[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Sun Oct 2 19:32:00 UTC 2016
The branch master has been updated
via a29fa98cebdb2904dcf844d1aea7d1be3b6b913a (commit)
via e2726ce64dc0762d9678fb10639b0f42d9abfc52 (commit)
via 42cde22f487773d6baba4374f1f2cf5793ce0606 (commit)
from bcaad8094ea07a0f895fc5ee84388bdbe25038fa (commit)
- Log -----------------------------------------------------------------
commit a29fa98cebdb2904dcf844d1aea7d1be3b6b913a
Author: Matt Caswell <matt at openssl.org>
Date: Thu Sep 29 22:40:15 2016 +0100
Rename ssl_set_handshake_header2()
ssl_set_handshake_header2() was only ever a temporary name while we had
to have ssl_set_handshake_header() for code that hadn't been converted to
WPACKET yet. No code remains that needed that so we can rename it.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit e2726ce64dc0762d9678fb10639b0f42d9abfc52
Author: Matt Caswell <matt at openssl.org>
Date: Thu Sep 29 22:32:36 2016 +0100
Remove ssl_set_handshake_header()
Remove the old ssl_set_handshake_header() implementations. Later we will
rename ssl_set_handshake_header2() to ssl_set_handshake_header().
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 42cde22f487773d6baba4374f1f2cf5793ce0606
Author: Matt Caswell <matt at openssl.org>
Date: Thu Sep 29 18:08:34 2016 +0100
Remove the tls12_get_sigandhash_old() function
This is no longer needed now that all messages use WPACKET
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/d1_lib.c | 16 ----------------
ssl/s3_lib.c | 20 +-------------------
ssl/ssl_locl.h | 17 +++++------------
ssl/statem/statem_clnt.c | 8 ++++----
ssl/statem/statem_dtls.c | 8 +-------
ssl/statem/statem_lib.c | 4 ++--
ssl/statem/statem_srvr.c | 23 +++++++++++------------
ssl/t1_lib.c | 26 --------------------------
8 files changed, 24 insertions(+), 98 deletions(-)
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index f34818b..112c699 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -22,7 +22,6 @@
#endif
static void get_current_time(struct timeval *t);
-static int dtls1_set_handshake_header(SSL *s, int type, unsigned long len);
static int dtls1_handshake_write(SSL *s);
static unsigned int dtls1_link_min_mtu(void);
@@ -44,7 +43,6 @@ const SSL3_ENC_METHOD DTLSv1_enc_data = {
SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV,
DTLS1_HM_HEADER_LENGTH,
dtls1_set_handshake_header,
- dtls1_set_handshake_header2,
dtls1_close_construct_packet,
dtls1_handshake_write
};
@@ -65,7 +63,6 @@ const SSL3_ENC_METHOD DTLSv1_2_enc_data = {
| SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS,
DTLS1_HM_HEADER_LENGTH,
dtls1_set_handshake_header,
- dtls1_set_handshake_header2,
dtls1_close_construct_packet,
dtls1_handshake_write
};
@@ -861,19 +858,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
}
#endif
-static int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)
-{
- dtls1_set_message_header(s, htype, len, 0, len);
- s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH;
- s->init_off = 0;
- /* Buffer the message to handle re-xmits */
-
- if (!dtls1_buffer_message(s, 0))
- return 0;
-
- return 1;
-}
-
static int dtls1_handshake_write(SSL *s)
{
return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index ea607a5..630c94d 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2751,7 +2751,6 @@ const SSL3_ENC_METHOD SSLv3_enc_data = {
0,
SSL3_HM_HEADER_LENGTH,
ssl3_set_handshake_header,
- ssl3_set_handshake_header2,
tls_close_construct_packet,
ssl3_handshake_write
};
@@ -2778,24 +2777,7 @@ const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
return (NULL);
}
-int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
-{
- unsigned char *p = (unsigned char *)s->init_buf->data;
- *(p++) = htype;
- l2n3(len, p);
- s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
- s->init_off = 0;
-
- return 1;
-}
-
-/*
- * Temporary name. To be renamed ssl3_set_handshake_header() once all WPACKET
- * conversion is complete. The old ssl3_set_handshake_heder() can be deleted
- * at that point.
- * TODO - RENAME ME
- */
-int ssl3_set_handshake_header2(SSL *s, WPACKET *pkt, int htype)
+int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
{
/* Set the content type and 3 bytes for the message len */
if (!WPACKET_put_bytes_u8(pkt, htype)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index a1b3e3d..eb29740 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1584,9 +1584,7 @@ typedef struct ssl3_enc_method {
/* Handshake header length */
unsigned int hhlen;
/* Set the handshake header */
- int (*set_handshake_header) (SSL *s, int type, unsigned long len);
- /* Set the handshake header */
- int (*set_handshake_header2) (SSL *s, WPACKET *pkt, int type);
+ int (*set_handshake_header) (SSL *s, WPACKET *pkt, int type);
/* Close construction of the handshake message */
int (*close_construct_packet) (SSL *s, WPACKET *pkt);
/* Write out handshake message */
@@ -1596,10 +1594,8 @@ typedef struct ssl3_enc_method {
# define SSL_HM_HEADER_LENGTH(s) s->method->ssl3_enc->hhlen
# define ssl_handshake_start(s) \
(((unsigned char *)s->init_buf->data) + s->method->ssl3_enc->hhlen)
-# define ssl_set_handshake_header(s, htype, len) \
- s->method->ssl3_enc->set_handshake_header(s, htype, len)
-# define ssl_set_handshake_header2(s, pkt, htype) \
- s->method->ssl3_enc->set_handshake_header2((s), (pkt), (htype))
+# define ssl_set_handshake_header(s, pkt, htype) \
+ s->method->ssl3_enc->set_handshake_header((s), (pkt), (htype))
# define ssl_close_construct_packet(s, pkt) \
s->method->ssl3_enc->close_construct_packet((s), (pkt))
# define ssl_do_write(s) s->method->ssl3_enc->do_write(s)
@@ -1903,10 +1899,9 @@ __owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
__owur int ssl3_do_change_cipher_spec(SSL *ssl);
__owur long ssl3_default_timeout(void);
-__owur int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len);
-__owur int ssl3_set_handshake_header2(SSL *s, WPACKET *pkt, int htype);
+__owur int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype);
__owur int tls_close_construct_packet(SSL *s, WPACKET *pkt);
-__owur int dtls1_set_handshake_header2(SSL *s, WPACKET *pkt, int htype);
+__owur int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype);
__owur int dtls1_close_construct_packet(SSL *s, WPACKET *pkt);
__owur int ssl3_handshake_write(SSL *s);
@@ -2037,8 +2032,6 @@ __owur int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
__owur int tls12_get_sigandhash(WPACKET *pkt, const EVP_PKEY *pk,
const EVP_MD *md);
-__owur int tls12_get_sigandhash_old(unsigned char *p, const EVP_PKEY *pk,
- const EVP_MD *md);
__owur int tls12_get_sigid(const EVP_PKEY *pk);
__owur const EVP_MD *tls12_get_hash(unsigned char hash_alg);
void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index e4b2219..02d1b7a 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -738,7 +738,7 @@ int tls_construct_client_hello(SSL *s)
if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random)) <= 0)
goto err;
- if (!ssl_set_handshake_header2(s, &pkt, SSL3_MT_CLIENT_HELLO)) {
+ if (!ssl_set_handshake_header(s, &pkt, SSL3_MT_CLIENT_HELLO)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
goto err;
@@ -2469,7 +2469,7 @@ int tls_construct_client_key_exchange(SSL *s)
goto err;
}
- if (!ssl_set_handshake_header2(s, &pkt, SSL3_MT_CLIENT_KEY_EXCHANGE)) {
+ if (!ssl_set_handshake_header(s, &pkt, SSL3_MT_CLIENT_KEY_EXCHANGE)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
@@ -2605,7 +2605,7 @@ int tls_construct_client_verify(SSL *s)
goto err;
}
- if (!ssl_set_handshake_header2(s, &pkt, SSL3_MT_CERTIFICATE_VERIFY)) {
+ if (!ssl_set_handshake_header(s, &pkt, SSL3_MT_CERTIFICATE_VERIFY)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -2878,7 +2878,7 @@ int tls_construct_next_proto(SSL *s)
goto err;
}
- if (!ssl_set_handshake_header2(s, &pkt, SSL3_MT_NEXT_PROTO)) {
+ if (!ssl_set_handshake_header(s, &pkt, SSL3_MT_NEXT_PROTO)) {
SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
goto err;
}
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index 7e23ad9..0328ab7 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -1212,13 +1212,7 @@ void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
n2l3(data, msg_hdr->frag_len);
}
-/*
- * Temporary name. To be renamed dtls1_set_handshake_header() once all WPACKET
- * conversion is complete. The old dtls1_set_handshake_heder() can be deleted
- * at that point.
- * TODO - RENAME ME
- */
-int dtls1_set_handshake_header2(SSL *s, WPACKET *pkt, int htype)
+int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
{
unsigned char *header;
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 0a482fd..da26ef8 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -78,7 +78,7 @@ int tls_construct_finished(SSL *s, const char *sender, int slen)
WPACKET pkt;
if (!WPACKET_init(&pkt, s->init_buf)
- || !ssl_set_handshake_header2(s, &pkt, SSL3_MT_FINISHED)) {
+ || !ssl_set_handshake_header(s, &pkt, SSL3_MT_FINISHED)) {
SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -297,7 +297,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
goto err;
}
- if (!ssl_set_handshake_header2(s, &pkt, SSL3_MT_CERTIFICATE)
+ if (!ssl_set_handshake_header(s, &pkt, SSL3_MT_CERTIFICATE)
|| !WPACKET_start_sub_packet_u24(&pkt)) {
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_INTERNAL_ERROR);
goto err;
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 008ebda..cc737ba 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -834,7 +834,7 @@ int tls_construct_hello_request(SSL *s)
WPACKET pkt;
if (!WPACKET_init(&pkt, s->init_buf)
- || !ssl_set_handshake_header2(s, &pkt, SSL3_MT_HELLO_REQUEST)
+ || !ssl_set_handshake_header(s, &pkt, SSL3_MT_HELLO_REQUEST)
|| !ssl_close_construct_packet(s, &pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST, ERR_R_INTERNAL_ERROR);
ossl_statem_set_error(s);
@@ -872,8 +872,8 @@ int dtls_construct_hello_verify_request(SSL *s)
}
if (!WPACKET_init(&pkt, s->init_buf)
- || !ssl_set_handshake_header2(s, &pkt,
- DTLS1_MT_HELLO_VERIFY_REQUEST)
+ || !ssl_set_handshake_header(s, &pkt,
+ DTLS1_MT_HELLO_VERIFY_REQUEST)
|| !dtls_raw_hello_verify_request(&pkt, s->d1->cookie,
s->d1->cookie_len)
/*
@@ -1504,7 +1504,7 @@ int tls_construct_server_hello(SSL *s)
WPACKET pkt;
if (!WPACKET_init(&pkt, s->init_buf)
- || !ssl_set_handshake_header2(s, &pkt, SSL3_MT_SERVER_HELLO)
+ || !ssl_set_handshake_header(s, &pkt, SSL3_MT_SERVER_HELLO)
|| !WPACKET_put_bytes_u16(&pkt, s->version)
/*
* Random stuff. Filling of the server_random takes place in
@@ -1575,7 +1575,7 @@ int tls_construct_server_done(SSL *s)
WPACKET pkt;
if (!WPACKET_init(&pkt, s->init_buf)
- || !ssl_set_handshake_header2(s, &pkt, SSL3_MT_SERVER_DONE)
+ || !ssl_set_handshake_header(s, &pkt, SSL3_MT_SERVER_DONE)
|| !ssl_close_construct_packet(s, &pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_DONE, ERR_R_INTERNAL_ERROR);
goto err;
@@ -1614,8 +1614,8 @@ int tls_construct_server_key_exchange(SSL *s)
size_t paramlen, paramoffset;
if (!WPACKET_init(&pkt, s->init_buf)
- || !ssl_set_handshake_header2(s, &pkt,
- SSL3_MT_SERVER_KEY_EXCHANGE)
+ || !ssl_set_handshake_header(s, &pkt,
+ SSL3_MT_SERVER_KEY_EXCHANGE)
|| !WPACKET_get_total_written(&pkt, ¶moffset)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
@@ -1950,8 +1950,8 @@ int tls_construct_certificate_request(SSL *s)
WPACKET pkt;
if (!WPACKET_init(&pkt, s->init_buf)
- || !ssl_set_handshake_header2(s, &pkt,
- SSL3_MT_CERTIFICATE_REQUEST)) {
+ || !ssl_set_handshake_header(s, &pkt,
+ SSL3_MT_CERTIFICATE_REQUEST)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -2985,7 +2985,7 @@ int tls_construct_new_session_ticket(SSL *s)
}
if (!WPACKET_init(&pkt, s->init_buf)
- || !ssl_set_handshake_header2(s, &pkt, SSL3_MT_NEWSESSION_TICKET)) {
+ || !ssl_set_handshake_header(s, &pkt, SSL3_MT_NEWSESSION_TICKET)) {
SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -3123,8 +3123,7 @@ int tls_construct_cert_status(SSL *s)
WPACKET pkt;
if (!WPACKET_init(&pkt, s->init_buf)
- || !ssl_set_handshake_header2(s, &pkt,
- SSL3_MT_CERTIFICATE_STATUS)
+ || !ssl_set_handshake_header(s, &pkt, SSL3_MT_CERTIFICATE_STATUS)
|| !WPACKET_put_bytes_u8(&pkt, s->tlsext_status_type)
|| !WPACKET_sub_memcpy_u24(&pkt, s->tlsext_ocsp_resp,
s->tlsext_ocsp_resplen)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e2e5f60..71c480f 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -41,7 +41,6 @@ SSL3_ENC_METHOD const TLSv1_enc_data = {
0,
SSL3_HM_HEADER_LENGTH,
ssl3_set_handshake_header,
- ssl3_set_handshake_header2,
tls_close_construct_packet,
ssl3_handshake_write
};
@@ -61,7 +60,6 @@ SSL3_ENC_METHOD const TLSv1_1_enc_data = {
SSL_ENC_FLAG_EXPLICIT_IV,
SSL3_HM_HEADER_LENGTH,
ssl3_set_handshake_header,
- ssl3_set_handshake_header2,
tls_close_construct_packet,
ssl3_handshake_write
};
@@ -82,7 +80,6 @@ SSL3_ENC_METHOD const TLSv1_2_enc_data = {
| SSL_ENC_FLAG_TLS1_2_CIPHERS,
SSL3_HM_HEADER_LENGTH,
ssl3_set_handshake_header,
- ssl3_set_handshake_header2,
tls_close_construct_packet,
ssl3_handshake_write
};
@@ -3132,29 +3129,6 @@ int tls12_get_sigandhash(WPACKET *pkt, const EVP_PKEY *pk, const EVP_MD *md)
return 1;
}
-/*
- * Old version of the tls12_get_sigandhash function used by code that has not
- * yet been converted to WPACKET yet. It will be deleted once WPACKET conversion
- * is complete.
- * TODO - DELETE ME
- */
-int tls12_get_sigandhash_old(unsigned char *p, const EVP_PKEY *pk,
- const EVP_MD *md)
-{
- int sig_id, md_id;
- if (!md)
- return 0;
- md_id = tls12_find_id(EVP_MD_type(md), tls12_md, OSSL_NELEM(tls12_md));
- if (md_id == -1)
- return 0;
- sig_id = tls12_get_sigid(pk);
- if (sig_id == -1)
- return 0;
- p[0] = (unsigned char)md_id;
- p[1] = (unsigned char)sig_id;
- return 1;
-}
-
int tls12_get_sigid(const EVP_PKEY *pk)
{
return tls12_find_id(EVP_PKEY_id(pk), tls12_sig, OSSL_NELEM(tls12_sig));
More information about the openssl-commits
mailing list