Convert ssl3_send_client_kex_dhe() to CBB.

ok doug@
author: jsing <> 2016-12-07 13:40:17 +0000
committer: jsing <> 2016-12-07 13:40:17 +0000
commit: 56e95909d58e61a460296a319d62a0a4333ec6c1 (patch)
tree: 0c579fc46a140feba99f1eced8bdadb68c2ac81a /src
parent: 44e1e78161e8bc96a33689084d1e4b3f0f5956a4 (diff)
download: openbsd-56e95909d58e61a460296a319d62a0a4333ec6c1.tar.gz
openbsd-56e95909d58e61a460296a319d62a0a4333ec6c1.tar.bz2
openbsd-56e95909d58e61a460296a319d62a0a4333ec6c1.zip
1 files changed, 23 insertions, 14 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index c88835b91e..136bd4c6b4 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.151 2016/12/06 13:42:32 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.152 2016/12/07 13:40:17 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1938,13 +1938,14 @@ err:
 }
 static int
-ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
+ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
-    int *outlen)
 {
        DH *dh_srvr = NULL, *dh_clnt = NULL;
        unsigned char *key = NULL;
-        int key_size, n;
+        int key_size, key_len;
+        unsigned char *data;
        int ret = -1;
+        CBB dh_Yc;
        /* Ensure that we have an ephemeral key for DHE. */
        if (sess_cert->peer_dh_tmp == NULL) {
@@ -1970,8 +1971,8 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
                    ERR_R_MALLOC_FAILURE);
                goto err;
        }
-        n = DH_compute_key(key, dh_srvr->pub_key, dh_clnt);
+        key_len = DH_compute_key(key, dh_srvr->pub_key, dh_clnt);
-        if (n <= 0) {
+        if (key_len <= 0) {
                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
                goto err;
        }
@@ -1979,15 +1980,16 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
        /* Generate master key from the result. */
        s->session->master_key_length =
            s->method->ssl3_enc->generate_master_secret(s,
-                s->session->master_key, key, n);
+                s->session->master_key, key, key_len);
-        /* Send off the data. */
+        if (!CBB_add_u16_length_prefixed(cbb, &dh_Yc))
-        n = BN_num_bytes(dh_clnt->pub_key);
+                goto err;
-        s2n(n, p);
+        if (!CBB_add_space(&dh_Yc, &data, BN_num_bytes(dh_clnt->pub_key)))
-        BN_bn2bin(dh_clnt->pub_key, p);
+                goto err;
-        n += 2;
+        BN_bn2bin(dh_clnt->pub_key, data);
+        if (!CBB_flush(cbb))
+                goto err;
-        *outlen = n;
        ret = 1;
 err:
@@ -2264,8 +2266,15 @@ ssl3_send_client_key_exchange(SSL *s)
                                goto err;
                        n = (int)outlen;
                } else if (alg_k & SSL_kDHE) {
-                        if (ssl3_send_client_kex_dhe(s, sess_cert, p, &n) != 1)
+                        if (!CBB_init_fixed(&cbb, p, bufend - p))
+                                goto err;
+                        if (ssl3_send_client_kex_dhe(s, sess_cert, &cbb) != 1)
+                                goto err;
+                        if (!CBB_finish(&cbb, NULL, &outlen))
+                                goto err;
+                        if (outlen > INT_MAX)
                                goto err;
+                        n = (int)outlen;
                } else if (alg_k & SSL_kECDHE) {
                        if (ssl3_send_client_kex_ecdhe(s, sess_cert, p,
                            &n) != 1)
author	jsing <>	2016-12-07 13:40:17 +0000
committer	jsing <>	2016-12-07 13:40:17 +0000
commit	56e95909d58e61a460296a319d62a0a4333ec6c1 (patch)
tree	0c579fc46a140feba99f1eced8bdadb68c2ac81a /src
parent	44e1e78161e8bc96a33689084d1e4b3f0f5956a4 (diff)
download	openbsd-56e95909d58e61a460296a319d62a0a4333ec6c1.tar.gz openbsd-56e95909d58e61a460296a319d62a0a4333ec6c1.tar.bz2 openbsd-56e95909d58e61a460296a319d62a0a4333ec6c1.zip