Convert all of the straight forward client handshake handling code to use

the new handshake functions.

ok miod@

diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c
index 490e284..3687f59 100644 (file)
--- a/lib/libssl/d1_clnt.c
+++ b/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.40 2014/12/10 15:43:31 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.41 2014/12/14 16:19:38 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -759,14 +759,12 @@ end:
 int
 dtls1_client_hello(SSL *s)
 {
-       unsigned char *buf;
-       unsigned char *p, *d;
+       unsigned char *bufend, *d, *p;
        unsigned int i;
-       unsigned long l;
 
-       buf = (unsigned char *)s->init_buf->data;
        if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
                SSL_SESSION *sess = s->session;
+
                if ((s->session == NULL) ||
                    (s->session->ssl_version != s->version) ||
                    (!sess->session_id_length && !sess->tlsext_tick) ||
@@ -785,8 +783,7 @@ dtls1_client_hello(SSL *s)
                if (i == sizeof(s->s3->client_random))
                        arc4random_buf(p, sizeof(s->s3->client_random));
 
-               /* Do the message type and length last */
-               d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
+               d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
 
                *(p++) = s->version >> 8;
                *(p++) = s->version&0xff;
@@ -835,29 +832,20 @@ dtls1_client_hello(SSL *s)
                *(p++) = 1;
                *(p++) = 0; /* Add the NULL method */
 
-               if ((p = ssl_add_clienthello_tlsext(s, p,
-                   buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
+               bufend = (unsigned char *)s->init_buf->data +
+                   SSL3_RT_MAX_PLAIN_LENGTH;
+               if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
                        SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
                        goto err;
                }
 
-               l = (p - d);
-               d = buf;
-
-               d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO,
-                   l, 0, l);
+               ssl3_handshake_msg_finish(s, p - d);
 
                s->state = SSL3_ST_CW_CLNT_HELLO_B;
-               /* number of bytes to write */
-               s->init_num = p - buf;
-               s->init_off = 0;
-
-               /* buffer the message to handle re-xmits */
-               dtls1_buffer_message(s, 0);
        }
 
        /* SSL3_ST_CW_CLNT_HELLO_B */
-       return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+       return (ssl3_handshake_write(s));
 err:
        return (-1);
 }
@@ -919,10 +907,9 @@ f_err:
 int
 dtls1_send_client_key_exchange(SSL *s)
 {
-       unsigned char *p, *d;
+       unsigned char *p, *q;
        int n;
        unsigned long alg_k;
-       unsigned char *q;
        EVP_PKEY *pkey = NULL;
        EC_KEY *clnt_ecdh = NULL;
        const EC_POINT *srvr_ecpoint = NULL;
@@ -932,8 +919,7 @@ dtls1_send_client_key_exchange(SSL *s)
        BN_CTX * bn_ctx = NULL;
 
        if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
-               d = (unsigned char *)s->init_buf->data;
-               p = &(d[DTLS1_HM_HEADER_LENGTH]);
+               p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE);
 
                alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 
@@ -1217,26 +1203,13 @@ dtls1_send_client_key_exchange(SSL *s)
                        goto err;
                }
 
-               d = dtls1_set_message_header(s, d,
-                   SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
-               /*
-                *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
-                l2n3(n,d);
-                l2n(s->d1->handshake_write_seq,d);
-                s->d1->handshake_write_seq++;
-               */
+               ssl3_handshake_msg_finish(s, n);
 
                s->state = SSL3_ST_CW_KEY_EXCH_B;
-               /* number of bytes to write */
-               s->init_num = n + DTLS1_HM_HEADER_LENGTH;
-               s->init_off = 0;
-
-               /* buffer the message to handle re-xmits */
-               dtls1_buffer_message(s, 0);
        }
 
        /* SSL3_ST_CW_KEY_EXCH_B */
-       return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+       return (ssl3_handshake_write(s));
 
 err:
        BN_CTX_free(bn_ctx);
@@ -1249,7 +1222,7 @@ err:
 int
 dtls1_send_client_verify(SSL *s)
 {
-       unsigned char *p, *d;
+       unsigned char *p;
        unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
        EVP_PKEY *pkey;
        unsigned u = 0;
@@ -1257,8 +1230,8 @@ dtls1_send_client_verify(SSL *s)
        int j;
 
        if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
-               d = (unsigned char *)s->init_buf->data;
-               p = &(d[DTLS1_HM_HEADER_LENGTH]);
+               p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
+
                pkey = s->cert->key->privatekey;
 
                s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
@@ -1304,20 +1277,14 @@ dtls1_send_client_verify(SSL *s)
                        goto err;
                }
 
-               d = dtls1_set_message_header(s, d,
-                   SSL3_MT_CERTIFICATE_VERIFY, n, 0, n);
-
-               s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH;
-               s->init_off = 0;
-
-               /* buffer the message to handle re-xmits */
-               dtls1_buffer_message(s, 0);
+               ssl3_handshake_msg_finish(s, n);
 
                s->state = SSL3_ST_CW_CERT_VRFY_B;
        }
 
        /* s->state = SSL3_ST_CW_CERT_VRFY_B */
-       return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+       return (ssl3_handshake_write(s));
+
 err:
        return (-1);
 }

diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index 8e7c19f..47b6824 100644 (file)
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.101 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.102 2014/12/14 16:19:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -642,14 +642,12 @@ end:
 int
 ssl3_client_hello(SSL *s)
 {
-       unsigned char   *buf;
-       unsigned char   *p, *d;
+       unsigned char   *bufend, *p, *d;
        int              i;
-       unsigned long    l;
 
-       buf = (unsigned char *)s->init_buf->data;
        if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
                SSL_SESSION *sess = s->session;
+
                if ((sess == NULL) ||
                    (sess->ssl_version != s->version) ||
                    (!sess->session_id_length && !sess->tlsext_tick) ||
@@ -661,8 +659,7 @@ ssl3_client_hello(SSL *s)
 
                arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
 
-               /* Do the message type and length last */
-               d = p = &buf[4];
+               d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
 
                /*
                 * Version indicates the negotiated version: for example from
@@ -747,26 +744,22 @@ ssl3_client_hello(SSL *s)
                            SSL_R_CLIENTHELLO_TLSEXT);
                        goto err;
                }
-               if ((p = ssl_add_clienthello_tlsext(s, p,
-                   buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
+               bufend = (unsigned char *)s->init_buf->data +
+                   SSL3_RT_MAX_PLAIN_LENGTH;
+               if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
                        SSLerr(SSL_F_SSL3_CLIENT_HELLO,
                            ERR_R_INTERNAL_ERROR);
                        goto err;
                }
 
-               l = (p - d);
-               d = buf;
-               *(d++) = SSL3_MT_CLIENT_HELLO;
-               l2n3(l, d);
-
                s->state = SSL3_ST_CW_CLNT_HELLO_B;
-               /* number of bytes to write */
-               s->init_num = p - buf;
-               s->init_off = 0;
+
+               ssl3_handshake_msg_finish(s, p - d);
        }
 
        /* SSL3_ST_CW_CLNT_HELLO_B */
-       return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+       return (ssl3_handshake_write(s));
+
 err:
        return (-1);
 }
@@ -1884,10 +1877,9 @@ ssl3_get_server_done(SSL *s)
 int
 ssl3_send_client_key_exchange(SSL *s)
 {
-       unsigned char   *p, *d;
+       unsigned char   *p, *q;
        int              n;
        unsigned long    alg_k;
-       unsigned char   *q;
        EVP_PKEY        *pkey = NULL;
        EC_KEY          *clnt_ecdh = NULL;
        const EC_POINT  *srvr_ecpoint = NULL;
@@ -1897,8 +1889,7 @@ ssl3_send_client_key_exchange(SSL *s)
        BN_CTX          *bn_ctx = NULL;
 
        if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
-               d = (unsigned char *)s->init_buf->data;
-               p = &(d[4]);
+               p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE);
 
                alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 
@@ -1999,7 +1990,8 @@ ssl3_send_client_key_exchange(SSL *s)
                        /* Generate master key from the result. */
                        s->session->master_key_length =
                        s->method->ssl3_enc->generate_master_secret(s,
-                       s->session->master_key, p, n);
+                           s->session->master_key, p, n);
+
                        /* Clean up. */
                        memset(p, 0, n);
 
@@ -2299,26 +2291,21 @@ ssl3_send_client_key_exchange(SSL *s)
                            s->session->master_key, premaster_secret, 32);
                        EVP_PKEY_free(pub_key);
 
-               }
-               else {
+               } else {
                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                       SSL_AD_HANDSHAKE_FAILURE);
+                           SSL_AD_HANDSHAKE_FAILURE);
                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
                        ERR_R_INTERNAL_ERROR);
                        goto err;
                }
 
-               *(d++) = SSL3_MT_CLIENT_KEY_EXCHANGE;
-               l2n3(n, d);
-
                s->state = SSL3_ST_CW_KEY_EXCH_B;
-               /* number of bytes to write */
-               s->init_num = n + 4;
-               s->init_off = 0;
+
+               ssl3_handshake_msg_finish(s, n);
        }
 
        /* SSL3_ST_CW_KEY_EXCH_B */
-       return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+       return (ssl3_handshake_write(s));
 
 err:
        BN_CTX_free(bn_ctx);
@@ -2331,7 +2318,7 @@ err:
 int
 ssl3_send_client_verify(SSL *s)
 {
-       unsigned char   *p, *d;
+       unsigned char   *p;
        unsigned char    data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
        EVP_PKEY        *pkey;
        EVP_PKEY_CTX    *pctx = NULL;
@@ -2343,13 +2330,13 @@ ssl3_send_client_verify(SSL *s)
        EVP_MD_CTX_init(&mctx);
 
        if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
-               d = (unsigned char *)s->init_buf->data;
-               p = &(d[4]);
-               pkey = s->cert->key->privatekey;
+               p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
+
                /*
                 * Create context from key and test if sha1 is allowed as
                 * digest.
                 */
+               pkey = s->cert->key->privatekey;
                pctx = EVP_PKEY_CTX_new(pkey, NULL);
                EVP_PKEY_sign_init(pctx);
                if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
@@ -2468,16 +2455,17 @@ ssl3_send_client_verify(SSL *s)
                            ERR_R_INTERNAL_ERROR);
                        goto err;
                }
-               *(d++) = SSL3_MT_CERTIFICATE_VERIFY;
-               l2n3(n, d);
 
                s->state = SSL3_ST_CW_CERT_VRFY_B;
-               s->init_num = (int)n + 4;
-               s->init_off = 0;
+
+               ssl3_handshake_msg_finish(s, n);
        }
+
        EVP_MD_CTX_cleanup(&mctx);
        EVP_PKEY_CTX_free(pctx);
-       return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+
+       return (ssl3_handshake_write(s));
+
 err:
        EVP_MD_CTX_cleanup(&mctx);
        EVP_PKEY_CTX_free(pctx);
@@ -2632,24 +2620,26 @@ int
 ssl3_send_next_proto(SSL *s)
 {
        unsigned int     len, padding_len;
-       unsigned char   *d;
+       unsigned char   *d, *p;
 
        if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {
+               d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEXT_PROTO);
+
                len = s->next_proto_negotiated_len;
                padding_len = 32 - ((len + 2) % 32);
-               d = (unsigned char *)s->init_buf->data;
-               d[4] = len;
-               memcpy(d + 5, s->next_proto_negotiated, len);
-               d[5 + len] = padding_len;
-               memset(d + 6 + len, 0, padding_len);
-               *(d++) = SSL3_MT_NEXT_PROTO;
-               l2n3(2 + len + padding_len, d);
+               *(p++) = len;
+               memcpy(p, s->next_proto_negotiated, len);
+               p += len;
+               *(p++) = padding_len;
+               memset(p, 0, padding_len);
+               p += padding_len;
+
+               ssl3_handshake_msg_finish(s, p - d);
+
                s->state = SSL3_ST_CW_NEXT_PROTO_B;
-               s->init_num = 4 + 2 + len + padding_len;
-               s->init_off = 0;
        }
 
-       return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+       return (ssl3_handshake_write(s));
 }
 
 /*

diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c
index 490e284..3687f59 100644 (file)
--- a/lib/libssl/src/ssl/d1_clnt.c
+++ b/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.40 2014/12/10 15:43:31 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.41 2014/12/14 16:19:38 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -759,14 +759,12 @@ end:
 int
 dtls1_client_hello(SSL *s)
 {
-       unsigned char *buf;
-       unsigned char *p, *d;
+       unsigned char *bufend, *d, *p;
        unsigned int i;
-       unsigned long l;
 
-       buf = (unsigned char *)s->init_buf->data;
        if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
                SSL_SESSION *sess = s->session;
+
                if ((s->session == NULL) ||
                    (s->session->ssl_version != s->version) ||
                    (!sess->session_id_length && !sess->tlsext_tick) ||
@@ -785,8 +783,7 @@ dtls1_client_hello(SSL *s)
                if (i == sizeof(s->s3->client_random))
                        arc4random_buf(p, sizeof(s->s3->client_random));
 
-               /* Do the message type and length last */
-               d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
+               d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
 
                *(p++) = s->version >> 8;
                *(p++) = s->version&0xff;
@@ -835,29 +832,20 @@ dtls1_client_hello(SSL *s)
                *(p++) = 1;
                *(p++) = 0; /* Add the NULL method */
 
-               if ((p = ssl_add_clienthello_tlsext(s, p,
-                   buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
+               bufend = (unsigned char *)s->init_buf->data +
+                   SSL3_RT_MAX_PLAIN_LENGTH;
+               if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
                        SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
                        goto err;
                }
 
-               l = (p - d);
-               d = buf;
-
-               d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO,
-                   l, 0, l);
+               ssl3_handshake_msg_finish(s, p - d);
 
                s->state = SSL3_ST_CW_CLNT_HELLO_B;
-               /* number of bytes to write */
-               s->init_num = p - buf;
-               s->init_off = 0;
-
-               /* buffer the message to handle re-xmits */
-               dtls1_buffer_message(s, 0);
        }
 
        /* SSL3_ST_CW_CLNT_HELLO_B */
-       return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+       return (ssl3_handshake_write(s));
 err:
        return (-1);
 }
@@ -919,10 +907,9 @@ f_err:
 int
 dtls1_send_client_key_exchange(SSL *s)
 {
-       unsigned char *p, *d;
+       unsigned char *p, *q;
        int n;
        unsigned long alg_k;
-       unsigned char *q;
        EVP_PKEY *pkey = NULL;
        EC_KEY *clnt_ecdh = NULL;
        const EC_POINT *srvr_ecpoint = NULL;
@@ -932,8 +919,7 @@ dtls1_send_client_key_exchange(SSL *s)
        BN_CTX * bn_ctx = NULL;
 
        if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
-               d = (unsigned char *)s->init_buf->data;
-               p = &(d[DTLS1_HM_HEADER_LENGTH]);
+               p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE);
 
                alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 
@@ -1217,26 +1203,13 @@ dtls1_send_client_key_exchange(SSL *s)
                        goto err;
                }
 
-               d = dtls1_set_message_header(s, d,
-                   SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
-               /*
-                *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
-                l2n3(n,d);
-                l2n(s->d1->handshake_write_seq,d);
-                s->d1->handshake_write_seq++;
-               */
+               ssl3_handshake_msg_finish(s, n);
 
                s->state = SSL3_ST_CW_KEY_EXCH_B;
-               /* number of bytes to write */
-               s->init_num = n + DTLS1_HM_HEADER_LENGTH;
-               s->init_off = 0;
-
-               /* buffer the message to handle re-xmits */
-               dtls1_buffer_message(s, 0);
        }
 
        /* SSL3_ST_CW_KEY_EXCH_B */
-       return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+       return (ssl3_handshake_write(s));
 
 err:
        BN_CTX_free(bn_ctx);
@@ -1249,7 +1222,7 @@ err:
 int
 dtls1_send_client_verify(SSL *s)
 {
-       unsigned char *p, *d;
+       unsigned char *p;
        unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
        EVP_PKEY *pkey;
        unsigned u = 0;
@@ -1257,8 +1230,8 @@ dtls1_send_client_verify(SSL *s)
        int j;
 
        if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
-               d = (unsigned char *)s->init_buf->data;
-               p = &(d[DTLS1_HM_HEADER_LENGTH]);
+               p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
+
                pkey = s->cert->key->privatekey;
 
                s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
@@ -1304,20 +1277,14 @@ dtls1_send_client_verify(SSL *s)
                        goto err;
                }
 
-               d = dtls1_set_message_header(s, d,
-                   SSL3_MT_CERTIFICATE_VERIFY, n, 0, n);
-
-               s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH;
-               s->init_off = 0;
-
-               /* buffer the message to handle re-xmits */
-               dtls1_buffer_message(s, 0);
+               ssl3_handshake_msg_finish(s, n);
 
                s->state = SSL3_ST_CW_CERT_VRFY_B;
        }
 
        /* s->state = SSL3_ST_CW_CERT_VRFY_B */
-       return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+       return (ssl3_handshake_write(s));
+
 err:
        return (-1);
 }

diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c
index 8e7c19f..47b6824 100644 (file)
--- a/lib/libssl/src/ssl/s3_clnt.c
+++ b/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.101 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.102 2014/12/14 16:19:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -642,14 +642,12 @@ end:
 int
 ssl3_client_hello(SSL *s)
 {
-       unsigned char   *buf;
-       unsigned char   *p, *d;
+       unsigned char   *bufend, *p, *d;
        int              i;
-       unsigned long    l;
 
-       buf = (unsigned char *)s->init_buf->data;
        if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
                SSL_SESSION *sess = s->session;
+
                if ((sess == NULL) ||
                    (sess->ssl_version != s->version) ||
                    (!sess->session_id_length && !sess->tlsext_tick) ||
@@ -661,8 +659,7 @@ ssl3_client_hello(SSL *s)
 
                arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
 
-               /* Do the message type and length last */
-               d = p = &buf[4];
+               d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
 
                /*
                 * Version indicates the negotiated version: for example from
@@ -747,26 +744,22 @@ ssl3_client_hello(SSL *s)
                            SSL_R_CLIENTHELLO_TLSEXT);
                        goto err;
                }
-               if ((p = ssl_add_clienthello_tlsext(s, p,
-                   buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
+               bufend = (unsigned char *)s->init_buf->data +
+                   SSL3_RT_MAX_PLAIN_LENGTH;
+               if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
                        SSLerr(SSL_F_SSL3_CLIENT_HELLO,
                            ERR_R_INTERNAL_ERROR);
                        goto err;
                }
 
-               l = (p - d);
-               d = buf;
-               *(d++) = SSL3_MT_CLIENT_HELLO;
-               l2n3(l, d);
-
                s->state = SSL3_ST_CW_CLNT_HELLO_B;
-               /* number of bytes to write */
-               s->init_num = p - buf;
-               s->init_off = 0;
+
+               ssl3_handshake_msg_finish(s, p - d);
        }
 
        /* SSL3_ST_CW_CLNT_HELLO_B */
-       return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+       return (ssl3_handshake_write(s));
+
 err:
        return (-1);
 }
@@ -1884,10 +1877,9 @@ ssl3_get_server_done(SSL *s)
 int
 ssl3_send_client_key_exchange(SSL *s)
 {
-       unsigned char   *p, *d;
+       unsigned char   *p, *q;
        int              n;
        unsigned long    alg_k;
-       unsigned char   *q;
        EVP_PKEY        *pkey = NULL;
        EC_KEY          *clnt_ecdh = NULL;
        const EC_POINT  *srvr_ecpoint = NULL;
@@ -1897,8 +1889,7 @@ ssl3_send_client_key_exchange(SSL *s)
        BN_CTX          *bn_ctx = NULL;
 
        if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
-               d = (unsigned char *)s->init_buf->data;
-               p = &(d[4]);
+               p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE);
 
                alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 
@@ -1999,7 +1990,8 @@ ssl3_send_client_key_exchange(SSL *s)
                        /* Generate master key from the result. */
                        s->session->master_key_length =
                        s->method->ssl3_enc->generate_master_secret(s,
-                       s->session->master_key, p, n);
+                           s->session->master_key, p, n);
+
                        /* Clean up. */
                        memset(p, 0, n);
 
@@ -2299,26 +2291,21 @@ ssl3_send_client_key_exchange(SSL *s)
                            s->session->master_key, premaster_secret, 32);
                        EVP_PKEY_free(pub_key);
 
-               }
-               else {
+               } else {
                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                       SSL_AD_HANDSHAKE_FAILURE);
+                           SSL_AD_HANDSHAKE_FAILURE);
                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
                        ERR_R_INTERNAL_ERROR);
                        goto err;
                }
 
-               *(d++) = SSL3_MT_CLIENT_KEY_EXCHANGE;
-               l2n3(n, d);
-
                s->state = SSL3_ST_CW_KEY_EXCH_B;
-               /* number of bytes to write */
-               s->init_num = n + 4;
-               s->init_off = 0;
+
+               ssl3_handshake_msg_finish(s, n);
        }
 
        /* SSL3_ST_CW_KEY_EXCH_B */
-       return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+       return (ssl3_handshake_write(s));
 
 err:
        BN_CTX_free(bn_ctx);
@@ -2331,7 +2318,7 @@ err:
 int
 ssl3_send_client_verify(SSL *s)
 {
-       unsigned char   *p, *d;
+       unsigned char   *p;
        unsigned char    data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
        EVP_PKEY        *pkey;
        EVP_PKEY_CTX    *pctx = NULL;
@@ -2343,13 +2330,13 @@ ssl3_send_client_verify(SSL *s)
        EVP_MD_CTX_init(&mctx);
 
        if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
-               d = (unsigned char *)s->init_buf->data;
-               p = &(d[4]);
-               pkey = s->cert->key->privatekey;
+               p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
+
                /*
                 * Create context from key and test if sha1 is allowed as
                 * digest.
                 */
+               pkey = s->cert->key->privatekey;
                pctx = EVP_PKEY_CTX_new(pkey, NULL);
                EVP_PKEY_sign_init(pctx);
                if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
@@ -2468,16 +2455,17 @@ ssl3_send_client_verify(SSL *s)
                            ERR_R_INTERNAL_ERROR);
                        goto err;
                }
-               *(d++) = SSL3_MT_CERTIFICATE_VERIFY;
-               l2n3(n, d);
 
                s->state = SSL3_ST_CW_CERT_VRFY_B;
-               s->init_num = (int)n + 4;
-               s->init_off = 0;
+
+               ssl3_handshake_msg_finish(s, n);
        }
+
        EVP_MD_CTX_cleanup(&mctx);
        EVP_PKEY_CTX_free(pctx);
-       return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+
+       return (ssl3_handshake_write(s));
+
 err:
        EVP_MD_CTX_cleanup(&mctx);
        EVP_PKEY_CTX_free(pctx);
@@ -2632,24 +2620,26 @@ int
 ssl3_send_next_proto(SSL *s)
 {
        unsigned int     len, padding_len;
-       unsigned char   *d;
+       unsigned char   *d, *p;
 
        if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {
+               d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEXT_PROTO);
+
                len = s->next_proto_negotiated_len;
                padding_len = 32 - ((len + 2) % 32);
-               d = (unsigned char *)s->init_buf->data;
-               d[4] = len;
-               memcpy(d + 5, s->next_proto_negotiated, len);
-               d[5 + len] = padding_len;
-               memset(d + 6 + len, 0, padding_len);
-               *(d++) = SSL3_MT_NEXT_PROTO;
-               l2n3(2 + len + padding_len, d);
+               *(p++) = len;
+               memcpy(p, s->next_proto_negotiated, len);
+               p += len;
+               *(p++) = padding_len;
+               memset(p, 0, padding_len);
+               p += padding_len;
+
+               ssl3_handshake_msg_finish(s, p - d);
+
                s->state = SSL3_ST_CW_NEXT_PROTO_B;
-               s->init_num = 4 + 2 + len + padding_len;
-               s->init_off = 0;
        }
 
-       return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+       return (ssl3_handshake_write(s));
 }
 
 /*

diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h
index 20ccaf1..97e32de 100644 (file)
--- a/lib/libssl/src/ssl/ssl_locl.h
+++ b/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.82 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.83 2014/12/14 16:19:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -653,6 +653,10 @@ long       ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
 long   ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
 int    ssl3_pending(const SSL *s);
 
+unsigned char *ssl3_handshake_msg_start(SSL *s, uint8_t htype);
+void ssl3_handshake_msg_finish(SSL *s, unsigned int len);
+int ssl3_handshake_write(SSL *s);
+
 void ssl3_record_sequence_increment(unsigned char *seq);
 int ssl3_do_change_cipher_spec(SSL *ssl);
 long ssl3_default_timeout(void);

diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 20ccaf1..97e32de 100644 (file)
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.82 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.83 2014/12/14 16:19:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -653,6 +653,10 @@ long       ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
 long   ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
 int    ssl3_pending(const SSL *s);
 
+unsigned char *ssl3_handshake_msg_start(SSL *s, uint8_t htype);
+void ssl3_handshake_msg_finish(SSL *s, unsigned int len);
+int ssl3_handshake_write(SSL *s);
+
 void ssl3_record_sequence_increment(unsigned char *seq);
 int ssl3_do_change_cipher_spec(SSL *ssl);
 long ssl3_default_timeout(void);