180	{
		1181	CBB cbb, done;
		1182
		1183	memset(&cbb, 0, sizeof(cbb));
		1184
1169	if (s->internal->state == SSL3_ST_SW_SRVR_DONE_A) {	1185	if (s->internal->state == SSL3_ST_SW_SRVR_DONE_A) {
1170	ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);	1186	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &done,
1171	ssl3_handshake_msg_finish(s, 0);	1187	SSL3_MT_SERVER_DONE))
		1188	goto err;
		1189	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
		1190	goto err;
1172		1191
1173	s->internal->state = SSL3_ST_SW_SRVR_DONE_B;	1192	s->internal->state = SSL3_ST_SW_SRVR_DONE_B;
1174	}	1193	}
1175		1194
1176	/* SSL3_ST_SW_SRVR_DONE_B */	1195	/* SSL3_ST_SW_SRVR_DONE_B */
1177	return (ssl3_handshake_write(s));	1196	return (ssl3_handshake_write(s));
		1197
		1198	err:
		1199	CBB_cleanup(&cbb);
		1200
		1201	return (-1);
1178	}	1202	}
1179		1203
1180	int	1204	int
@@ -2718,32 +2742,34 @@ ssl3_send_newsession_ticket(SSL *s)
2718	int	2742	int
2719	ssl3_send_cert_status(SSL *s)	2743	ssl3_send_cert_status(SSL *s)
2720	{	2744	{
2721	unsigned char *p;	2745	CBB cbb, certstatus, ocspresp;
		2746
		2747	memset(&cbb, 0, sizeof(cbb));
2722		2748
2723	if (s->internal->state == SSL3_ST_SW_CERT_STATUS_A) {	2749	if (s->internal->state == SSL3_ST_SW_CERT_STATUS_A) {
2724	/*	2750	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &certstatus,
2725	* Grow buffer if need be: the length calculation is as	2751	SSL3_MT_CERTIFICATE_STATUS))
2726	* follows 1 (message type) + 3 (message length) +	2752	goto err;
2727	* 1 (ocsp response type) + 3 (ocsp response length)	2753	if (!CBB_add_u8(&certstatus, s->tlsext_status_type))
2728	* + (ocsp response)	2754	goto err;
2729	*/	2755	if (!CBB_add_u24_length_prefixed(&certstatus, &ocspresp))
2730	if (!BUF_MEM_grow(s->internal->init_buf, SSL3_HM_HEADER_LENGTH + 4 +	2756	goto err;
		2757	if (!CBB_add_bytes(&ocspresp, s->internal->tlsext_ocsp_resp,
2731	s->internal->tlsext_ocsp_resplen))	2758	s->internal->tlsext_ocsp_resplen))
2732	return (-1);	2759	goto err;
2733		2760	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
2734	p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_STATUS);	2761	goto err;
2735
2736	*(p++) = s->tlsext_status_type;
2737	l2n3(s->internal->tlsext_ocsp_resplen, p);
2738	memcpy(p, s->internal->tlsext_ocsp_resp, s->internal->tlsext_ocsp_resplen);
2739
2740	ssl3_handshake_msg_finish(s, s->internal->tlsext_ocsp_resplen + 4);
2741		2762
2742	s->internal->state = SSL3_ST_SW_CERT_STATUS_B;	2763	s->internal->state = SSL3_ST_SW_CERT_STATUS_B;
2743	}	2764	}
2744		2765
2745	/* SSL3_ST_SW_CERT_STATUS_B */	2766	/* SSL3_ST_SW_CERT_STATUS_B */
2746	return (ssl3_handshake_write(s));	2767	return (ssl3_handshake_write(s));
		2768
		2769	err:
		2770	CBB_cleanup(&cbb);
		2771
		2772	return (-1);
2747	}	2773	}
2748		2774
2749	/*	2775	/*