diff options
| author | jsing <> | 2020-02-21 16:15:56 +0000 |
|---|---|---|
| committer | jsing <> | 2020-02-21 16:15:56 +0000 |
| commit | 3d8906f4e0f877c9cf01745da0af4a023ae4dc08 (patch) | |
| tree | 732973f1991ddbe573845b78124b13b699a4c7e8 /src | |
| parent | a58cc33cf52a735e4e3090b01bcb6a515d2f62db (diff) | |
| download | openbsd-3d8906f4e0f877c9cf01745da0af4a023ae4dc08.tar.gz openbsd-3d8906f4e0f877c9cf01745da0af4a023ae4dc08.tar.bz2 openbsd-3d8906f4e0f877c9cf01745da0af4a023ae4dc08.zip | |
Convert the DTLS header creation code to CBB.
Also consolidate it into the one place, since there is no reason to write
the epoch and sequence out later.
ok inoguchi@ tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/d1_pkt.c | 47 |
1 files changed, 27 insertions, 20 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 5558c0e872..2cb2d089c8 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_pkt.c,v 1.68 2020/02/21 16:13:16 jsing Exp $ */ | 1 | /* $OpenBSD: d1_pkt.c,v 1.69 2020/02/21 16:15:56 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -1178,12 +1178,15 @@ dtls1_write_bytes(SSL *s, int type, const void *buf, int len) | |||
| 1178 | int | 1178 | int |
| 1179 | do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) | 1179 | do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) |
| 1180 | { | 1180 | { |
| 1181 | unsigned char *p, *pseq; | 1181 | unsigned char *p; |
| 1182 | int i, mac_size, clear = 0; | 1182 | int i, mac_size, clear = 0; |
| 1183 | SSL3_RECORD *wr; | 1183 | SSL3_RECORD *wr; |
| 1184 | SSL3_BUFFER *wb; | 1184 | SSL3_BUFFER *wb; |
| 1185 | SSL_SESSION *sess; | 1185 | SSL_SESSION *sess; |
| 1186 | int bs; | 1186 | int bs; |
| 1187 | CBB cbb; | ||
| 1188 | |||
| 1189 | memset(&cbb, 0, sizeof(cbb)); | ||
| 1187 | 1190 | ||
| 1188 | /* first check if there is a SSL3_BUFFER still being written | 1191 | /* first check if there is a SSL3_BUFFER still being written |
| 1189 | * out. This will happen with non blocking IO */ | 1192 | * out. This will happen with non blocking IO */ |
| @@ -1223,18 +1226,20 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 1223 | 1226 | ||
| 1224 | p = wb->buf; | 1227 | p = wb->buf; |
| 1225 | 1228 | ||
| 1226 | /* write the header */ | 1229 | if (!CBB_init_fixed(&cbb, p, DTLS1_RT_HEADER_LENGTH)) |
| 1227 | 1230 | goto err; | |
| 1228 | *(p++) = type&0xff; | ||
| 1229 | wr->type = type; | ||
| 1230 | |||
| 1231 | *(p++) = (s->version >> 8); | ||
| 1232 | *(p++) = s->version&0xff; | ||
| 1233 | 1231 | ||
| 1234 | /* field where we are to write out packet epoch, seq num and len */ | 1232 | /* Write the header. */ |
| 1235 | pseq = p; | 1233 | if (!CBB_add_u8(&cbb, type)) |
| 1234 | goto err; | ||
| 1235 | if (!CBB_add_u16(&cbb, s->version)) | ||
| 1236 | goto err; | ||
| 1237 | if (!CBB_add_u16(&cbb, D1I(s)->w_epoch)) | ||
| 1238 | goto err; | ||
| 1239 | if (!CBB_add_bytes(&cbb, &(S3I(s)->write_sequence[2]), 6)) | ||
| 1240 | goto err; | ||
| 1236 | 1241 | ||
| 1237 | p += 10; | 1242 | p += DTLS1_RT_HEADER_LENGTH; |
| 1238 | 1243 | ||
| 1239 | /* lets setup the record stuff. */ | 1244 | /* lets setup the record stuff. */ |
| 1240 | 1245 | ||
| @@ -1247,6 +1252,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 1247 | else | 1252 | else |
| 1248 | bs = 0; | 1253 | bs = 0; |
| 1249 | 1254 | ||
| 1255 | wr->type = type; | ||
| 1250 | wr->data = p + bs; | 1256 | wr->data = p + bs; |
| 1251 | /* make room for IV in case of CBC */ | 1257 | /* make room for IV in case of CBC */ |
| 1252 | wr->length = (int)len; | 1258 | wr->length = (int)len; |
| @@ -1283,17 +1289,15 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 1283 | /* ssl3_enc can only have an error on read */ | 1289 | /* ssl3_enc can only have an error on read */ |
| 1284 | s->method->internal->ssl3_enc->enc(s, 1); | 1290 | s->method->internal->ssl3_enc->enc(s, 1); |
| 1285 | 1291 | ||
| 1286 | s2n(D1I(s)->w_epoch, pseq); | 1292 | if (!CBB_add_u16(&cbb, wr->length)) |
| 1287 | memcpy(pseq, &(S3I(s)->write_sequence[2]), 6); | 1293 | goto err; |
| 1288 | pseq += 6; | 1294 | if (!CBB_finish(&cbb, NULL, NULL)) |
| 1289 | 1295 | goto err; | |
| 1290 | /* record length after mac and block padding */ | ||
| 1291 | s2n(wr->length, pseq); | ||
| 1292 | 1296 | ||
| 1293 | /* we should now have | 1297 | /* we should now have |
| 1294 | * wr->data pointing to the encrypted data, which is | 1298 | * wr->data pointing to the encrypted data, which is |
| 1295 | * wr->length long */ | 1299 | * wr->length long */ |
| 1296 | wr->type=type; /* not needed but helps for debugging */ | 1300 | wr->type = type; /* not needed but helps for debugging */ |
| 1297 | wr->length += DTLS1_RT_HEADER_LENGTH; | 1301 | wr->length += DTLS1_RT_HEADER_LENGTH; |
| 1298 | 1302 | ||
| 1299 | tls1_record_sequence_increment(S3I(s)->write_sequence); | 1303 | tls1_record_sequence_increment(S3I(s)->write_sequence); |
| @@ -1310,7 +1314,10 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 1310 | 1314 | ||
| 1311 | /* we now just need to write the buffer */ | 1315 | /* we now just need to write the buffer */ |
| 1312 | return ssl3_write_pending(s, type, buf, len); | 1316 | return ssl3_write_pending(s, type, buf, len); |
| 1313 | err: | 1317 | |
| 1318 | err: | ||
| 1319 | CBB_cleanup(&cbb); | ||
| 1320 | |||
| 1314 | return -1; | 1321 | return -1; |
| 1315 | } | 1322 | } |
| 1316 | 1323 | ||