From 312b4b1422822c9900672bc9d1c64b6955ac6641 Mon Sep 17 00:00:00 2001 From: jsing Date: Fri, 24 Aug 2018 17:30:32 +0000 Subject: [PATCH] Clean up handshake message start/finish functions. Now that all handshake messages are created using CBB, remove the non-CBB ssl3_handshake_msg_start()/ssl3_handshake_msg_finish() functions. Rename the CBB variants by dropping the _cbb suffix. ok bcook@ inoguchi@ tb@ --- lib/libssl/d1_srvr.c | 6 +++--- lib/libssl/s3_lib.c | 42 +++--------------------------------------- lib/libssl/ssl_both.c | 6 +++--- lib/libssl/ssl_clnt.c | 18 +++++++++--------- lib/libssl/ssl_locl.h | 8 +++----- lib/libssl/ssl_srvr.c | 34 +++++++++++++++++----------------- 6 files changed, 38 insertions(+), 76 deletions(-) diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index 3de0a72f27a..42175197834 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.92 2018/04/07 17:02:34 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.93 2018/08/24 17:30:32 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -185,7 +185,7 @@ dtls1_send_hello_verify_request(SSL *s) return 0; } - if (!ssl3_handshake_msg_start_cbb(s, &cbb, &verify, + if (!ssl3_handshake_msg_start(s, &cbb, &verify, DTLS1_MT_HELLO_VERIFY_REQUEST)) goto err; if (!CBB_add_u16(&verify, s->version)) @@ -194,7 +194,7 @@ dtls1_send_hello_verify_request(SSL *s) goto err; if (!CBB_add_bytes(&cookie, D1I(s)->cookie, D1I(s)->cookie_len)) goto err; - if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) + if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index b3162ff657e..1d8eff9fb6f 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.167 2018/06/02 16:29:01 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.168 2018/08/24 17:30:32 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1397,44 +1397,8 @@ ssl3_handshake_msg_hdr_len(SSL *s) SSL3_HM_HEADER_LENGTH); } -unsigned char * -ssl3_handshake_msg_start(SSL *s, uint8_t msg_type) -{ - unsigned char *d, *p; - - d = p = (unsigned char *)s->internal->init_buf->data; - - /* Handshake message type and length. */ - *(p++) = msg_type; - l2n3(0, p); - - return (d + ssl3_handshake_msg_hdr_len(s)); -} - -void -ssl3_handshake_msg_finish(SSL *s, unsigned int len) -{ - unsigned char *p; - uint8_t msg_type; - - p = (unsigned char *)s->internal->init_buf->data; - - /* Handshake message length. */ - msg_type = *(p++); - l2n3(len, p); - - s->internal->init_num = ssl3_handshake_msg_hdr_len(s) + (int)len; - s->internal->init_off = 0; - - if (SSL_IS_DTLS(s)) { - dtls1_set_message_header(s, msg_type, len, 0, len); - dtls1_buffer_message(s, 0); - } -} - int -ssl3_handshake_msg_start_cbb(SSL *s, CBB *handshake, CBB *body, - uint8_t msg_type) +ssl3_handshake_msg_start(SSL *s, CBB *handshake, CBB *body, uint8_t msg_type) { int ret = 0; @@ -1459,7 +1423,7 @@ ssl3_handshake_msg_start_cbb(SSL *s, CBB *handshake, CBB *body, } int -ssl3_handshake_msg_finish_cbb(SSL *s, CBB *handshake) +ssl3_handshake_msg_finish(SSL *s, CBB *handshake) { unsigned char *data = NULL; size_t outlen; diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c index 03f95977f75..788505e6027 100644 --- a/lib/libssl/ssl_both.c +++ b/lib/libssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.11 2017/10/08 16:24:02 jsing Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.12 2018/08/24 17:30:32 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -191,12 +191,12 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) S3I(s)->previous_server_finished_len = md_len; } - if (!ssl3_handshake_msg_start_cbb(s, &cbb, &finished, + if (!ssl3_handshake_msg_start(s, &cbb, &finished, SSL3_MT_FINISHED)) goto err; if (!CBB_add_bytes(&finished, S3I(s)->tmp.finish_md, md_len)) goto err; - if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) + if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; S3I(s)->hs.state = b; diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index b026aaaee2e..cf055d3ee1d 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.32 2018/08/19 15:38:03 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.33 2018/08/24 17:30:32 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -683,7 +683,7 @@ ssl3_send_client_hello(SSL *s) if (!SSL_IS_DTLS(s) || D1I(s)->send_cookie == 0) arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); - if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_hello, + if (!ssl3_handshake_msg_start(s, &cbb, &client_hello, SSL3_MT_CLIENT_HELLO)) goto err; @@ -775,7 +775,7 @@ ssl3_send_client_hello(SSL *s) goto err; } - if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) + if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_B; @@ -2321,7 +2321,7 @@ ssl3_send_client_key_exchange(SSL *s) goto err; } - if (!ssl3_handshake_msg_start_cbb(s, &cbb, &kex, + if (!ssl3_handshake_msg_start(s, &cbb, &kex, SSL3_MT_CLIENT_KEY_EXCHANGE)) goto err; @@ -2344,7 +2344,7 @@ ssl3_send_client_key_exchange(SSL *s) goto err; } - if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) + if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_B; @@ -2378,7 +2378,7 @@ ssl3_send_client_verify(SSL *s) memset(&cbb, 0, sizeof(cbb)); if (S3I(s)->hs.state == SSL3_ST_CW_CERT_VRFY_A) { - if (!ssl3_handshake_msg_start_cbb(s, &cbb, &cert_verify, + if (!ssl3_handshake_msg_start(s, &cbb, &cert_verify, SSL3_MT_CERTIFICATE_VERIFY)) goto err; @@ -2489,7 +2489,7 @@ ssl3_send_client_verify(SSL *s) if (!CBB_add_bytes(&cbb_signature, signature, signature_len)) goto err; - if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) + if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_B; @@ -2561,13 +2561,13 @@ ssl3_send_client_certificate(SSL *s) } if (S3I(s)->hs.state == SSL3_ST_CW_CERT_C) { - if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert, + if (!ssl3_handshake_msg_start(s, &cbb, &client_cert, SSL3_MT_CERTIFICATE)) goto err; if (!ssl3_output_cert_chain(s, &client_cert, (S3I(s)->tmp.cert_req == 2) ? NULL : s->cert->key->x509)) goto err; - if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) + if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; S3I(s)->hs.state = SSL3_ST_CW_CERT_D; diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 8e85f100aa0..e5423859afc 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.207 2018/08/19 15:38:03 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.208 2018/08/24 17:30:32 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1137,11 +1137,9 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void)); int ssl3_pending(const SSL *s); int ssl3_handshake_msg_hdr_len(SSL *s); -unsigned char *ssl3_handshake_msg_start(SSL *s, uint8_t htype); -void ssl3_handshake_msg_finish(SSL *s, unsigned int len); -int ssl3_handshake_msg_start_cbb(SSL *s, CBB *handshake, CBB *body, +int ssl3_handshake_msg_start(SSL *s, CBB *handshake, CBB *body, uint8_t msg_type); -int ssl3_handshake_msg_finish_cbb(SSL *s, CBB *handshake); +int ssl3_handshake_msg_finish(SSL *s, CBB *handshake); int ssl3_handshake_write(SSL *s); int ssl3_record_write(SSL *s, int type); diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 3cf6d9a3cb9..745fd6d83ad 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.42 2018/08/22 17:46:29 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.43 2018/08/24 17:30:32 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -784,10 +784,10 @@ ssl3_send_hello_request(SSL *s) memset(&cbb, 0, sizeof(cbb)); if (S3I(s)->hs.state == SSL3_ST_SW_HELLO_REQ_A) { - if (!ssl3_handshake_msg_start_cbb(s, &cbb, &hello, + if (!ssl3_handshake_msg_start(s, &cbb, &hello, SSL3_MT_HELLO_REQUEST)) goto err; - if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) + if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_B; @@ -1175,7 +1175,7 @@ ssl3_send_server_hello(SSL *s) memset(&cbb, 0, sizeof(cbb)); if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { - if (!ssl3_handshake_msg_start_cbb(s, &cbb, &server_hello, + if (!ssl3_handshake_msg_start(s, &cbb, &server_hello, SSL3_MT_SERVER_HELLO)) goto err; @@ -1232,7 +1232,7 @@ ssl3_send_server_hello(SSL *s) goto err; } - if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) + if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; } @@ -1253,10 +1253,10 @@ ssl3_send_server_done(SSL *s) memset(&cbb, 0, sizeof(cbb)); if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_DONE_A) { - if (!ssl3_handshake_msg_start_cbb(s, &cbb, &done, + if (!ssl3_handshake_msg_start(s, &cbb, &done, SSL3_MT_SERVER_DONE)) goto err; - if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) + if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_B; @@ -1519,7 +1519,7 @@ ssl3_send_server_key_exchange(SSL *s) if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) { - if (!ssl3_handshake_msg_start_cbb(s, &cbb, &server_kex, + if (!ssl3_handshake_msg_start(s, &cbb, &server_kex, SSL3_MT_SERVER_KEY_EXCHANGE)) goto err; @@ -1600,7 +1600,7 @@ ssl3_send_server_key_exchange(SSL *s) goto err; } - if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) + if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B; @@ -1639,7 +1639,7 @@ ssl3_send_certificate_request(SSL *s) memset(&cbb, 0, sizeof(cbb)); if (S3I(s)->hs.state == SSL3_ST_SW_CERT_REQ_A) { - if (!ssl3_handshake_msg_start_cbb(s, &cbb, &cert_request, + if (!ssl3_handshake_msg_start(s, &cbb, &cert_request, SSL3_MT_CERTIFICATE_REQUEST)) goto err; @@ -1679,7 +1679,7 @@ ssl3_send_certificate_request(SSL *s) goto err; } - if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) + if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_B; @@ -2502,12 +2502,12 @@ ssl3_send_server_certificate(SSL *s) return (0); } - if (!ssl3_handshake_msg_start_cbb(s, &cbb, &server_cert, + if (!ssl3_handshake_msg_start(s, &cbb, &server_cert, SSL3_MT_CERTIFICATE)) goto err; if (!ssl3_output_cert_chain(s, &server_cert, x)) goto err; - if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) + if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; S3I(s)->hs.state = SSL3_ST_SW_CERT_B; @@ -2548,7 +2548,7 @@ ssl3_send_newsession_ticket(SSL *s) memset(&cbb, 0, sizeof(cbb)); if (S3I(s)->hs.state == SSL3_ST_SW_SESSION_TICKET_A) { - if (!ssl3_handshake_msg_start_cbb(s, &cbb, &session_ticket, + if (!ssl3_handshake_msg_start(s, &cbb, &session_ticket, SSL3_MT_NEWSESSION_TICKET)) goto err; @@ -2657,7 +2657,7 @@ ssl3_send_newsession_ticket(SSL *s) if (!HMAC_Final(&hctx, hmac, &hlen)) goto err; - if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) + if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_B; @@ -2689,7 +2689,7 @@ ssl3_send_cert_status(SSL *s) memset(&cbb, 0, sizeof(cbb)); if (S3I(s)->hs.state == SSL3_ST_SW_CERT_STATUS_A) { - if (!ssl3_handshake_msg_start_cbb(s, &cbb, &certstatus, + if (!ssl3_handshake_msg_start(s, &cbb, &certstatus, SSL3_MT_CERTIFICATE_STATUS)) goto err; if (!CBB_add_u8(&certstatus, s->tlsext_status_type)) @@ -2699,7 +2699,7 @@ ssl3_send_cert_status(SSL *s) if (!CBB_add_bytes(&ocspresp, s->internal->tlsext_ocsp_resp, s->internal->tlsext_ocsp_resplen)) goto err; - if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) + if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_B; -- 2.20.1