[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Thu Sep 29 16:09:44 UTC 2016
The branch master has been updated
via cc59ad1073c49cbb173708d7377df06ad3786f4c (commit)
via f308416e27cc8b6639841497bbc782363c17b11d (commit)
via 4346a8faa7dd660c053c8e65b9e566b6c934f010 (commit)
from b1b4f0a5807d0462067a39daf39eb8bccd3bca2b (commit)
- Log -----------------------------------------------------------------
commit cc59ad1073c49cbb173708d7377df06ad3786f4c
Author: Matt Caswell <matt at openssl.org>
Date: Thu Sep 29 16:40:13 2016 +0100
Convert CertStatus message construction to WPACKET
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit f308416e27cc8b6639841497bbc782363c17b11d
Author: Matt Caswell <matt at openssl.org>
Date: Thu Sep 29 16:39:32 2016 +0100
Fix mis-named macro in packet_locl.h
A couple of the WPACKET_sub_memcpy* macros were mis-named.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 4346a8faa7dd660c053c8e65b9e566b6c934f010
Author: Matt Caswell <matt at openssl.org>
Date: Thu Sep 29 15:14:33 2016 +0100
Convert SeverDone construction to WPACKET
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
include/openssl/ssl.h | 1 +
ssl/packet_locl.h | 4 ++--
ssl/ssl_err.c | 1 +
ssl/statem/statem_srvr.c | 62 ++++++++++++++++++++++--------------------------
4 files changed, 32 insertions(+), 36 deletions(-)
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index d741ece..517716f 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2220,6 +2220,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_TLS1_SET_SERVER_SIGALGS 335
# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354
# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372
+# define SSL_F_TLS_CONSTRUCT_CERT_STATUS 429
# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 427
# define SSL_F_TLS_CONSTRUCT_CKE_DHE 404
# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405
diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h
index 8d3fd37..517c12d 100644
--- a/ssl/packet_locl.h
+++ b/ssl/packet_locl.h
@@ -779,9 +779,9 @@ int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len,
WPACKET_sub_memcpy__((pkt), (src), (len), 1)
#define WPACKET_sub_memcpy_u16(pkt, src, len) \
WPACKET_sub_memcpy__((pkt), (src), (len), 2)
-#define WPACKET_sub_memcpy_bytes_u24(pkt, src, len) \
+#define WPACKET_sub_memcpy_u24(pkt, src, len) \
WPACKET_sub_memcpy__((pkt), (src), (len), 3)
-#define WPACKET_sub_memcpy_bytes_u32(pkt, src, len) \
+#define WPACKET_sub_memcpy_u32(pkt, src, len) \
WPACKET_sub_memcpy__((pkt), (src), (len), 4)
/*
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index e6c7320..9539e67 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -239,6 +239,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
"tls_client_key_exchange_post_work"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST),
"tls_construct_certificate_request"},
+ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERT_STATUS), "tls_construct_cert_status"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC),
"tls_construct_change_cipher_spec"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_DHE), "tls_construct_cke_dhe"},
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index eae0e3c..3fbc4ad 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1572,19 +1572,26 @@ int tls_construct_server_hello(SSL *s)
int tls_construct_server_done(SSL *s)
{
- if (!ssl_set_handshake_header(s, SSL3_MT_SERVER_DONE, 0)) {
+ WPACKET pkt;
+
+ if (!WPACKET_init(&pkt, s->init_buf)
+ || !ssl_set_handshake_header2(s, &pkt, SSL3_MT_SERVER_DONE)
+ || !ssl_close_construct_packet(s, &pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_DONE, ERR_R_INTERNAL_ERROR);
- ossl_statem_set_error(s);
- return 0;
+ goto err;
}
if (!s->s3->tmp.cert_request) {
- if (!ssl3_digest_cached_records(s, 0)) {
- ossl_statem_set_error(s);
- }
+ if (!ssl3_digest_cached_records(s, 0))
+ goto err;
}
-
return 1;
+
+ err:
+ WPACKET_cleanup(&pkt);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ossl_statem_set_error(s);
+ return 0;
}
int tls_construct_server_key_exchange(SSL *s)
@@ -3118,36 +3125,23 @@ int tls_construct_new_session_ticket(SSL *s)
int tls_construct_cert_status(SSL *s)
{
- unsigned char *p;
- size_t msglen;
-
- /*-
- * Grow buffer if need be: the length calculation is as
- * follows handshake_header_length +
- * 1 (ocsp response type) + 3 (ocsp response length)
- * + (ocsp response)
- */
- msglen = 4 + s->tlsext_ocsp_resplen;
- if (!BUF_MEM_grow(s->init_buf, SSL_HM_HEADER_LENGTH(s) + msglen))
- goto err;
-
- p = ssl_handshake_start(s);
-
- /* status type */
- *(p++) = s->tlsext_status_type;
- /* length of OCSP response */
- l2n3(s->tlsext_ocsp_resplen, p);
- /* actual response */
- memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
+ WPACKET pkt;
- if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_STATUS, msglen))
- goto err;
+ if (!WPACKET_init(&pkt, s->init_buf)
+ || !ssl_set_handshake_header2(s, &pkt,
+ SSL3_MT_CERTIFICATE_STATUS)
+ || !WPACKET_put_bytes_u8(&pkt, s->tlsext_status_type)
+ || !WPACKET_sub_memcpy_u24(&pkt, s->tlsext_ocsp_resp,
+ s->tlsext_ocsp_resplen)
+ || !ssl_close_construct_packet(s, &pkt)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CERT_STATUS, ERR_R_INTERNAL_ERROR);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ ossl_statem_set_error(s);
+ WPACKET_cleanup(&pkt);
+ return 0;
+ }
return 1;
-
- err:
- ossl_statem_set_error(s);
- return 0;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
More information about the openssl-commits
mailing list