summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
-rw-r--r--src/lib/libssl/s3_clnt.c54
1 files changed, 12 insertions, 42 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 68d6b1a9cf..6c9639bbdd 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.154 2016/12/13 16:07:00 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.155 2016/12/13 16:10:21 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2223,18 +2223,11 @@ ssl3_send_client_key_exchange(SSL *s)
2223{ 2223{
2224 SESS_CERT *sess_cert; 2224 SESS_CERT *sess_cert;
2225 unsigned long alg_k; 2225 unsigned long alg_k;
2226 unsigned char *bufend, *p; 2226 CBB cbb, kex;
2227 size_t outlen;
2228 int n = 0;
2229 CBB cbb;
2230 2227
2231 memset(&cbb, 0, sizeof(cbb)); 2228 memset(&cbb, 0, sizeof(cbb));
2232 2229
2233 bufend = (unsigned char *)s->init_buf->data + s->init_buf->max;
2234
2235 if (s->state == SSL3_ST_CW_KEY_EXCH_A) { 2230 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
2236 p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE);
2237
2238 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2231 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2239 2232
2240 if ((sess_cert = s->session->sess_cert) == NULL) { 2233 if ((sess_cert = s->session->sess_cert) == NULL) {
@@ -2245,46 +2238,22 @@ ssl3_send_client_key_exchange(SSL *s)
2245 goto err; 2238 goto err;
2246 } 2239 }
2247 2240
2241 if (!ssl3_handshake_msg_start_cbb(s, &cbb, &kex,
2242 SSL3_MT_CLIENT_KEY_EXCHANGE))
2243 goto err;
2244
2248 if (alg_k & SSL_kRSA) { 2245 if (alg_k & SSL_kRSA) {
2249 if (!CBB_init_fixed(&cbb, p, bufend - p)) 2246 if (ssl3_send_client_kex_rsa(s, sess_cert, &kex) != 1)
2250 goto err;
2251 if (ssl3_send_client_kex_rsa(s, sess_cert, &cbb) != 1)
2252 goto err; 2247 goto err;
2253 if (!CBB_finish(&cbb, NULL, &outlen))
2254 goto err;
2255 if (outlen > INT_MAX)
2256 goto err;
2257 n = (int)outlen;
2258 } else if (alg_k & SSL_kDHE) { 2248 } else if (alg_k & SSL_kDHE) {
2259 if (!CBB_init_fixed(&cbb, p, bufend - p)) 2249 if (ssl3_send_client_kex_dhe(s, sess_cert, &kex) != 1)
2260 goto err;
2261 if (ssl3_send_client_kex_dhe(s, sess_cert, &cbb) != 1)
2262 goto err;
2263 if (!CBB_finish(&cbb, NULL, &outlen))
2264 goto err;
2265 if (outlen > INT_MAX)
2266 goto err; 2250 goto err;
2267 n = (int)outlen;
2268 } else if (alg_k & SSL_kECDHE) { 2251 } else if (alg_k & SSL_kECDHE) {
2269 if (!CBB_init_fixed(&cbb, p, bufend - p)) 2252 if (ssl3_send_client_kex_ecdhe(s, sess_cert, &kex) != 1)
2270 goto err; 2253 goto err;
2271 if (ssl3_send_client_kex_ecdhe(s, sess_cert, &cbb) != 1)
2272 goto err;
2273 if (!CBB_finish(&cbb, NULL, &outlen))
2274 goto err;
2275 if (outlen > INT_MAX)
2276 goto err;
2277 n = (int)outlen;
2278 } else if (alg_k & SSL_kGOST) { 2254 } else if (alg_k & SSL_kGOST) {
2279 if (!CBB_init_fixed(&cbb, p, bufend - p)) 2255 if (ssl3_send_client_kex_gost(s, sess_cert, &kex) != 1)
2280 goto err;
2281 if (ssl3_send_client_kex_gost(s, sess_cert, &cbb) != 1)
2282 goto err;
2283 if (!CBB_finish(&cbb, NULL, &outlen))
2284 goto err; 2256 goto err;
2285 if (outlen > INT_MAX)
2286 goto err;
2287 n = (int)outlen;
2288 } else { 2257 } else {
2289 ssl3_send_alert(s, SSL3_AL_FATAL, 2258 ssl3_send_alert(s, SSL3_AL_FATAL,
2290 SSL_AD_HANDSHAKE_FAILURE); 2259 SSL_AD_HANDSHAKE_FAILURE);
@@ -2293,7 +2262,8 @@ ssl3_send_client_key_exchange(SSL *s)
2293 goto err; 2262 goto err;
2294 } 2263 }
2295 2264
2296 ssl3_handshake_msg_finish(s, n); 2265 if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
2266 goto err;
2297 2267
2298 s->state = SSL3_ST_CW_KEY_EXCH_B; 2268 s->state = SSL3_ST_CW_KEY_EXCH_B;
2299 } 2269 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-10 23:13:56 +0000