Uncopy and unpaste dtls1_send_certificate_request() - removes another 80

lines of code, while gaining SIGALGs support.
author: jsing <> 2015-09-12 14:32:24 +0000
committer: jsing <> 2015-09-12 14:32:24 +0000
commit: ddd30c4c28f5907be3ec4f811ed2ea002f0380e6 (patch)
tree: 87d3044abbf271c818fee5b9b7ad4cb5e0019cf3 /src/lib
parent: 967cab81155e7ef61307715e8ba16352a214b90f (diff)
download: openbsd-ddd30c4c28f5907be3ec4f811ed2ea002f0380e6.tar.gz
openbsd-ddd30c4c28f5907be3ec4f811ed2ea002f0380e6.tar.bz2
openbsd-ddd30c4c28f5907be3ec4f811ed2ea002f0380e6.zip
4 files changed, 6 insertions, 160 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 768c39eb25..7eae8ed4e4 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.62 2015/09/12 14:28:23 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.63 2015/09/12 14:32:24 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -429,7 +429,7 @@ dtls1_accept(SSL *s)
                        } else {
                                s->s3->tmp.cert_request = 1;
                                dtls1_start_timer(s);
-                                ret = dtls1_send_certificate_request(s);
+                                ret = ssl3_send_certificate_request(s);
                                if (ret <= 0)
                                        goto end;
                                s->state = SSL3_ST_SW_SRVR_DONE_A;
@@ -700,82 +700,6 @@ dtls1_send_hello_verify_request(SSL *s)
 }
 int
-dtls1_send_certificate_request(SSL *s)
-{
-        unsigned char *p, *d;
-        int i, j, nl, off, n;
-        STACK_OF(X509_NAME) *sk = NULL;
-        X509_NAME *name;
-        BUF_MEM *buf;
-        unsigned int msg_len;
-        if (s->state == SSL3_ST_SW_CERT_REQ_A) {
-                buf = s->init_buf;
-                d = p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
-                /* get the list of acceptable cert types */
-                p++;
-                n = ssl3_get_req_cert_type(s, p);
-                d[0] = n;
-                p += n;
-                n++;
-                off = n;
-                p += 2;
-                n += 2;
-                sk = SSL_get_client_CA_list(s);
-                nl = 0;
-                if (sk != NULL) {
-                        for (i = 0; i < sk_X509_NAME_num(sk); i++) {
-                                name = sk_X509_NAME_value(sk, i);
-                                j = i2d_X509_NAME(name, NULL);
-                                if (!BUF_MEM_grow_clean(buf, DTLS1_HM_HEADER_LENGTH + n + j + 2)) {
-                                        SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
-                                        goto err;
-                                }
-                                p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + n]);
-                                s2n(j, p);
-                                i2d_X509_NAME(name, &p);
-                                n += 2 + j;
-                                nl += 2 + j;
-                        }
-                }
-                /* else no CA names */
-                p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + off]);
-                s2n(nl, p);
-                d = (unsigned char *)buf->data;
-                *(d++) = SSL3_MT_CERTIFICATE_REQUEST;
-                l2n3(n, d);
-                s2n(s->d1->handshake_write_seq, d);
-                s->d1->handshake_write_seq++;
-                /* we should now have things packed up, so lets send
-                 * it off */
-                s->init_num = n + DTLS1_HM_HEADER_LENGTH;
-                s->init_off = 0;
-                /* XDTLS:  set message header ? */
-                msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
-                dtls1_set_message_header(s, (void *)s->init_buf->data,
-                    SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
-                /* buffer the message to handle re-xmits */
-                dtls1_buffer_message(s, 0);
-                s->state = SSL3_ST_SW_CERT_REQ_B;
-        }
-        /* SSL3_ST_SW_CERT_REQ_B */
-        return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
-err:
-        return (-1);
-}
-int
 dtls1_send_server_certificate(SSL *s)
 {
        unsigned long l;
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 768c39eb25..7eae8ed4e4 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.62 2015/09/12 14:28:23 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.63 2015/09/12 14:32:24 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -429,7 +429,7 @@ dtls1_accept(SSL *s)
                        } else {
                                s->s3->tmp.cert_request = 1;
                                dtls1_start_timer(s);
-                                ret = dtls1_send_certificate_request(s);
+                                ret = ssl3_send_certificate_request(s);
                                if (ret <= 0)
                                        goto end;
                                s->state = SSL3_ST_SW_SRVR_DONE_A;
@@ -700,82 +700,6 @@ dtls1_send_hello_verify_request(SSL *s)
 }
 int
-dtls1_send_certificate_request(SSL *s)
-{
-        unsigned char *p, *d;
-        int i, j, nl, off, n;
-        STACK_OF(X509_NAME) *sk = NULL;
-        X509_NAME *name;
-        BUF_MEM *buf;
-        unsigned int msg_len;
-        if (s->state == SSL3_ST_SW_CERT_REQ_A) {
-                buf = s->init_buf;
-                d = p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
-                /* get the list of acceptable cert types */
-                p++;
-                n = ssl3_get_req_cert_type(s, p);
-                d[0] = n;
-                p += n;
-                n++;
-                off = n;
-                p += 2;
-                n += 2;
-                sk = SSL_get_client_CA_list(s);
-                nl = 0;
-                if (sk != NULL) {
-                        for (i = 0; i < sk_X509_NAME_num(sk); i++) {
-                                name = sk_X509_NAME_value(sk, i);
-                                j = i2d_X509_NAME(name, NULL);
-                                if (!BUF_MEM_grow_clean(buf, DTLS1_HM_HEADER_LENGTH + n + j + 2)) {
-                                        SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
-                                        goto err;
-                                }
-                                p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + n]);
-                                s2n(j, p);
-                                i2d_X509_NAME(name, &p);
-                                n += 2 + j;
-                                nl += 2 + j;
-                        }
-                }
-                /* else no CA names */
-                p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + off]);
-                s2n(nl, p);
-                d = (unsigned char *)buf->data;
-                *(d++) = SSL3_MT_CERTIFICATE_REQUEST;
-                l2n3(n, d);
-                s2n(s->d1->handshake_write_seq, d);
-                s->d1->handshake_write_seq++;
-                /* we should now have things packed up, so lets send
-                 * it off */
-                s->init_num = n + DTLS1_HM_HEADER_LENGTH;
-                s->init_off = 0;
-                /* XDTLS:  set message header ? */
-                msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
-                dtls1_set_message_header(s, (void *)s->init_buf->data,
-                    SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
-                /* buffer the message to handle re-xmits */
-                dtls1_buffer_message(s, 0);
-                s->state = SSL3_ST_SW_CERT_REQ_B;
-        }
-        /* SSL3_ST_SW_CERT_REQ_B */
-        return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
-err:
-        return (-1);
-}
-int
 dtls1_send_server_certificate(SSL *s)
 {
        unsigned long l;
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 6f030e6e53..130482dbba 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.125 2015/09/12 14:28:23 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.126 2015/09/12 14:32:24 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -725,7 +725,6 @@ int ssl3_get_cert_verify(SSL *s);
 int ssl3_get_next_proto(SSL *s);
 int dtls1_send_server_certificate(SSL *s);
-int dtls1_send_certificate_request(SSL *s);
 int ssl23_accept(SSL *s);
 int ssl23_connect(SSL *s);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 6f030e6e53..130482dbba 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.125 2015/09/12 14:28:23 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.126 2015/09/12 14:32:24 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -725,7 +725,6 @@ int ssl3_get_cert_verify(SSL *s);
 int ssl3_get_next_proto(SSL *s);
 int dtls1_send_server_certificate(SSL *s);
-int dtls1_send_certificate_request(SSL *s);
 int ssl23_accept(SSL *s);
 int ssl23_connect(SSL *s);
author	jsing <>	2015-09-12 14:32:24 +0000
committer	jsing <>	2015-09-12 14:32:24 +0000
commit	ddd30c4c28f5907be3ec4f811ed2ea002f0380e6 (patch)
tree	87d3044abbf271c818fee5b9b7ad4cb5e0019cf3 /src/lib
parent	967cab81155e7ef61307715e8ba16352a214b90f (diff)
download	openbsd-ddd30c4c28f5907be3ec4f811ed2ea002f0380e6.tar.gz openbsd-ddd30c4c28f5907be3ec4f811ed2ea002f0380e6.tar.bz2 openbsd-ddd30c4c28f5907be3ec4f811ed2ea002f0380e6.zip

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 768c39eb25..7eae8ed4e4 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_srvr.c,v 1.62 2015/09/12 14:28:23 jsing Exp $ */	1	/* $OpenBSD: d1_srvr.c,v 1.63 2015/09/12 14:32:24 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -429,7 +429,7 @@ dtls1_accept(SSL *s)
429	} else {	429	} else {
430	s->s3->tmp.cert_request = 1;	430	s->s3->tmp.cert_request = 1;
431	dtls1_start_timer(s);	431	dtls1_start_timer(s);
432	ret = dtls1_send_certificate_request(s);	432	ret = ssl3_send_certificate_request(s);
433	if (ret <= 0)	433	if (ret <= 0)
434	goto end;	434	goto end;
435	s->state = SSL3_ST_SW_SRVR_DONE_A;	435	s->state = SSL3_ST_SW_SRVR_DONE_A;
@@ -700,82 +700,6 @@ dtls1_send_hello_verify_request(SSL *s)
700	}	700	}
701		701
702	int	702	int
703	dtls1_send_certificate_request(SSL *s)
704	{
705	unsigned char p, d;
706	int i, j, nl, off, n;
707	STACK_OF(X509_NAME) *sk = NULL;
708	X509_NAME *name;
709	BUF_MEM *buf;
710	unsigned int msg_len;
711
712	if (s->state == SSL3_ST_SW_CERT_REQ_A) {
713	buf = s->init_buf;
714
715	d = p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
716
717	/* get the list of acceptable cert types */
718	p++;
719	n = ssl3_get_req_cert_type(s, p);
720	d[0] = n;
721	p += n;
722	n++;
723
724	off = n;
725	p += 2;
726	n += 2;
727
728	sk = SSL_get_client_CA_list(s);
729	nl = 0;
730	if (sk != NULL) {
731	for (i = 0; i < sk_X509_NAME_num(sk); i++) {
732	name = sk_X509_NAME_value(sk, i);
733	j = i2d_X509_NAME(name, NULL);
734	if (!BUF_MEM_grow_clean(buf, DTLS1_HM_HEADER_LENGTH + n + j + 2)) {
735	SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
736	goto err;
737	}
738	p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + n]);
739	s2n(j, p);
740	i2d_X509_NAME(name, &p);
741	n += 2 + j;
742	nl += 2 + j;
743	}
744	}
745	/* else no CA names */
746	p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + off]);
747	s2n(nl, p);
748
749	d = (unsigned char *)buf->data;
750	*(d++) = SSL3_MT_CERTIFICATE_REQUEST;
751	l2n3(n, d);
752	s2n(s->d1->handshake_write_seq, d);
753	s->d1->handshake_write_seq++;
754
755	/* we should now have things packed up, so lets send
756	* it off */
757
758	s->init_num = n + DTLS1_HM_HEADER_LENGTH;
759	s->init_off = 0;
760
761	/* XDTLS: set message header ? */
762	msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
763	dtls1_set_message_header(s, (void *)s->init_buf->data,
764	SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
765
766	/* buffer the message to handle re-xmits */
767	dtls1_buffer_message(s, 0);
768
769	s->state = SSL3_ST_SW_CERT_REQ_B;
770	}
771
772	/* SSL3_ST_SW_CERT_REQ_B */
773	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
774	err:
775	return (-1);
776	}
777
778	int
779	dtls1_send_server_certificate(SSL *s)	703	dtls1_send_server_certificate(SSL *s)
780	{	704	{
781	unsigned long l;	705	unsigned long l;


diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c index 768c39eb25..7eae8ed4e4 100644 --- a/src/lib/libssl/src/ssl/d1_srvr.c +++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_srvr.c,v 1.62 2015/09/12 14:28:23 jsing Exp $ */	1	/* $OpenBSD: d1_srvr.c,v 1.63 2015/09/12 14:32:24 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -429,7 +429,7 @@ dtls1_accept(SSL *s)
429	} else {	429	} else {
430	s->s3->tmp.cert_request = 1;	430	s->s3->tmp.cert_request = 1;
431	dtls1_start_timer(s);	431	dtls1_start_timer(s);
432	ret = dtls1_send_certificate_request(s);	432	ret = ssl3_send_certificate_request(s);
433	if (ret <= 0)	433	if (ret <= 0)
434	goto end;	434	goto end;
435	s->state = SSL3_ST_SW_SRVR_DONE_A;	435	s->state = SSL3_ST_SW_SRVR_DONE_A;
@@ -700,82 +700,6 @@ dtls1_send_hello_verify_request(SSL *s)
700	}	700	}
701		701
702	int	702	int
703	dtls1_send_certificate_request(SSL *s)
704	{
705	unsigned char p, d;
706	int i, j, nl, off, n;
707	STACK_OF(X509_NAME) *sk = NULL;
708	X509_NAME *name;
709	BUF_MEM *buf;
710	unsigned int msg_len;
711
712	if (s->state == SSL3_ST_SW_CERT_REQ_A) {
713	buf = s->init_buf;
714
715	d = p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
716
717	/* get the list of acceptable cert types */
718	p++;
719	n = ssl3_get_req_cert_type(s, p);
720	d[0] = n;
721	p += n;
722	n++;
723
724	off = n;
725	p += 2;
726	n += 2;
727
728	sk = SSL_get_client_CA_list(s);
729	nl = 0;
730	if (sk != NULL) {
731	for (i = 0; i < sk_X509_NAME_num(sk); i++) {
732	name = sk_X509_NAME_value(sk, i);
733	j = i2d_X509_NAME(name, NULL);
734	if (!BUF_MEM_grow_clean(buf, DTLS1_HM_HEADER_LENGTH + n + j + 2)) {
735	SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
736	goto err;
737	}
738	p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + n]);
739	s2n(j, p);
740	i2d_X509_NAME(name, &p);
741	n += 2 + j;
742	nl += 2 + j;
743	}
744	}
745	/* else no CA names */
746	p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + off]);
747	s2n(nl, p);
748
749	d = (unsigned char *)buf->data;
750	*(d++) = SSL3_MT_CERTIFICATE_REQUEST;
751	l2n3(n, d);
752	s2n(s->d1->handshake_write_seq, d);
753	s->d1->handshake_write_seq++;
754
755	/* we should now have things packed up, so lets send
756	* it off */
757
758	s->init_num = n + DTLS1_HM_HEADER_LENGTH;
759	s->init_off = 0;
760
761	/* XDTLS: set message header ? */
762	msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
763	dtls1_set_message_header(s, (void *)s->init_buf->data,
764	SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
765
766	/* buffer the message to handle re-xmits */
767	dtls1_buffer_message(s, 0);
768
769	s->state = SSL3_ST_SW_CERT_REQ_B;
770	}
771
772	/* SSL3_ST_SW_CERT_REQ_B */
773	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
774	err:
775	return (-1);
776	}
777
778	int
779	dtls1_send_server_certificate(SSL *s)	703	dtls1_send_server_certificate(SSL *s)
780	{	704	{
781	unsigned long l;	705	unsigned long l;


diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 6f030e6e53..130482dbba 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.125 2015/09/12 14:28:23 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.126 2015/09/12 14:32:24 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -725,7 +725,6 @@ int ssl3_get_cert_verify(SSL *s);
725	int ssl3_get_next_proto(SSL *s);	725	int ssl3_get_next_proto(SSL *s);
726		726
727	int dtls1_send_server_certificate(SSL *s);	727	int dtls1_send_server_certificate(SSL *s);
728	int dtls1_send_certificate_request(SSL *s);
729		728
730	int ssl23_accept(SSL *s);	729	int ssl23_accept(SSL *s);
731	int ssl23_connect(SSL *s);	730	int ssl23_connect(SSL *s);


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 6f030e6e53..130482dbba 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.125 2015/09/12 14:28:23 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.126 2015/09/12 14:32:24 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -725,7 +725,6 @@ int ssl3_get_cert_verify(SSL *s);
725	int ssl3_get_next_proto(SSL *s);	725	int ssl3_get_next_proto(SSL *s);
726		726
727	int dtls1_send_server_certificate(SSL *s);	727	int dtls1_send_server_certificate(SSL *s);
728	int dtls1_send_certificate_request(SSL *s);
729		728
730	int ssl23_accept(SSL *s);	729	int ssl23_accept(SSL *s);
731	int ssl23_connect(SSL *s);	730	int ssl23_connect(SSL *s);