1 files changed, 45 insertions, 36 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 6343ec276d..33352705d1 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.20 2017/10/10 15:42:32 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.21 2017/10/11 17:35:00 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -170,6 +170,7 @@
 #endif
 #include "bytestring.h"
+#include "ssl_tlsext.h"
 static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b);
@@ -662,12 +663,12 @@ end:
 int
 ssl3_client_hello(SSL *s)
 {
-        unsigned char   *bufend, *p, *d;
+        CBB cbb, client_hello, session_id, cookie, cipher_suites;
-        uint16_t         max_version;
+        CBB compression_methods;
-        size_t           outlen;
+        uint16_t max_version;
-        int              i;
+        size_t sl;
-        bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
+        memset(&cbb, 0, sizeof(cbb));
        if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_A) {
                SSL_SESSION *sess = s->session;
@@ -695,7 +696,9 @@ ssl3_client_hello(SSL *s)
                if (!SSL_IS_DTLS(s) || D1I(s)->send_cookie == 0)
                        arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
-                d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
+                if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_hello,
+                    SSL3_MT_CLIENT_HELLO))
+                        goto err;
                /*
                 * Version indicates the negotiated version: for example from
@@ -727,27 +730,27 @@ ssl3_client_hello(SSL *s)
                 * client_version in client hello and not resetting it to
                 * the negotiated version.
                 */
+                if (!CBB_add_u16(&client_hello, s->client_version))
-                *(p++) = s->client_version >> 8;
+                        goto err;
-                *(p++) = s->client_version & 0xff;
                /* Random stuff */
-                memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+                if (!CBB_add_bytes(&client_hello, s->s3->client_random,
-                p += SSL3_RANDOM_SIZE;
+                    sizeof(s->s3->client_random)))
+                        goto err;
                /* Session ID */
-                if (s->internal->new_session)
+                if (!CBB_add_u8_length_prefixed(&client_hello, &session_id))
-                        i = 0;
+                        goto err;
-                else
+                if (!s->internal->new_session &&
-                        i = s->session->session_id_length;
+                    s->session->session_id_length > 0) {
-                *(p++) = i;
+                        sl = s->session->session_id_length;
-                if (i != 0) {
+                        if (sl > sizeof(s->session->session_id)) {
-                        if (i > (int)sizeof(s->session->session_id)) {
                                SSLerror(s, ERR_R_INTERNAL_ERROR);
                                goto err;
                        }
-                        memcpy(p, s->session->session_id, i);
+                        if (!CBB_add_bytes(&session_id,
-                        p += i;
+                            s->session->session_id, sl))
+                                goto err;
                }
                /* DTLS Cookie. */
@@ -756,33 +759,37 @@ ssl3_client_hello(SSL *s)
                                SSLerror(s, ERR_R_INTERNAL_ERROR);
                                goto err;
                        }
-                        *(p++) = D1I(s)->cookie_len;
+                        if (!CBB_add_u8_length_prefixed(&client_hello, &cookie))
-                        memcpy(p, D1I(s)->cookie, D1I(s)->cookie_len);
+                                goto err;
-                        p += D1I(s)->cookie_len;
+                        if (!CBB_add_bytes(&cookie, D1I(s)->cookie,
+                            D1I(s)->cookie_len))
+                                goto err;
                }
                /* Ciphers supported */
-                if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2],
+                if (!CBB_add_u16_length_prefixed(&client_hello, &cipher_suites))
-                    bufend - &p[2], &outlen))
+                        return 0;
-                        goto err;
+                if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s),
-                if (outlen == 0) {
+                    &cipher_suites)) {
                        SSLerror(s, SSL_R_NO_CIPHERS_AVAILABLE);
                        goto err;
                }
-                s2n(outlen, p);
-                p += outlen;
-                /* add in (no) COMPRESSION */
+                /* Add in compression methods (null) */
-                *(p++) = 1;
+                if (!CBB_add_u8_length_prefixed(&client_hello,
-                *(p++) = 0; /* Add the NULL method */
+                    &compression_methods))
+                        goto err;
+                if (!CBB_add_u8(&compression_methods, 0))
+                        goto err;
-                /* TLS extensions*/
+                /* TLS extensions */
-                if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
+                if (!tlsext_clienthello_build(s, &client_hello)) {
                        SSLerror(s, ERR_R_INTERNAL_ERROR);
                        goto err;
                }
-                ssl3_handshake_msg_finish(s, p - d);
+                if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
+                        goto err;
                S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_B;
        }
@@ -791,6 +798,8 @@ ssl3_client_hello(SSL *s)
        return (ssl3_handshake_write(s));
 err:
+        CBB_cleanup(&cbb);
        return (-1);
 }

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 6343ec276d..33352705d1 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.20 2017/10/10 15:42:32 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.21 2017/10/11 17:35:00 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -170,6 +170,7 @@
170	#endif	170	#endif
171		171
172	#include "bytestring.h"	172	#include "bytestring.h"
		173	#include "ssl_tlsext.h"
173		174
174	static int ca_dn_cmp(const X509_NAME * const a, const X509_NAME const *b);	175	static int ca_dn_cmp(const X509_NAME * const a, const X509_NAME const *b);
175		176
@@ -662,12 +663,12 @@ end:
662	int	663	int
663	ssl3_client_hello(SSL *s)	664	ssl3_client_hello(SSL *s)
664	{	665	{
665	unsigned char bufend, p, *d;	666	CBB cbb, client_hello, session_id, cookie, cipher_suites;
666	uint16_t max_version;	667	CBB compression_methods;
667	size_t outlen;	668	uint16_t max_version;
668	int i;	669	size_t sl;
669		670
670	bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;	671	memset(&cbb, 0, sizeof(cbb));
671		672
672	if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_A) {	673	if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_A) {
673	SSL_SESSION *sess = s->session;	674	SSL_SESSION *sess = s->session;
@@ -695,7 +696,9 @@ ssl3_client_hello(SSL *s)
695	if (!SSL_IS_DTLS(s) \|\| D1I(s)->send_cookie == 0)	696	if (!SSL_IS_DTLS(s) \|\| D1I(s)->send_cookie == 0)
696	arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);	697	arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
697		698
698	d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);	699	if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_hello,
		700	SSL3_MT_CLIENT_HELLO))
		701	goto err;
699		702
700	/*	703	/*
701	* Version indicates the negotiated version: for example from	704	* Version indicates the negotiated version: for example from
@@ -727,27 +730,27 @@ ssl3_client_hello(SSL *s)
727	* client_version in client hello and not resetting it to	730	* client_version in client hello and not resetting it to
728	* the negotiated version.	731	* the negotiated version.
729	*/	732	*/
730		733	if (!CBB_add_u16(&client_hello, s->client_version))
731	*(p++) = s->client_version >> 8;	734	goto err;
732	*(p++) = s->client_version & 0xff;
733		735
734	/* Random stuff */	736	/* Random stuff */
735	memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);	737	if (!CBB_add_bytes(&client_hello, s->s3->client_random,
736	p += SSL3_RANDOM_SIZE;	738	sizeof(s->s3->client_random)))
		739	goto err;
737		740
738	/* Session ID */	741	/* Session ID */
739	if (s->internal->new_session)	742	if (!CBB_add_u8_length_prefixed(&client_hello, &session_id))
740	i = 0;	743	goto err;
741	else	744	if (!s->internal->new_session &&
742	i = s->session->session_id_length;	745	s->session->session_id_length > 0) {
743	*(p++) = i;	746	sl = s->session->session_id_length;
744	if (i != 0) {	747	if (sl > sizeof(s->session->session_id)) {
745	if (i > (int)sizeof(s->session->session_id)) {
746	SSLerror(s, ERR_R_INTERNAL_ERROR);	748	SSLerror(s, ERR_R_INTERNAL_ERROR);
747	goto err;	749	goto err;
748	}	750	}
749	memcpy(p, s->session->session_id, i);	751	if (!CBB_add_bytes(&session_id,
750	p += i;	752	s->session->session_id, sl))
		753	goto err;
751	}	754	}
752		755
753	/* DTLS Cookie. */	756	/* DTLS Cookie. */
@@ -756,33 +759,37 @@ ssl3_client_hello(SSL *s)
756	SSLerror(s, ERR_R_INTERNAL_ERROR);	759	SSLerror(s, ERR_R_INTERNAL_ERROR);
757	goto err;	760	goto err;
758	}	761	}
759	*(p++) = D1I(s)->cookie_len;	762	if (!CBB_add_u8_length_prefixed(&client_hello, &cookie))
760	memcpy(p, D1I(s)->cookie, D1I(s)->cookie_len);	763	goto err;
761	p += D1I(s)->cookie_len;	764	if (!CBB_add_bytes(&cookie, D1I(s)->cookie,
		765	D1I(s)->cookie_len))
		766	goto err;
762	}	767	}
763		768
764	/* Ciphers supported */	769	/* Ciphers supported */
765	if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2],	770	if (!CBB_add_u16_length_prefixed(&client_hello, &cipher_suites))
766	bufend - &p[2], &outlen))	771	return 0;
767	goto err;	772	if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s),
768	if (outlen == 0) {	773	&cipher_suites)) {
769	SSLerror(s, SSL_R_NO_CIPHERS_AVAILABLE);	774	SSLerror(s, SSL_R_NO_CIPHERS_AVAILABLE);
770	goto err;	775	goto err;
771	}	776	}
772	s2n(outlen, p);
773	p += outlen;
774		777
775	/* add in (no) COMPRESSION */	778	/* Add in compression methods (null) */
776	*(p++) = 1;	779	if (!CBB_add_u8_length_prefixed(&client_hello,
777	(p++) = 0; / Add the NULL method */	780	&compression_methods))
		781	goto err;
		782	if (!CBB_add_u8(&compression_methods, 0))
		783	goto err;
778		784
779	/* TLS extensions*/	785	/* TLS extensions */
780	if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {	786	if (!tlsext_clienthello_build(s, &client_hello)) {
781	SSLerror(s, ERR_R_INTERNAL_ERROR);	787	SSLerror(s, ERR_R_INTERNAL_ERROR);
782	goto err;	788	goto err;
783	}	789	}
784		790
785	ssl3_handshake_msg_finish(s, p - d);	791	if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
		792	goto err;
786		793
787	S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_B;	794	S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_B;
788	}	795	}
@@ -791,6 +798,8 @@ ssl3_client_hello(SSL *s)
791	return (ssl3_handshake_write(s));	798	return (ssl3_handshake_write(s));
792		799
793	err:	800	err:
		801	CBB_cleanup(&cbb);
		802
794	return (-1);	803	return (-1);
795	}	804	}
796		805