From 21ff89ebbb4bdd4d2a5dee38cb8d4960c200234c Mon Sep 17 00:00:00 2001 From: jsing <> Date: Tue, 6 Dec 2016 13:17:52 +0000 Subject: Convert certificate handshake message generation to CBB, with some clean up and restructure. This also adds CBB based variants of the ssl3_handshake_msg_{start,finish} functions - for the time being these use a CBB to build the messages, then copy back into the init_buf. ok doug@ --- src/lib/libssl/s3_clnt.c | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) (limited to 'src/lib/libssl/s3_clnt.c') diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index f39ae7fab3..772bb703dd 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.149 2016/12/04 14:32:30 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.150 2016/12/06 13:17:52 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2433,10 +2433,12 @@ err: int ssl3_send_client_certificate(SSL *s) { - X509 *x509 = NULL; - EVP_PKEY *pkey = NULL; - int i; - unsigned long l; + EVP_PKEY *pkey = NULL; + X509 *x509 = NULL; + CBB cbb, client_cert; + int i; + + memset(&cbb, 0, sizeof(cbb)); if (s->state == SSL3_ST_CW_CERT_A) { if ((s->cert == NULL) || (s->cert->key->x509 == NULL) || @@ -2480,14 +2482,25 @@ ssl3_send_client_certificate(SSL *s) } if (s->state == SSL3_ST_CW_CERT_C) { + if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert, + SSL3_MT_CERTIFICATE)) + goto err; + if (!ssl3_output_cert_chain(s, &client_cert, + (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509)) + goto err; + if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) + goto err; + s->state = SSL3_ST_CW_CERT_D; - l = ssl3_output_cert_chain(s, - (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509); - s->init_num = (int)l; - s->init_off = 0; } + /* SSL3_ST_CW_CERT_D */ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); + + err: + CBB_cleanup(&cbb); + + return (0); } #define has_bits(i,m) (((i)&(m)) == (m)) -- cgit v1.2.3-55-g6feb