Fully convert ssl3_send_server_hello() to CBB.

Based on a diff from doug@
author: jsing <> 2017-10-11 16:51:39 +0000
committer: jsing <> 2017-10-11 16:51:39 +0000
commit: e64dc34242390cd4a16eb683e606c5beccbb9aa7 (patch)
tree: 2fe8124781fd11334215e44437c46397432bc7a3 /src/lib/libssl/ssl_srvr.c
parent: 62790ade0e2b202d99093dd2d8dc2df8284e2543 (diff)
download: openbsd-e64dc34242390cd4a16eb683e606c5beccbb9aa7.tar.gz
openbsd-e64dc34242390cd4a16eb683e606c5beccbb9aa7.tar.bz2
openbsd-e64dc34242390cd4a16eb683e606c5beccbb9aa7.zip
1 files changed, 17 insertions, 25 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 723d82fc82..5e10fa01f4 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.24 2017/10/10 16:51:38 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.25 2017/10/11 16:51:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -166,6 +166,7 @@
 #include <openssl/x509.h>
 #include "bytestring.h"
+#include "ssl_tlsext.h"
 int
 ssl3_accept(SSL *s)
@@ -1046,25 +1047,19 @@ err:
 int
 ssl3_send_server_hello(SSL *s)
 {
-        unsigned char *bufend;
+        CBB cbb, server_hello, session_id;
-        unsigned char *p, *d;
+        size_t sl;
-        CBB cbb, session_id;
-        size_t outlen;
-        int sl;
        memset(&cbb, 0, sizeof(cbb));
-        bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
        if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
-                d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);
+                if (!ssl3_handshake_msg_start_cbb(s, &cbb, &server_hello,
+                    SSL3_MT_SERVER_HELLO))
-                if (!CBB_init_fixed(&cbb, p, bufend - p))
                        goto err;
-                if (!CBB_add_u16(&cbb, s->version))
+                if (!CBB_add_u16(&server_hello, s->version))
                        goto err;
-                if (!CBB_add_bytes(&cbb, s->s3->server_random,
+                if (!CBB_add_bytes(&server_hello, s->s3->server_random,
                    sizeof(s->s3->server_random)))
                        goto err;
@@ -1091,35 +1086,32 @@ ssl3_send_server_hello(SSL *s)
                        s->session->session_id_length = 0;
                sl = s->session->session_id_length;
-                if (sl > (int)sizeof(s->session->session_id)) {
+                if (sl > sizeof(s->session->session_id)) {
                        SSLerror(s, ERR_R_INTERNAL_ERROR);
                        goto err;
                }
+                if (!CBB_add_u8_length_prefixed(&server_hello, &session_id))
-                if (!CBB_add_u8_length_prefixed(&cbb, &session_id))
                        goto err;
                if (!CBB_add_bytes(&session_id, s->session->session_id, sl))
                        goto err;
                /* Cipher suite. */
-                if (!CBB_add_u16(&cbb,
+                if (!CBB_add_u16(&server_hello,
                    ssl3_cipher_get_value(S3I(s)->hs.new_cipher)))
                        goto err;
-                /* Compression method. */
+                /* Compression method (null). */
-                if (!CBB_add_u8(&cbb, 0))
+                if (!CBB_add_u8(&server_hello, 0))
                        goto err;
-                if (!CBB_finish(&cbb, NULL, &outlen))
+                /* TLS extensions */
-                        goto err;
+                if (!tlsext_serverhello_build(s, &server_hello)) {
-                if ((p = ssl_add_serverhello_tlsext(s, p + outlen,
-                    bufend)) == NULL) {
                        SSLerror(s, ERR_R_INTERNAL_ERROR);
                        goto err;
                }
-                ssl3_handshake_msg_finish(s, p - d);
+                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
+                        goto err;
        }
        /* SSL3_ST_SW_SRVR_HELLO_B */
author	jsing <>	2017-10-11 16:51:39 +0000
committer	jsing <>	2017-10-11 16:51:39 +0000
commit	e64dc34242390cd4a16eb683e606c5beccbb9aa7 (patch)
tree	2fe8124781fd11334215e44437c46397432bc7a3 /src/lib/libssl/ssl_srvr.c
parent	62790ade0e2b202d99093dd2d8dc2df8284e2543 (diff)
download	openbsd-e64dc34242390cd4a16eb683e606c5beccbb9aa7.tar.gz openbsd-e64dc34242390cd4a16eb683e606c5beccbb9aa7.tar.bz2 openbsd-e64dc34242390cd4a16eb683e606c5beccbb9aa7.zip

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 723d82fc82..5e10fa01f4 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.24 2017/10/10 16:51:38 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.25 2017/10/11 16:51:39 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -166,6 +166,7 @@
166	#include <openssl/x509.h>	166	#include <openssl/x509.h>
167		167
168	#include "bytestring.h"	168	#include "bytestring.h"
		169	#include "ssl_tlsext.h"
169		170
170	int	171	int
171	ssl3_accept(SSL *s)	172	ssl3_accept(SSL *s)
@@ -1046,25 +1047,19 @@ err:
1046	int	1047	int
1047	ssl3_send_server_hello(SSL *s)	1048	ssl3_send_server_hello(SSL *s)
1048	{	1049	{
1049	unsigned char *bufend;	1050	CBB cbb, server_hello, session_id;
1050	unsigned char p, d;	1051	size_t sl;
1051	CBB cbb, session_id;
1052	size_t outlen;
1053	int sl;
1054		1052
1055	memset(&cbb, 0, sizeof(cbb));	1053	memset(&cbb, 0, sizeof(cbb));
1056		1054
1057	bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
1058
1059	if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {	1055	if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
1060	d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);	1056	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &server_hello,
1061		1057	SSL3_MT_SERVER_HELLO))
1062	if (!CBB_init_fixed(&cbb, p, bufend - p))
1063	goto err;	1058	goto err;
1064		1059
1065	if (!CBB_add_u16(&cbb, s->version))	1060	if (!CBB_add_u16(&server_hello, s->version))
1066	goto err;	1061	goto err;
1067	if (!CBB_add_bytes(&cbb, s->s3->server_random,	1062	if (!CBB_add_bytes(&server_hello, s->s3->server_random,
1068	sizeof(s->s3->server_random)))	1063	sizeof(s->s3->server_random)))
1069	goto err;	1064	goto err;
1070		1065
@@ -1091,35 +1086,32 @@ ssl3_send_server_hello(SSL *s)
1091	s->session->session_id_length = 0;	1086	s->session->session_id_length = 0;
1092		1087
1093	sl = s->session->session_id_length;	1088	sl = s->session->session_id_length;
1094	if (sl > (int)sizeof(s->session->session_id)) {	1089	if (sl > sizeof(s->session->session_id)) {
1095	SSLerror(s, ERR_R_INTERNAL_ERROR);	1090	SSLerror(s, ERR_R_INTERNAL_ERROR);
1096	goto err;	1091	goto err;
1097	}	1092	}
1098		1093	if (!CBB_add_u8_length_prefixed(&server_hello, &session_id))
1099	if (!CBB_add_u8_length_prefixed(&cbb, &session_id))
1100	goto err;	1094	goto err;
1101	if (!CBB_add_bytes(&session_id, s->session->session_id, sl))	1095	if (!CBB_add_bytes(&session_id, s->session->session_id, sl))
1102	goto err;	1096	goto err;
1103		1097
1104	/* Cipher suite. */	1098	/* Cipher suite. */
1105	if (!CBB_add_u16(&cbb,	1099	if (!CBB_add_u16(&server_hello,
1106	ssl3_cipher_get_value(S3I(s)->hs.new_cipher)))	1100	ssl3_cipher_get_value(S3I(s)->hs.new_cipher)))
1107	goto err;	1101	goto err;
1108		1102
1109	/* Compression method. */	1103	/* Compression method (null). */
1110	if (!CBB_add_u8(&cbb, 0))	1104	if (!CBB_add_u8(&server_hello, 0))
1111	goto err;	1105	goto err;
1112		1106
1113	if (!CBB_finish(&cbb, NULL, &outlen))	1107	/* TLS extensions */
1114	goto err;	1108	if (!tlsext_serverhello_build(s, &server_hello)) {
1115
1116	if ((p = ssl_add_serverhello_tlsext(s, p + outlen,
1117	bufend)) == NULL) {
1118	SSLerror(s, ERR_R_INTERNAL_ERROR);	1109	SSLerror(s, ERR_R_INTERNAL_ERROR);
1119	goto err;	1110	goto err;
1120	}	1111	}
1121		1112
1122	ssl3_handshake_msg_finish(s, p - d);	1113	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
		1114	goto err;
1123	}	1115	}
1124		1116
1125	/* SSL3_ST_SW_SRVR_HELLO_B */	1117	/* SSL3_ST_SW_SRVR_HELLO_B */