Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
1 年多 前同步成功

通知 10
Star 18
Fork 1
T
Third Party Openssl
提交 5923ad4b 编写于 作者: M Matt Caswell
浏览文件
操作

Don't set the handshake header in every message 

Move setting the handshake header up a level into the state machine code
in order to reduce boilerplate.
Reviewed-by: NRich Salz <rsalz@openssl.org>
上级 7cea05dc
隐藏空白更改
内联 并排
Showing with 148 addition and 170 deletion
include/openssl/ssl.h
浏览文件 @ 5923ad4b
...@@ -2078,7 +2078,9 @@ int ERR_load_SSL_strings(void); ...@@ -2078,7 +2078,9 @@ int ERR_load_SSL_strings(void);
# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 # define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370
# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 # define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386
# define SSL_F_OPENSSL_INIT_SSL 342 # define SSL_F_OPENSSL_INIT_SSL 342
# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 430
# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 # define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417
# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 431
# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 # define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418
# define SSL_F_READ_STATE_MACHINE 352 # define SSL_F_READ_STATE_MACHINE 352
# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 # define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
......
ssl/ssl_err.c
浏览文件 @ 5923ad4b
...@@ -49,8 +49,12 @@ static ERR_STRING_DATA SSL_str_functs[] = { ...@@ -49,8 +49,12 @@ static ERR_STRING_DATA SSL_str_functs[] = {
"dtls_get_reassembled_message"}, "dtls_get_reassembled_message"},
{ERR_FUNC(SSL_F_DTLS_PROCESS_HELLO_VERIFY), "dtls_process_hello_verify"}, {ERR_FUNC(SSL_F_DTLS_PROCESS_HELLO_VERIFY), "dtls_process_hello_verify"},
{ERR_FUNC(SSL_F_OPENSSL_INIT_SSL), "OPENSSL_init_ssl"}, {ERR_FUNC(SSL_F_OPENSSL_INIT_SSL), "OPENSSL_init_ssl"},
{ERR_FUNC(SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE),
"ossl_statem_client_construct_message"},
{ERR_FUNC(SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION), {ERR_FUNC(SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION),
"ossl_statem_client_read_transition"}, "ossl_statem_client_read_transition"},
{ERR_FUNC(SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE),
"ossl_statem_server_construct_message"},
{ERR_FUNC(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION), {ERR_FUNC(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION),
"ossl_statem_server_read_transition"}, "ossl_statem_server_read_transition"},
{ERR_FUNC(SSL_F_READ_STATE_MACHINE), "read_state_machine"}, {ERR_FUNC(SSL_F_READ_STATE_MACHINE), "read_state_machine"},
......
ssl/statem/statem_clnt.c
浏览文件 @ 5923ad4b
...@@ -513,41 +513,74 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) ...@@ -513,41 +513,74 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)
int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt) int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt)
{ {
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
int (*confunc) (SSL *s, WPACKET *pkt) = NULL;
int ret = 1, mt;
switch (st->hand_state) { if (st->hand_state == TLS_ST_CW_CHANGE) {
default: /* Special case becase it is a different content type */
/* Shouldn't happen */ if (SSL_IS_DTLS(s))
return 0; return dtls_construct_change_cipher_spec(s, pkt);
case TLS_ST_CW_CLNT_HELLO: return tls_construct_change_cipher_spec(s, pkt);
return tls_construct_client_hello(s, pkt); } else {
switch (st->hand_state) {
default:
/* Shouldn't happen */
return 0;
case TLS_ST_CW_CERT: case TLS_ST_CW_CLNT_HELLO:
return tls_construct_client_certificate(s, pkt); confunc = tls_construct_client_hello;
mt = SSL3_MT_CLIENT_HELLO;
break;
case TLS_ST_CW_KEY_EXCH: case TLS_ST_CW_CERT:
return tls_construct_client_key_exchange(s, pkt); confunc = tls_construct_client_certificate;
mt = SSL3_MT_CERTIFICATE;
break;
case TLS_ST_CW_CERT_VRFY: case TLS_ST_CW_KEY_EXCH:
return tls_construct_client_verify(s, pkt); confunc = tls_construct_client_key_exchange;
mt = SSL3_MT_CLIENT_KEY_EXCHANGE;
break;
case TLS_ST_CW_CHANGE: case TLS_ST_CW_CERT_VRFY:
if (SSL_IS_DTLS(s)) confunc = tls_construct_client_verify;
return dtls_construct_change_cipher_spec(s, pkt); mt = SSL3_MT_CERTIFICATE_VERIFY;
else break;
return tls_construct_change_cipher_spec(s, pkt);
#if !defined(OPENSSL_NO_NEXTPROTONEG) #if !defined(OPENSSL_NO_NEXTPROTONEG)
case TLS_ST_CW_NEXT_PROTO: case TLS_ST_CW_NEXT_PROTO:
return tls_construct_next_proto(s, pkt); confunc = tls_construct_next_proto;
mt = SSL3_MT_NEXT_PROTO;
break;
#endif #endif
case TLS_ST_CW_FINISHED: case TLS_ST_CW_FINISHED:
return tls_construct_finished(s, pkt, mt = SSL3_MT_FINISHED;
s->method-> break;
ssl3_enc->client_finished_label, }
s->method->
ssl3_enc->client_finished_label_len); if (!ssl_set_handshake_header(s, pkt, mt)) {
SSLerr(SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE,
ERR_R_INTERNAL_ERROR);
return 0;
}
if (st->hand_state == TLS_ST_CW_FINISHED)
ret = tls_construct_finished(s, pkt,
s->method->
ssl3_enc->client_finished_label,
s->method->
ssl3_enc->client_finished_label_len);
else
ret = confunc(s, pkt);
if (!ret || !ssl_close_construct_packet(s, pkt)) {
SSLerr(SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE,
ERR_R_INTERNAL_ERROR);
return 0;
}
} }
return 1;
} }
/* /*
...@@ -736,12 +769,6 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) ...@@ -736,12 +769,6 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random)) <= 0) if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random)) <= 0)
return 0; return 0;
if (!ssl_set_handshake_header(s, pkt, SSL3_MT_CLIENT_HELLO)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return 0;
}
/*- /*-
* version indicates the negotiated version: for example from * version indicates the negotiated version: for example from
* an SSLv2/v3 compatible client hello). The client_version * an SSLv2/v3 compatible client hello). The client_version
...@@ -855,11 +882,6 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) ...@@ -855,11 +882,6 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
return 0; return 0;
} }
if (!ssl_close_construct_packet(s, pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return 0;
}
return 1; return 1;
} }
...@@ -2455,12 +2477,6 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt) ...@@ -2455,12 +2477,6 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt)
unsigned long alg_k; unsigned long alg_k;
int al = -1; int al = -1;
if (!ssl_set_handshake_header(s, pkt, SSL3_MT_CLIENT_KEY_EXCHANGE)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}
alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
if ((alg_k & SSL_PSK) if ((alg_k & SSL_PSK)
...@@ -2488,12 +2504,6 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt) ...@@ -2488,12 +2504,6 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt)
goto err; goto err;
} }
if (!ssl_close_construct_packet(s, pkt)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}
return 1; return 1;
err: err:
if (al != -1) if (al != -1)
...@@ -2582,11 +2592,6 @@ int tls_construct_client_verify(SSL *s, WPACKET *pkt) ...@@ -2582,11 +2592,6 @@ int tls_construct_client_verify(SSL *s, WPACKET *pkt)
void *hdata; void *hdata;
unsigned char *sig = NULL; unsigned char *sig = NULL;
if (!ssl_set_handshake_header(s, pkt, SSL3_MT_CERTIFICATE_VERIFY)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
mctx = EVP_MD_CTX_new(); mctx = EVP_MD_CTX_new();
if (mctx == NULL) { if (mctx == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_MALLOC_FAILURE);
...@@ -2640,11 +2645,6 @@ int tls_construct_client_verify(SSL *s, WPACKET *pkt) ...@@ -2640,11 +2645,6 @@ int tls_construct_client_verify(SSL *s, WPACKET *pkt)
if (!ssl3_digest_cached_records(s, 0)) if (!ssl3_digest_cached_records(s, 0))
goto err; goto err;
if (!ssl_close_construct_packet(s, pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
OPENSSL_free(sig); OPENSSL_free(sig);
EVP_MD_CTX_free(mctx); EVP_MD_CTX_free(mctx);
return 1; return 1;
...@@ -2846,11 +2846,6 @@ int tls_construct_next_proto(SSL *s, WPACKET *pkt) ...@@ -2846,11 +2846,6 @@ int tls_construct_next_proto(SSL *s, WPACKET *pkt)
size_t len, padding_len; size_t len, padding_len;
unsigned char *padding = NULL; unsigned char *padding = NULL;
if (!ssl_set_handshake_header(s, pkt, SSL3_MT_NEXT_PROTO)) {
SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
goto err;
}
len = s->next_proto_negotiated_len; len = s->next_proto_negotiated_len;
padding_len = 32 - ((len + 2) % 32); padding_len = 32 - ((len + 2) % 32);
...@@ -2862,11 +2857,6 @@ int tls_construct_next_proto(SSL *s, WPACKET *pkt) ...@@ -2862,11 +2857,6 @@ int tls_construct_next_proto(SSL *s, WPACKET *pkt)
memset(padding, 0, padding_len); memset(padding, 0, padding_len);
if (!ssl_close_construct_packet(s, pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
goto err;
}
return 1; return 1;
err: err:
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
......
ssl/statem/statem_lib.c
浏览文件 @ 5923ad4b
...@@ -75,11 +75,6 @@ int tls_construct_finished(SSL *s, WPACKET *pkt, const char *sender, int slen) ...@@ -75,11 +75,6 @@ int tls_construct_finished(SSL *s, WPACKET *pkt, const char *sender, int slen)
{ {
int i; int i;
if (!ssl_set_handshake_header(s, pkt, SSL3_MT_FINISHED)) {
SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);
goto err;
}
i = s->method->ssl3_enc->final_finish_mac(s, i = s->method->ssl3_enc->final_finish_mac(s,
sender, slen, sender, slen,
s->s3->tmp.finish_md); s->s3->tmp.finish_md);
...@@ -108,11 +103,6 @@ int tls_construct_finished(SSL *s, WPACKET *pkt, const char *sender, int slen) ...@@ -108,11 +103,6 @@ int tls_construct_finished(SSL *s, WPACKET *pkt, const char *sender, int slen)
s->s3->previous_server_finished_len = i; s->s3->previous_server_finished_len = i;
} }
if (!ssl_close_construct_packet(s, pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);
goto err;
}
return 1; return 1;
err: err:
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
...@@ -278,11 +268,9 @@ int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt) ...@@ -278,11 +268,9 @@ int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)
unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
{ {
if (!ssl_set_handshake_header(s, pkt, SSL3_MT_CERTIFICATE) if (!WPACKET_start_sub_packet_u24(pkt)
|| !WPACKET_start_sub_packet_u24(pkt)
|| !ssl_add_cert_chain(s, pkt, cpk) || !ssl_add_cert_chain(s, pkt, cpk)
|| !WPACKET_close(pkt) || !WPACKET_close(pkt)) {
|| !ssl_close_construct_packet(s, pkt)) {
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }
......
ssl/statem/statem_locl.h
浏览文件 @ 5923ad4b
...@@ -109,7 +109,6 @@ __owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt); ...@@ -109,7 +109,6 @@ __owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt);
__owur WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst); __owur WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst);
__owur int tls_construct_server_hello(SSL *s, WPACKET *pkt); __owur int tls_construct_server_hello(SSL *s, WPACKET *pkt);
__owur int tls_construct_hello_request(SSL *s, WPACKET *pkt);
__owur int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt); __owur int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt);
__owur int tls_construct_server_certificate(SSL *s, WPACKET *pkt); __owur int tls_construct_server_certificate(SSL *s, WPACKET *pkt);
__owur int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt); __owur int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt);
......
ssl/statem/statem_srvr.c
浏览文件 @ 5923ad4b
...@@ -622,52 +622,91 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) ...@@ -622,52 +622,91 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt) int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt)
{ {
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
int (*confunc) (SSL *s, WPACKET *pkt) = NULL;
int ret = 1, mt;
switch (st->hand_state) { if (st->hand_state == TLS_ST_SW_CHANGE) {
default: /* Special case becase it is a different content type */
/* Shouldn't happen */ if (SSL_IS_DTLS(s))
return 0; return dtls_construct_change_cipher_spec(s, pkt);
case DTLS_ST_SW_HELLO_VERIFY_REQUEST: return tls_construct_change_cipher_spec(s, pkt);
} else if (st->hand_state == DTLS_ST_SW_HELLO_VERIFY_REQUEST) {
/* Special case because we don't call ssl_close_construct_packet() */
return dtls_construct_hello_verify_request(s, pkt); return dtls_construct_hello_verify_request(s, pkt);
} else {
switch (st->hand_state) {
default:
/* Shouldn't happen */
return 0;
case TLS_ST_SW_HELLO_REQ: case TLS_ST_SW_HELLO_REQ:
return tls_construct_hello_request(s, pkt); /* No construction function needed */
mt = SSL3_MT_HELLO_REQUEST;
break;
case TLS_ST_SW_SRVR_HELLO: case TLS_ST_SW_SRVR_HELLO:
return tls_construct_server_hello(s, pkt); confunc = tls_construct_server_hello;
mt = SSL3_MT_SERVER_HELLO;
break;
case TLS_ST_SW_CERT: case TLS_ST_SW_CERT:
return tls_construct_server_certificate(s, pkt); confunc = tls_construct_server_certificate;
mt = SSL3_MT_CERTIFICATE;
break;
case TLS_ST_SW_KEY_EXCH: case TLS_ST_SW_KEY_EXCH:
return tls_construct_server_key_exchange(s, pkt); confunc = tls_construct_server_key_exchange;
mt = SSL3_MT_SERVER_KEY_EXCHANGE;
break;
case TLS_ST_SW_CERT_REQ: case TLS_ST_SW_CERT_REQ:
return tls_construct_certificate_request(s, pkt); confunc = tls_construct_certificate_request;
mt = SSL3_MT_CERTIFICATE_REQUEST;
break;
case TLS_ST_SW_SRVR_DONE: case TLS_ST_SW_SRVR_DONE:
return tls_construct_server_done(s, pkt); confunc = tls_construct_server_done;
mt = SSL3_MT_SERVER_DONE;
break;
case TLS_ST_SW_SESSION_TICKET: case TLS_ST_SW_SESSION_TICKET:
return tls_construct_new_session_ticket(s, pkt); confunc = tls_construct_new_session_ticket;
mt = SSL3_MT_NEWSESSION_TICKET;
break;
case TLS_ST_SW_CERT_STATUS: case TLS_ST_SW_CERT_STATUS:
return tls_construct_cert_status(s, pkt); confunc = tls_construct_cert_status;
mt = SSL3_MT_CERTIFICATE_STATUS;
break;
case TLS_ST_SW_CHANGE: case TLS_ST_SW_FINISHED:
if (SSL_IS_DTLS(s)) mt = SSL3_MT_FINISHED;
return dtls_construct_change_cipher_spec(s, pkt); break;
else }
return tls_construct_change_cipher_spec(s, pkt);
case TLS_ST_SW_FINISHED: if (!ssl_set_handshake_header(s, pkt, mt)) {
return tls_construct_finished(s, pkt, SSLerr(SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE,
s->method-> ERR_R_INTERNAL_ERROR);
ssl3_enc->server_finished_label, return 0;
s->method-> }
ssl3_enc->server_finished_label_len);
if (st->hand_state == TLS_ST_SW_FINISHED)
ret = tls_construct_finished(s, pkt,
s->method->
ssl3_enc->server_finished_label,
s->method->
ssl3_enc->server_finished_label_len);
else if (confunc != NULL)
ret = confunc(s, pkt);
if (!ret || !ssl_close_construct_packet(s, pkt)) {
SSLerr(SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE,
ERR_R_INTERNAL_ERROR);
return 0;
}
} }
return 1;
} }
/* /*
...@@ -829,17 +868,6 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al) ...@@ -829,17 +868,6 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
} }
#endif #endif
int tls_construct_hello_request(SSL *s, WPACKET *pkt)
{
if (!ssl_set_handshake_header(s, pkt, SSL3_MT_HELLO_REQUEST)
|| !ssl_close_construct_packet(s, pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST, ERR_R_INTERNAL_ERROR);
return 0;
}
return 1;
}
int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
unsigned char cookie_len) unsigned char cookie_len)
{ {
...@@ -1492,8 +1520,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) ...@@ -1492,8 +1520,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
int sl, compm, al = SSL_AD_INTERNAL_ERROR; int sl, compm, al = SSL_AD_INTERNAL_ERROR;
size_t len; size_t len;
if (!ssl_set_handshake_header(s, pkt, SSL3_MT_SERVER_HELLO) if (!WPACKET_put_bytes_u16(pkt, s->version)
|| !WPACKET_put_bytes_u16(pkt, s->version)
/* /*
* Random stuff. Filling of the server_random takes place in * Random stuff. Filling of the server_random takes place in
* tls_process_client_hello() * tls_process_client_hello()
...@@ -1544,8 +1571,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) ...@@ -1544,8 +1571,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
|| !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len) || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len)
|| !WPACKET_put_bytes_u8(pkt, compm) || !WPACKET_put_bytes_u8(pkt, compm)
|| !ssl_prepare_serverhello_tlsext(s) || !ssl_prepare_serverhello_tlsext(s)
|| !ssl_add_serverhello_tlsext(s, pkt, &al) || !ssl_add_serverhello_tlsext(s, pkt, &al)) {
|| !ssl_close_construct_packet(s, pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
...@@ -1558,21 +1584,13 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) ...@@ -1558,21 +1584,13 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
int tls_construct_server_done(SSL *s, WPACKET *pkt) int tls_construct_server_done(SSL *s, WPACKET *pkt)
{ {
if (!ssl_set_handshake_header(s, pkt, SSL3_MT_SERVER_DONE)
|| !ssl_close_construct_packet(s, pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_DONE, ERR_R_INTERNAL_ERROR);
goto err;
}
if (!s->s3->tmp.cert_request) { if (!s->s3->tmp.cert_request) {
if (!ssl3_digest_cached_records(s, 0)) if (!ssl3_digest_cached_records(s, 0)) {
goto err; ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return 0;
}
} }
return 1; return 1;
err:
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return 0;
} }
int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
...@@ -1593,9 +1611,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) ...@@ -1593,9 +1611,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
size_t paramlen, paramoffset; size_t paramlen, paramoffset;
if (!ssl_set_handshake_header(s, pkt, if (!WPACKET_get_total_written(pkt, &paramoffset)) {
SSL3_MT_SERVER_KEY_EXCHANGE)
|| !WPACKET_get_total_written(pkt, &paramoffset)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err; goto f_err;
} }
...@@ -1900,11 +1916,6 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) ...@@ -1900,11 +1916,6 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
} }
} }
if (!ssl_close_construct_packet(s, pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
}
EVP_MD_CTX_free(md_ctx); EVP_MD_CTX_free(md_ctx);
return 1; return 1;
f_err: f_err:
...@@ -1925,13 +1936,6 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) ...@@ -1925,13 +1936,6 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
int i, nl; int i, nl;
STACK_OF(X509_NAME) *sk = NULL; STACK_OF(X509_NAME) *sk = NULL;
if (!ssl_set_handshake_header(s, pkt,
SSL3_MT_CERTIFICATE_REQUEST)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
goto err;
}
/* get the list of acceptable cert types */ /* get the list of acceptable cert types */
if (!WPACKET_start_sub_packet_u8(pkt) if (!WPACKET_start_sub_packet_u8(pkt)
|| !ssl3_get_req_cert_type(s, pkt) || !ssl3_get_req_cert_type(s, pkt)
...@@ -1978,8 +1982,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) ...@@ -1978,8 +1982,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
} }
/* else no CA names */ /* else no CA names */
if (!WPACKET_close(pkt) if (!WPACKET_close(pkt)) {
|| !ssl_close_construct_packet(s, pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
...@@ -2954,11 +2957,6 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) ...@@ -2954,11 +2957,6 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
return 0; return 0;
} }
if (!ssl_set_handshake_header(s, pkt, SSL3_MT_NEWSESSION_TICKET)) {
SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
goto err;
}
ctx = EVP_CIPHER_CTX_new(); ctx = EVP_CIPHER_CTX_new();
hctx = HMAC_CTX_new(); hctx = HMAC_CTX_new();
if (ctx == NULL || hctx == NULL) { if (ctx == NULL || hctx == NULL) {
...@@ -3067,8 +3065,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) ...@@ -3067,8 +3065,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
|| hlen > EVP_MAX_MD_SIZE || hlen > EVP_MAX_MD_SIZE
|| !WPACKET_allocate_bytes(pkt, hlen, &macdata2) || !WPACKET_allocate_bytes(pkt, hlen, &macdata2)
|| macdata1 != macdata2 || macdata1 != macdata2
|| !WPACKET_close(pkt) || !WPACKET_close(pkt)) {
|| !ssl_close_construct_packet(s, pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
...@@ -3087,11 +3084,9 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) ...@@ -3087,11 +3084,9 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
int tls_construct_cert_status(SSL *s, WPACKET *pkt) int tls_construct_cert_status(SSL *s, WPACKET *pkt)
{ {
if (!ssl_set_handshake_header(s, pkt, SSL3_MT_CERTIFICATE_STATUS) if (!WPACKET_put_bytes_u8(pkt, s->tlsext_status_type)
|| !WPACKET_put_bytes_u8(pkt, s->tlsext_status_type)
|| !WPACKET_sub_memcpy_u24(pkt, s->tlsext_ocsp_resp, || !WPACKET_sub_memcpy_u24(pkt, s->tlsext_ocsp_resp,
s->tlsext_ocsp_resplen) s->tlsext_ocsp_resplen)) {
|| !ssl_close_construct_packet(s, pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CERT_STATUS, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CERT_STATUS, ERR_R_INTERNAL_ERROR);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return 0; return 0;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册