DTLS revision.

Revise DTLS code. There was a *lot* of code duplication in the
DTLS code that generates records. This makes it harder to maintain and
sometimes a TLS update is omitted by accident from the DTLS code.

Specifically almost all of the record generation functions have code like
this:

some_pointer = buffer + HANDSHAKE_HEADER_LENGTH;
... Record creation stuff ...
set_handshake_header(ssl, SSL_MT_SOMETHING, message_len);

...

write_handshake_message(ssl);

Where the "Record creation stuff" is identical between SSL/TLS and DTLS or
in some cases has very minor differences.

By adding a few fields to SSL3_ENC to include the header length, some flags
and function pointers for handshake header setting and handshake writing the
code can cope with both cases.

Note: although this passes "make test" and some simple DTLS tests there may
be some minor differences in the DTLS code that have to be accounted for.

ssl/d1_both.c

@@ -896,63 +896,6 @@ f_err:
 	return(-1);
 	}
 
-int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
-	{
-	unsigned char *p,*d;
-	int i;
-	unsigned long l;
-
-	if (s->state == a)
-		{
-		d=(unsigned char *)s->init_buf->data;
-		p= &(d[DTLS1_HM_HEADER_LENGTH]);
-
-		i=s->method->ssl3_enc->final_finish_mac(s,
-			sender,slen,s->s3->tmp.finish_md);
-		s->s3->tmp.finish_md_len = i;
-		memcpy(p, s->s3->tmp.finish_md, i);
-		p+=i;
-		l=i;
-
-	/* Copy the finished so we can use it for
-	 * renegotiation checks
-	 */
-	if(s->type == SSL_ST_CONNECT)
-		{
-		OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-		memcpy(s->s3->previous_client_finished, 
-		       s->s3->tmp.finish_md, i);
-		s->s3->previous_client_finished_len=i;
-		}
-	else
-		{
-		OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-		memcpy(s->s3->previous_server_finished, 
-		       s->s3->tmp.finish_md, i);
-		s->s3->previous_server_finished_len=i;
-		}
-
-#ifdef OPENSSL_SYS_WIN16
-		/* MSVC 1.5 does not clear the top bytes of the word unless
-		 * I do this.
-		 */
-		l&=0xffff;
-#endif
-
-		d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
-		s->init_num=(int)l+DTLS1_HM_HEADER_LENGTH;
-		s->init_off=0;
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
-
-		s->state=b;
-		}
-
-	/* SSL3_ST_SEND_xxxxxx_HELLO_B */
-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-	}
-
 /* for these 2 messages, we need to
  * ssl->enc_read_ctx			re-init
  * ssl->s3->read_sequence		zero
@@ -993,27 +936,6 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
 	return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
 	}
 
-unsigned long dtls1_output_cert_chain(SSL *s, CERT_PKEY *cpk)
-	{
-	unsigned char *p;
-	unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
-	BUF_MEM *buf=s->init_buf;
-
-	if (!ssl_add_cert_chain(s, cpk, &l))
-		return 0;
-
-	l-= (3 + DTLS1_HM_HEADER_LENGTH);
-
-	p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
-	l2n3(l,p);
-	l+=3;
-	p=(unsigned char *)&(buf->data[0]);
-	p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
-
-	l+=DTLS1_HM_HEADER_LENGTH;
-	return(l);
-	}
-
 int dtls1_read_failed(SSL *s, int code)
 	{
 	if ( code > 0)

ssl/d1_lib.c

@@ -67,6 +67,8 @@
 #endif
 
 static void get_current_time(struct timeval *t);
+static void dtls1_set_handshake_header(SSL *s, int type, unsigned long len);
+static int dtls1_handshake_write(SSL *s);
 const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
 int dtls1_listen(SSL *s, struct sockaddr *client);
 
@@ -83,6 +85,10 @@ SSL3_ENC_METHOD DTLSv1_enc_data={
 	TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
 	tls1_alert_code,
 	tls1_export_keying_material,
+	SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV,
+	DTLS1_HM_HEADER_LENGTH,
+	dtls1_set_handshake_header,
+	dtls1_handshake_write	
 	};
 
 long dtls1_default_timeout(void)
@@ -484,3 +490,20 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
 	(void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
 	return 1;
 	}
+
+static void dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)
+	{
+	unsigned char *p = (unsigned char *)s->init_buf->data;
+	dtls1_set_message_header(s, p, htype, len, 0, len);
+	s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH;
+	s->init_off = 0;
+	/* Buffer the message to handle re-xmits */
+	dtls1_buffer_message(s, 0);
+	}
+
+static int dtls1_handshake_write(SSL *s)
+	{
+	return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
+	}
+	
+	

ssl/s3_both.c

@@ -150,20 +150,18 @@ int ssl3_do_write(SSL *s, int type)
 
 int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 	{
-	unsigned char *p,*d;
+	unsigned char *p;
 	int i;
 	unsigned long l;
 
 	if (s->state == a)
 		{
-		d=(unsigned char *)s->init_buf->data;
-		p= &(d[4]);
+		p = ssl_handshake_start(s);
 
 		i=s->method->ssl3_enc->final_finish_mac(s,
 			sender,slen,s->s3->tmp.finish_md);
 		s->s3->tmp.finish_md_len = i;
 		memcpy(p, s->s3->tmp.finish_md, i);
-		p+=i;
 		l=i;
 
                 /* Copy the finished so we can use it for
@@ -189,17 +187,12 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 		 */
 		l&=0xffff;
 #endif
-
-		*(d++)=SSL3_MT_FINISHED;
-		l2n3(l,d);
-		s->init_num=(int)l+4;
-		s->init_off=0;
-
+		ssl_set_handshake_header(s, SSL3_MT_FINISHED, l);
 		s->state=b;
 		}
 
 	/* SSL3_ST_SEND_xxxxxx_HELLO_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	return ssl_do_write(s);
 	}
 
 #ifndef OPENSSL_NO_NEXTPROTONEG
@@ -324,21 +317,17 @@ int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
 unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
 	{
 	unsigned char *p;
-	unsigned long l=7;
-	BUF_MEM *buf = s->init_buf;
+	unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s);
 
 	if (!ssl_add_cert_chain(s, cpk, &l))
 		return 0;
 
-	l-=7;
-	p=(unsigned char *)&(buf->data[4]);
-	l2n3(l,p);
-	l+=3;
-	p=(unsigned char *)&(buf->data[0]);
-	*(p++)=SSL3_MT_CERTIFICATE;
+	l -= 3 + SSL_HM_HEADER_LENGTH(s);
+	p = ssl_handshake_start(s);
 	l2n3(l,p);
-	l+=4;
-	return(l);
+	l += 3;
+	ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l);
+	return l + SSL_HM_HEADER_LENGTH(s);
 	}
 
 /* Obtain handshake message of message type 'mt' (any if mt == -1),

ssl/s3_clnt.c

@@ -697,13 +697,34 @@ int ssl3_client_hello(SSL *s)
 		/* else use the pre-loaded session */
 
 		p=s->s3->client_random;
-		Time=(unsigned long)time(NULL);			/* Time */
-		l2n(Time,p);
-		if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
-			goto err;
+
+		/* for DTLS if client_random is initialized, reuse it, we are
+		 * required to use same upon reply to HelloVerify */
+		if (SSL_IS_DTLS(s))
+			{
+			size_t idx;
+			i = 1;
+			for (idx=0; idx < sizeof(s->s3->client_random); idx++)
+				{
+				if (p[idx])
+					{
+					i = 0;
+					break;
+					}
+				}
+			}
+		else 
+			i = 1;
+
+		if (i)
+			{
+			Time=(unsigned long)time(NULL);	/* Time */
+			l2n(Time,p);
+			RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
+			}
 
 		/* Do the message type and length last */
-		d=p= &(buf[4]);
+		d=p= ssl_handshake_start(s);
 
 		/* version indicates the negotiated version: for example from
 		 * an SSLv2/v3 compatible client hello). The client_version
@@ -764,6 +785,19 @@ int ssl3_client_hello(SSL *s)
 			p+=i;
 			}
 		
+		/* cookie stuff for DTLS */
+		if (SSL_IS_DTLS(s))
+			{
+			if ( s->d1->cookie_len > sizeof(s->d1->cookie))
+				{
+				SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
+			*(p++) = s->d1->cookie_len;
+			memcpy(p, s->d1->cookie, s->d1->cookie_len);
+			p += s->d1->cookie_len;
+			}
+		
 		/* Ciphers supported */
 		i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
 		if (i == 0)
@@ -816,19 +850,13 @@ int ssl3_client_hello(SSL *s)
 			}
 #endif
 		
-		l=(p-d);
-		d=buf;
-		*(d++)=SSL3_MT_CLIENT_HELLO;
-		l2n3(l,d);
-
+		l= p-d;
+		ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l);
 		s->state=SSL3_ST_CW_CLNT_HELLO_B;
-		/* number of bytes to write */
-		s->init_num=p-buf;
-		s->init_off=0;
 		}
 
 	/* SSL3_ST_CW_CLNT_HELLO_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	return ssl_do_write(s);
 err:
 	return(-1);
 	}
@@ -2261,7 +2289,7 @@ int ssl3_get_server_done(SSL *s)
 
 int ssl3_send_client_key_exchange(SSL *s)
 	{
-	unsigned char *p,*d;
+	unsigned char *p;
 	int n;
 	unsigned long alg_k;
 #ifndef OPENSSL_NO_RSA
@@ -2282,8 +2310,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 
 	if (s->state == SSL3_ST_CW_KEY_EXCH_A)
 		{
-		d=(unsigned char *)s->init_buf->data;
-		p= &(d[4]);
+		p = ssl_handshake_start(s);
 
 		alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
 
@@ -2984,18 +3011,13 @@ int ssl3_send_client_key_exchange(SSL *s)
 			    ERR_R_INTERNAL_ERROR);
 			goto err;
 			}
-		
-		*(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
-		l2n3(n,d);
 
+		ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, n);
 		s->state=SSL3_ST_CW_KEY_EXCH_B;
-		/* number of bytes to write */
-		s->init_num=n+4;
-		s->init_off=0;
 		}
 
 	/* SSL3_ST_CW_KEY_EXCH_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	return ssl_do_write(s);
 err:
 #ifndef OPENSSL_NO_ECDH
 	BN_CTX_free(bn_ctx);
@@ -3009,7 +3031,7 @@ err:
 
 int ssl3_send_client_verify(SSL *s)
 	{
-	unsigned char *p,*d;
+	unsigned char *p;
 	unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
 	EVP_PKEY *pkey;
 	EVP_PKEY_CTX *pctx=NULL;
@@ -3022,8 +3044,7 @@ int ssl3_send_client_verify(SSL *s)
 
 	if (s->state == SSL3_ST_CW_CERT_VRFY_A)
 		{
-		d=(unsigned char *)s->init_buf->data;
-		p= &(d[4]);
+		p= ssl_handshake_start(s);
 		pkey=s->cert->key->privatekey;
 /* Create context from key and test if sha1 is allowed as digest */
 		pctx = EVP_PKEY_CTX_new(pkey,NULL);
@@ -3149,16 +3170,12 @@ int ssl3_send_client_verify(SSL *s)
 			SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
 			goto err;
 		}
-		*(d++)=SSL3_MT_CERTIFICATE_VERIFY;
-		l2n3(n,d);
-
+		ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n);
 		s->state=SSL3_ST_CW_CERT_VRFY_B;
-		s->init_num=(int)n+4;
-		s->init_off=0;
 		}
 	EVP_MD_CTX_cleanup(&mctx);
 	EVP_PKEY_CTX_free(pctx);
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	return ssl_do_write(s);
 err:
 	EVP_MD_CTX_cleanup(&mctx);
 	EVP_PKEY_CTX_free(pctx);
@@ -3215,7 +3232,6 @@ int ssl3_send_client_certificate(SSL *s)
 	X509 *x509=NULL;
 	EVP_PKEY *pkey=NULL;
 	int i;
-	unsigned long l;
 
 	if (s->state ==	SSL3_ST_CW_CERT_A)
 		{
@@ -3284,13 +3300,11 @@ int ssl3_send_client_certificate(SSL *s)
 	if (s->state == SSL3_ST_CW_CERT_C)
 		{
 		s->state=SSL3_ST_CW_CERT_D;
-		l=ssl3_output_cert_chain(s,
+		ssl3_output_cert_chain(s,
 			(s->s3->tmp.cert_req == 2)?NULL:s->cert->key);
-		s->init_num=(int)l;
-		s->init_off=0;
 		}
 	/* SSL3_ST_CW_CERT_D */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	return ssl_do_write(s);
 	}
 
 #define has_bits(i,m)	(((i)&(m)) == (m))

ssl/s3_lib.c

@@ -2918,6 +2918,10 @@ SSL3_ENC_METHOD SSLv3_enc_data={
 	(int (*)(SSL *, unsigned char *, size_t, const char *,
 		 size_t, const unsigned char *, size_t,
 		 int use_context))ssl_undefined_function,
+	0,
+	SSL3_HM_HEADER_LENGTH,
+	ssl3_set_handshake_header,
+	ssl3_handshake_write
 	};
 
 long ssl3_default_timeout(void)
@@ -2948,6 +2952,20 @@ int ssl3_pending(const SSL *s)
 	return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
 	}
 
+void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
+	{
+	unsigned char *p = (unsigned char *)s->init_buf->data;
+	*(p++) = htype;
+	l2n3(len, p);
+	s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
+	s->init_off = 0;
+	}
+
+int ssl3_handshake_write(SSL *s)
+	{
+	return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
+	}
+
 int ssl3_new(SSL *s)
 	{
 	SSL3_STATE *s3;
@@ -4451,4 +4469,4 @@ long ssl_get_algorithm2(SSL *s)
 		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
 	return alg2;
 	}
-		
+

ssl/s3_srvr.c

@@ -868,24 +868,15 @@ end:
 
 int ssl3_send_hello_request(SSL *s)
 	{
-	unsigned char *p;
 
 	if (s->state == SSL3_ST_SW_HELLO_REQ_A)
 		{
-		p=(unsigned char *)s->init_buf->data;
-		*(p++)=SSL3_MT_HELLO_REQUEST;
-		*(p++)=0;
-		*(p++)=0;
-		*(p++)=0;
-
+		ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0);
 		s->state=SSL3_ST_SW_HELLO_REQ_B;
-		/* number of bytes to write */
-		s->init_num=4;
-		s->init_off=0;
 		}
 
 	/* SSL3_ST_SW_HELLO_REQ_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	return ssl_do_write(s);
 	}
 
 int ssl3_check_client_hello(SSL *s)
@@ -1478,7 +1469,7 @@ int ssl3_send_server_hello(SSL *s)
 			return -1;
 #endif
 		/* Do the message type and length last */
-		d=p= &(buf[4]);
+		d=p= ssl_handshake_start(s);
 
 		*(p++)=s->version>>8;
 		*(p++)=s->version&0xff;
@@ -1544,42 +1535,25 @@ int ssl3_send_server_hello(SSL *s)
 #endif
 		/* do the header */
 		l=(p-d);
-		d=buf;
-		*(d++)=SSL3_MT_SERVER_HELLO;
-		l2n3(l,d);
-
+		ssl_set_handshake_header(s, SSL3_MT_SERVER_HELLO, l);
 		s->state=SSL3_ST_SW_SRVR_HELLO_B;
-		/* number of bytes to write */
-		s->init_num=p-buf;
-		s->init_off=0;
 		}
 
 	/* SSL3_ST_SW_SRVR_HELLO_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	return ssl_do_write(s);
 	}
 
 int ssl3_send_server_done(SSL *s)
 	{
-	unsigned char *p;
 
 	if (s->state == SSL3_ST_SW_SRVR_DONE_A)
 		{
-		p=(unsigned char *)s->init_buf->data;
-
-		/* do the header */
-		*(p++)=SSL3_MT_SERVER_DONE;
-		*(p++)=0;
-		*(p++)=0;
-		*(p++)=0;
-
-		s->state=SSL3_ST_SW_SRVR_DONE_B;
-		/* number of bytes to write */
-		s->init_num=4;
-		s->init_off=0;
+		ssl_set_handshake_header(s, SSL3_MT_SERVER_DONE, 0);
+		s->state = SSL3_ST_SW_SRVR_DONE_B;
 		}
 
 	/* SSL3_ST_SW_SRVR_DONE_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	return ssl_do_write(s);
 	}
 
 int ssl3_send_server_key_exchange(SSL *s)
@@ -1903,13 +1877,12 @@ int ssl3_send_server_key_exchange(SSL *s)
 			kn=0;
 			}
 
-		if (!BUF_MEM_grow_clean(buf,n+4+kn))
+		if (!BUF_MEM_grow_clean(buf,n+SSL_HM_HEADER_LENGTH(s)+kn))
 			{
 			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
 			goto err;
 			}
-		d=(unsigned char *)s->init_buf->data;
-		p= &(d[4]);
+		d = p = ssl_handshake_start(s);
 
 		for (i=0; r[i] != NULL && i<4; i++)
 			{
@@ -1981,7 +1954,7 @@ int ssl3_send_server_key_exchange(SSL *s)
 						?s->ctx->md5:s->ctx->sha1, NULL);
 					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 					EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-					EVP_DigestUpdate(&md_ctx,&(d[4]),n);
+					EVP_DigestUpdate(&md_ctx,d,n);
 					EVP_DigestFinal_ex(&md_ctx,q,
 						(unsigned int *)&i);
 					q+=i;
@@ -2020,7 +1993,7 @@ int ssl3_send_server_key_exchange(SSL *s)
 				EVP_SignInit_ex(&md_ctx, md, NULL);
 				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-				EVP_SignUpdate(&md_ctx,&(d[4]),n);
+				EVP_SignUpdate(&md_ctx,d,n);
 				if (!EVP_SignFinal(&md_ctx,&(p[2]),
 					(unsigned int *)&i,pkey))
 					{
@@ -2041,18 +2014,12 @@ int ssl3_send_server_key_exchange(SSL *s)
 				}
 			}
 
-		*(d++)=SSL3_MT_SERVER_KEY_EXCHANGE;
-		l2n3(n,d);
-
-		/* we should now have things packed up, so lets send
-		 * it off */
-		s->init_num=n+4;
-		s->init_off=0;
+		ssl_set_handshake_header(s, SSL3_MT_SERVER_KEY_EXCHANGE, n);
 		}
 
 	s->state = SSL3_ST_SW_KEY_EXCH_B;
 	EVP_MD_CTX_cleanup(&md_ctx);
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	return ssl_do_write(s);
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
@@ -2076,7 +2043,7 @@ int ssl3_send_certificate_request(SSL *s)
 		{
 		buf=s->init_buf;
 
-		d=p=(unsigned char *)&(buf->data[4]);
+		d=p=ssl_handshake_start(s);
 
 		/* get the list of acceptable cert types */
 		p++;
@@ -2131,34 +2098,29 @@ int ssl3_send_certificate_request(SSL *s)
 				}
 			}
 		/* else no CA names */
-		p=(unsigned char *)&(buf->data[4+off]);
+		p = ssl_handshake_start(s) + off;
 		s2n(nl,p);
 
-		d=(unsigned char *)buf->data;
-		*(d++)=SSL3_MT_CERTIFICATE_REQUEST;
-		l2n3(n,d);
+		ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_REQUEST, n);
 
-		/* we should now have things packed up, so lets send
-		 * it off */
-
-		s->init_num=n+4;
-		s->init_off=0;
 #ifdef NETSCAPE_HANG_BUG
-		p=(unsigned char *)s->init_buf->data + s->init_num;
-
-		/* do the header */
-		*(p++)=SSL3_MT_SERVER_DONE;
-		*(p++)=0;
-		*(p++)=0;
-		*(p++)=0;
-		s->init_num += 4;
+		if (!SSL_IS_DTLS(s))
+			{
+			p=(unsigned char *)s->init_buf->data + s->init_num;
+			/* do the header */
+			*(p++)=SSL3_MT_SERVER_DONE;
+			*(p++)=0;
+			*(p++)=0;
+			*(p++)=0;
+			s->init_num += 4;
+			}
 #endif
 
 		s->state = SSL3_ST_SW_CERT_REQ_B;
 		}
 
 	/* SSL3_ST_SW_CERT_REQ_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	return ssl_do_write(s);
 err:
 	return(-1);
 	}
@@ -3394,7 +3356,6 @@ err:
 
 int ssl3_send_server_certificate(SSL *s)
 	{
-	unsigned long l;
 	CERT_PKEY *cpk;
 
 	if (s->state == SSL3_ST_SW_CERT_A)
@@ -3411,14 +3372,12 @@ int ssl3_send_server_certificate(SSL *s)
 				}
 			}
 
-		l=ssl3_output_cert_chain(s,cpk);
+		ssl3_output_cert_chain(s,cpk);
 		s->state=SSL3_ST_SW_CERT_B;
-		s->init_num=(int)l;
-		s->init_off=0;
 		}
 
 	/* SSL3_ST_SW_CERT_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	return ssl_do_write(s);
 	}
 
 #ifndef OPENSSL_NO_TLSEXT
@@ -3472,22 +3431,17 @@ int ssl3_send_newsession_ticket(SSL *s)
 		SSL_SESSION_free(sess);
 
 		/* Grow buffer if need be: the length calculation is as
- 		 * follows 1 (size of message name) + 3 (message length
- 		 * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
+ 		 * follows handshake_header_length +
+ 		 * 4 (ticket lifetime hint) + 2 (ticket length) +
  		 * 16 (key name) + max_iv_len (iv length) +
  		 * session_length + max_enc_block_size (max encrypted session
  		 * length) + max_md_size (HMAC).
  		 */
 		if (!BUF_MEM_grow(s->init_buf,
-			26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
-			EVP_MAX_MD_SIZE + slen))
+			SSL_HM_HEADER_LENGTH(s) + 22 + EVP_MAX_IV_LENGTH +
+			EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
 			return -1;
-
-		p=(unsigned char *)s->init_buf->data;
-		/* do the header */
-		*(p++)=SSL3_MT_NEWSESSION_TICKET;
-		/* Skip message length for now */
-		p += 3;
+		p = ssl_handshake_start(s);
 		EVP_CIPHER_CTX_init(&ctx);
 		HMAC_CTX_init(&hctx);
 		/* Initialize HMAC and cipher contexts. If callback present
@@ -3542,21 +3496,17 @@ int ssl3_send_newsession_ticket(SSL *s)
 		p += hlen;
 		/* Now write out lengths: p points to end of data written */
 		/* Total length */
-		len = p - (unsigned char *)s->init_buf->data;
-		p=(unsigned char *)s->init_buf->data + 1;
-		l2n3(len - 4, p); /* Message length */
-		p += 4;
-		s2n(len - 10, p);  /* Ticket length */
-
-		/* number of bytes to write */
-		s->init_num= len;
+		len = p - ssl_handshake_start(s);
+		ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len);
+		/* Skip ticket lifetime hint */
+		p = ssl_handshake_start(s) + 4;
+		s2n(len - 6, p);
 		s->state=SSL3_ST_SW_SESSION_TICKET_B;
-		s->init_off=0;
 		OPENSSL_free(senc);
 		}
 
 	/* SSL3_ST_SW_SESSION_TICKET_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+	return ssl_do_write(s);
 	}
 
 int ssl3_send_cert_status(SSL *s)

ssl/ssl3.h

@@ -251,6 +251,8 @@ extern "C" {
 #define SSL3_SESSION_ID_SIZE			32
 #define SSL3_RT_HEADER_LENGTH			5
 
+#define SSL3_HM_HEADER_LENGTH                  4
+
 #ifndef SSL3_ALIGN_PAYLOAD
  /* Some will argue that this increases memory footprint, but it's
   * not actually true. Point is that malloc has to return at least

ssl/ssl_locl.h

@@ -439,7 +439,7 @@
 #define SSL_C_EXPORT_PKEYLENGTH(c)	SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
 
 /* Check if an SSL structure is using DTLS */
-#define SSL_IS_DTLS(s)	((s->method->version >> 8) == 0xfe)
+#define SSL_IS_DTLS(s)	(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
 
 
 /* Mostly for SSLv3 */
@@ -679,8 +679,32 @@ typedef struct ssl3_enc_method
 				      const char *, size_t,
 				      const unsigned char *, size_t,
 				      int use_context);
+	/* Various flags indicating protocol version requirements */
+	unsigned int enc_flags;
+	/* Handshake header length */
+	unsigned int hhlen;
+	/* Set the handshake header */
+	void (*set_handshake_header)(SSL *s, int type, unsigned long len);
+	/* Write out handshake message */
+	int (*do_write)(SSL *s);
 	} SSL3_ENC_METHOD;
 
+#define SSL_HM_HEADER_LENGTH(s)	s->method->ssl3_enc->hhlen
+#define ssl_handshake_start(s) \
+	(((unsigned char *)s->init_buf->data) + s->method->ssl3_enc->hhlen)
+#define ssl_set_handshake_header(s, htype, len) \
+	s->method->ssl3_enc->set_handshake_header(s, htype, len)
+#define ssl_do_write(s)  s->method->ssl3_enc->do_write(s)
+
+/* Values for enc_flags */
+
+/* Uses explicit IV for CBC mode */
+#define SSL_ENC_FLAG_EXPLICIT_IV	0x1
+/* Uses signature algorithms extension */
+#define SSL_ENC_FLAG_SIGALGS		0x2
+/* Is DTLS */
+#define SSL_ENC_FLAG_DTLS		0x4
+
 #ifndef OPENSSL_NO_COMP
 /* Used for holding the relevant compression methods loaded into SSL_CTX */
 typedef struct ssl3_comp_st
@@ -713,6 +737,8 @@ OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
 SSL_METHOD *ssl_bad_method(int ver);
 
 extern SSL3_ENC_METHOD TLSv1_enc_data;
+extern SSL3_ENC_METHOD TLSv1_1_enc_data;
+extern SSL3_ENC_METHOD TLSv1_2_enc_data;
 extern SSL3_ENC_METHOD SSLv3_enc_data;
 extern SSL3_ENC_METHOD DTLSv1_enc_data;
 
@@ -1044,6 +1070,9 @@ void ssl3_record_sequence_update(unsigned char *seq);
 int ssl3_do_change_cipher_spec(SSL *ssl);
 long ssl3_default_timeout(void );
 
+void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len);
+int ssl3_handshake_write(SSL *s);
+
 int ssl23_num_ciphers(void );
 const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
 int ssl23_read(SSL *s, void *buf, int len);
@@ -1115,9 +1144,6 @@ int ssl3_send_next_proto(SSL *s);
 #endif
 
 int dtls1_client_hello(SSL *s);
-int dtls1_send_client_certificate(SSL *s);
-int dtls1_send_client_key_exchange(SSL *s);
-int dtls1_send_client_verify(SSL *s);
 
 /* some server-only functions */
 int ssl3_get_client_hello(SSL *s);
@@ -1134,15 +1160,6 @@ int ssl3_get_cert_verify(SSL *s);
 int ssl3_get_next_proto(SSL *s);
 #endif
 
-int dtls1_send_hello_request(SSL *s);
-int dtls1_send_server_hello(SSL *s);
-int dtls1_send_server_certificate(SSL *s);
-int dtls1_send_server_key_exchange(SSL *s);
-int dtls1_send_certificate_request(SSL *s);
-int dtls1_send_server_done(SSL *s);
-
-
-
 int ssl23_accept(SSL *s);
 int ssl23_connect(SSL *s);
 int ssl23_read_bytes(SSL *s, int n);

ssl/t1_lib.c

@@ -140,6 +140,48 @@ SSL3_ENC_METHOD TLSv1_enc_data={
 	TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
 	tls1_alert_code,
 	tls1_export_keying_material,
+	0,
+	SSL3_HM_HEADER_LENGTH,
+	ssl3_set_handshake_header,
+	ssl3_handshake_write
+	};
+
+SSL3_ENC_METHOD TLSv1_1_enc_data={
+	tls1_enc,
+	tls1_mac,
+	tls1_setup_key_block,
+	tls1_generate_master_secret,
+	tls1_change_cipher_state,
+	tls1_final_finish_mac,
+	TLS1_FINISH_MAC_LENGTH,
+	tls1_cert_verify_mac,
+	TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
+	TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
+	tls1_alert_code,
+	tls1_export_keying_material,
+	SSL_ENC_FLAG_EXPLICIT_IV,
+	SSL3_HM_HEADER_LENGTH,
+	ssl3_set_handshake_header,
+	ssl3_handshake_write
+	};
+
+SSL3_ENC_METHOD TLSv1_2_enc_data={
+	tls1_enc,
+	tls1_mac,
+	tls1_setup_key_block,
+	tls1_generate_master_secret,
+	tls1_change_cipher_state,
+	tls1_final_finish_mac,
+	TLS1_FINISH_MAC_LENGTH,
+	tls1_cert_verify_mac,
+	TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
+	TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
+	tls1_alert_code,
+	tls1_export_keying_material,
+	SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS,
+	SSL3_HM_HEADER_LENGTH,
+	ssl3_set_handshake_header,
+	ssl3_handshake_write
 	};
 
 long tls1_default_timeout(void)