1 files changed, 25 insertions, 57 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 4a2fdf1a23..32b379d98f 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.98 2015/02/06 10:04:07 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.99 2015/02/07 08:56:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -766,23 +766,15 @@ end:
 int
 ssl3_send_hello_request(SSL *s)
 {
-        unsigned char *p;
        if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
-                p = (unsigned char *)s->init_buf->data;
+                ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);
-                *(p++) = SSL3_MT_HELLO_REQUEST;
+                ssl3_handshake_msg_finish(s, 0);
-                *(p++) = 0;
-                *(p++) = 0;
-                *(p++) = 0;
                s->state = SSL3_ST_SW_HELLO_REQ_B;
-                /* number of bytes to write */
-                s->init_num = 4;
-                s->init_off = 0;
        }
        /* SSL3_ST_SW_HELLO_REQ_B */
-        return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+        return (ssl3_handshake_write(s));
 }
 int
@@ -1217,18 +1209,15 @@ err:
 int
 ssl3_send_server_hello(SSL *s)
 {
-        unsigned char *buf;
+        unsigned char *bufend;
        unsigned char *p, *d;
-        unsigned long l;
        int sl;
        if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
-                buf = (unsigned char *)s->init_buf->data;
+                d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);
-                /* Do the message type and length last */
-                d = p= &(buf[4]);
                *(p++) = s->version >> 8;
-                *(p++) = s->version&0xff;
+                *(p++) = s->version & 0xff;
                /* Random stuff */
                memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
@@ -1271,55 +1260,39 @@ ssl3_send_server_hello(SSL *s)
                /* put the compression method */
                *(p++) = 0;
                if (ssl_prepare_serverhello_tlsext(s) <= 0) {
                        SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
                            SSL_R_SERVERHELLO_TLSEXT);
                        return (-1);
                }
-                if ((p = ssl_add_serverhello_tlsext(s, p,
+                bufend = (unsigned char *)s->init_buf->data +
-                    buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
+                    SSL3_RT_MAX_PLAIN_LENGTH;
+                if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) {
                        SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
                            ERR_R_INTERNAL_ERROR);
                        return (-1);
                }
-                /* do the header */
-                l = (p - d);
-                d = buf;
-                *(d++) = SSL3_MT_SERVER_HELLO;
-                l2n3(l, d);
-                s->state = SSL3_ST_SW_SRVR_HELLO_B;
+                ssl3_handshake_msg_finish(s, p - d);
-                /* number of bytes to write */
-                s->init_num = p - buf;
-                s->init_off = 0;
        }
        /* SSL3_ST_SW_SRVR_HELLO_B */
-        return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+        return (ssl3_handshake_write(s));
 }
 int
 ssl3_send_server_done(SSL *s)
 {
-        unsigned char *p;
        if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
-                p = (unsigned char *)s->init_buf->data;
+                ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);
+                ssl3_handshake_msg_finish(s, 0);
-                /* do the header */
-                *(p++) = SSL3_MT_SERVER_DONE;
-                *(p++) = 0;
-                *(p++) = 0;
-                *(p++) = 0;
                s->state = SSL3_ST_SW_SRVR_DONE_B;
-                /* number of bytes to write */
-                s->init_num = 4;
-                s->init_off = 0;
        }
        /* SSL3_ST_SW_SRVR_DONE_B */
-        return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+        return (ssl3_handshake_write(s));
 }
 int
@@ -2790,37 +2763,32 @@ ssl3_send_newsession_ticket(SSL *s)
 int
 ssl3_send_cert_status(SSL *s)
 {
+        unsigned char *p;
        if (s->state == SSL3_ST_SW_CERT_STATUS_A) {
-                unsigned char *p;
                /*
                 * Grow buffer if need be: the length calculation is as
                 * follows 1 (message type) + 3 (message length) +
                 * 1 (ocsp response type) + 3 (ocsp response length)
                 * + (ocsp response)
                 */
-                if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))
+                if (!BUF_MEM_grow(s->init_buf, SSL3_HM_HEADER_LENGTH + 4 +
+                    s->tlsext_ocsp_resplen))
                        return (-1);
-                p = (unsigned char *)s->init_buf->data;
+                p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_STATUS);
-                /* do the header */
-                *(p++) = SSL3_MT_CERTIFICATE_STATUS;
-                /* message length */
-                l2n3(s->tlsext_ocsp_resplen + 4, p);
-                /* status type */
                *(p++) = s->tlsext_status_type;
-                /* length of OCSP response */
                l2n3(s->tlsext_ocsp_resplen, p);
-                /* actual response */
                memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
-                /* number of bytes to write */
-                s->init_num = 8 + s->tlsext_ocsp_resplen;
+                ssl3_handshake_msg_finish(s, s->tlsext_ocsp_resplen + 4);
                s->state = SSL3_ST_SW_CERT_STATUS_B;
-                s->init_off = 0;
        }
        /* SSL3_ST_SW_CERT_STATUS_B */
-        return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+        return (ssl3_handshake_write(s));
 }
 /*

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 4a2fdf1a23..32b379d98f 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.98 2015/02/06 10:04:07 jsing Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.99 2015/02/07 08:56:39 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -766,23 +766,15 @@ end:
766	int	766	int
767	ssl3_send_hello_request(SSL *s)	767	ssl3_send_hello_request(SSL *s)
768	{	768	{
769	unsigned char *p;
770
771	if (s->state == SSL3_ST_SW_HELLO_REQ_A) {	769	if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
772	p = (unsigned char *)s->init_buf->data;	770	ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);
773	*(p++) = SSL3_MT_HELLO_REQUEST;	771	ssl3_handshake_msg_finish(s, 0);
774	*(p++) = 0;
775	*(p++) = 0;
776	*(p++) = 0;
777		772
778	s->state = SSL3_ST_SW_HELLO_REQ_B;	773	s->state = SSL3_ST_SW_HELLO_REQ_B;
779	/* number of bytes to write */
780	s->init_num = 4;
781	s->init_off = 0;
782	}	774	}
783		775
784	/* SSL3_ST_SW_HELLO_REQ_B */	776	/* SSL3_ST_SW_HELLO_REQ_B */
785	return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));	777	return (ssl3_handshake_write(s));
786	}	778	}
787		779
788	int	780	int
@@ -1217,18 +1209,15 @@ err:
1217	int	1209	int
1218	ssl3_send_server_hello(SSL *s)	1210	ssl3_send_server_hello(SSL *s)
1219	{	1211	{
1220	unsigned char *buf;	1212	unsigned char *bufend;
1221	unsigned char p, d;	1213	unsigned char p, d;
1222	unsigned long l;
1223	int sl;	1214	int sl;
1224		1215
1225	if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {	1216	if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
1226	buf = (unsigned char *)s->init_buf->data;	1217	d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);
1227	/* Do the message type and length last */
1228	d = p= &(buf[4]);
1229		1218
1230	*(p++) = s->version >> 8;	1219	*(p++) = s->version >> 8;
1231	*(p++) = s->version&0xff;	1220	*(p++) = s->version & 0xff;
1232		1221
1233	/* Random stuff */	1222	/* Random stuff */
1234	memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);	1223	memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
@@ -1271,55 +1260,39 @@ ssl3_send_server_hello(SSL *s)
1271		1260
1272	/* put the compression method */	1261	/* put the compression method */
1273	*(p++) = 0;	1262	*(p++) = 0;
		1263
1274	if (ssl_prepare_serverhello_tlsext(s) <= 0) {	1264	if (ssl_prepare_serverhello_tlsext(s) <= 0) {
1275	SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,	1265	SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
1276	SSL_R_SERVERHELLO_TLSEXT);	1266	SSL_R_SERVERHELLO_TLSEXT);
1277	return (-1);	1267	return (-1);
1278	}	1268	}
1279	if ((p = ssl_add_serverhello_tlsext(s, p,	1269	bufend = (unsigned char *)s->init_buf->data +
1280	buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {	1270	SSL3_RT_MAX_PLAIN_LENGTH;
		1271	if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) {
1281	SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,	1272	SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
1282	ERR_R_INTERNAL_ERROR);	1273	ERR_R_INTERNAL_ERROR);
1283	return (-1);	1274	return (-1);
1284	}	1275	}
1285	/* do the header */
1286	l = (p - d);
1287	d = buf;
1288	*(d++) = SSL3_MT_SERVER_HELLO;
1289	l2n3(l, d);
1290		1276
1291	s->state = SSL3_ST_SW_SRVR_HELLO_B;	1277	ssl3_handshake_msg_finish(s, p - d);
1292	/* number of bytes to write */
1293	s->init_num = p - buf;
1294	s->init_off = 0;
1295	}	1278	}
1296		1279
1297	/* SSL3_ST_SW_SRVR_HELLO_B */	1280	/* SSL3_ST_SW_SRVR_HELLO_B */
1298	return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));	1281	return (ssl3_handshake_write(s));
1299	}	1282	}
1300		1283
1301	int	1284	int
1302	ssl3_send_server_done(SSL *s)	1285	ssl3_send_server_done(SSL *s)
1303	{	1286	{
1304	unsigned char *p;
1305
1306	if (s->state == SSL3_ST_SW_SRVR_DONE_A) {	1287	if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
1307	p = (unsigned char *)s->init_buf->data;	1288	ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);
1308		1289	ssl3_handshake_msg_finish(s, 0);
1309	/* do the header */
1310	*(p++) = SSL3_MT_SERVER_DONE;
1311	*(p++) = 0;
1312	*(p++) = 0;
1313	*(p++) = 0;
1314		1290
1315	s->state = SSL3_ST_SW_SRVR_DONE_B;	1291	s->state = SSL3_ST_SW_SRVR_DONE_B;
1316	/* number of bytes to write */
1317	s->init_num = 4;
1318	s->init_off = 0;
1319	}	1292	}
1320		1293
1321	/* SSL3_ST_SW_SRVR_DONE_B */	1294	/* SSL3_ST_SW_SRVR_DONE_B */
1322	return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));	1295	return (ssl3_handshake_write(s));
1323	}	1296	}
1324		1297
1325	int	1298	int
@@ -2790,37 +2763,32 @@ ssl3_send_newsession_ticket(SSL *s)
2790	int	2763	int
2791	ssl3_send_cert_status(SSL *s)	2764	ssl3_send_cert_status(SSL *s)
2792	{	2765	{
		2766	unsigned char *p;
		2767
2793	if (s->state == SSL3_ST_SW_CERT_STATUS_A) {	2768	if (s->state == SSL3_ST_SW_CERT_STATUS_A) {
2794	unsigned char *p;
2795	/*	2769	/*
2796	* Grow buffer if need be: the length calculation is as	2770	* Grow buffer if need be: the length calculation is as
2797	* follows 1 (message type) + 3 (message length) +	2771	* follows 1 (message type) + 3 (message length) +
2798	* 1 (ocsp response type) + 3 (ocsp response length)	2772	* 1 (ocsp response type) + 3 (ocsp response length)
2799	* + (ocsp response)	2773	* + (ocsp response)
2800	*/	2774	*/
2801	if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))	2775	if (!BUF_MEM_grow(s->init_buf, SSL3_HM_HEADER_LENGTH + 4 +
		2776	s->tlsext_ocsp_resplen))
2802	return (-1);	2777	return (-1);
2803		2778
2804	p = (unsigned char *)s->init_buf->data;	2779	p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_STATUS);
2805		2780
2806	/* do the header */
2807	*(p++) = SSL3_MT_CERTIFICATE_STATUS;
2808	/* message length */
2809	l2n3(s->tlsext_ocsp_resplen + 4, p);
2810	/* status type */
2811	*(p++) = s->tlsext_status_type;	2781	*(p++) = s->tlsext_status_type;
2812	/* length of OCSP response */
2813	l2n3(s->tlsext_ocsp_resplen, p);	2782	l2n3(s->tlsext_ocsp_resplen, p);
2814	/* actual response */
2815	memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);	2783	memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
2816	/* number of bytes to write */	2784
2817	s->init_num = 8 + s->tlsext_ocsp_resplen;	2785	ssl3_handshake_msg_finish(s, s->tlsext_ocsp_resplen + 4);
		2786
2818	s->state = SSL3_ST_SW_CERT_STATUS_B;	2787	s->state = SSL3_ST_SW_CERT_STATUS_B;
2819	s->init_off = 0;
2820	}	2788	}
2821		2789
2822	/* SSL3_ST_SW_CERT_STATUS_B */	2790	/* SSL3_ST_SW_CERT_STATUS_B */
2823	return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));	2791	return (ssl3_handshake_write(s));
2824	}	2792	}
2825		2793
2826	/*	2794	/*