else
i = s->session->session_id_length;
if (i > (int)sizeof(s->session->session_id)
- || !WPACKET_start_sub_packet_len(&pkt, 1)
+ || !WPACKET_start_sub_packet_u8(&pkt)
|| (i != 0 && !WPACKET_memcpy(&pkt, s->session->session_id, i))
|| !WPACKET_close(&pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
/* cookie stuff for DTLS */
if (SSL_IS_DTLS(s)) {
if (s->d1->cookie_len > sizeof(s->d1->cookie)
- || !WPACKET_sub_memcpy(&pkt, s->d1->cookie, s->d1->cookie_len,
- 1)) {
+ || !WPACKET_sub_memcpy_u8(&pkt, s->d1->cookie,
+ s->d1->cookie_len)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
goto err;
}
}
/* Ciphers supported */
- if (!WPACKET_start_sub_packet_len(&pkt, 2)) {
+ if (!WPACKET_start_sub_packet_u16(&pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
goto err;
}
}
/* COMPRESSION */
- if (!WPACKET_start_sub_packet_len(&pkt, 1)) {
+ if (!WPACKET_start_sub_packet_u8(&pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
goto err;
}
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
goto err;
}
- if (!WPACKET_start_sub_packet_len(&pkt, 2)
+ if (!WPACKET_start_sub_packet_u16(&pkt)
/*
* If extensions are of zero length then we don't even add the
* extensions length bytes
*/
- || !WPACKET_set_flags(&pkt,
- OPENSSL_WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH)
+ || !WPACKET_set_flags(&pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH)
|| !ssl_add_clienthello_tlsext(s, &pkt, &al)
|| !WPACKET_close(&pkt)) {
ssl3_send_alert(s, SSL3_AL_FATAL, al);
goto err;
}
- if (!WPACKET_close(&pkt) || !ssl_close_construct_packet(s, &pkt)) {
+ if (!ssl_close_construct_packet(s, &pkt)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
goto err;
return MSG_PROCESS_FINISHED_READING;
}
-static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p,
- size_t *pskhdrlen, int *al)
+static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt, int *al)
{
#ifndef OPENSSL_NO_PSK
int ret = 0;
OPENSSL_free(s->session->psk_identity);
s->session->psk_identity = tmpidentity;
tmpidentity = NULL;
- s2n(identitylen, *p);
- memcpy(*p, identity, identitylen);
- *pskhdrlen = 2 + identitylen;
- *p += identitylen;
+
+ if (!WPACKET_sub_memcpy_u16(pkt, identity, identitylen)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
+ *al = SSL_AD_INTERNAL_ERROR;
+ goto err;
+ }
ret = 1;
#endif
}
-static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
+static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt, int *al)
{
#ifndef OPENSSL_NO_RSA
- unsigned char *q;
+ unsigned char *encdata = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
size_t enclen;
goto err;
}
- q = *p;
/* Fix buf for TLS and beyond */
- if (s->version > SSL3_VERSION)
- *p += 2;
+ if (s->version > SSL3_VERSION && !WPACKET_start_sub_packet_u16(pkt)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
pctx = EVP_PKEY_CTX_new(pkey, NULL);
if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
|| EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_EVP_LIB);
goto err;
}
- if (EVP_PKEY_encrypt(pctx, *p, &enclen, pms, pmslen) <= 0) {
+ if (!WPACKET_allocate_bytes(pkt, enclen, &encdata)
+ || EVP_PKEY_encrypt(pctx, encdata, &enclen, pms, pmslen) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, SSL_R_BAD_RSA_ENCRYPT);
goto err;
}
- *len = enclen;
EVP_PKEY_CTX_free(pctx);
pctx = NULL;
# ifdef PKCS1_CHECK
# endif
/* Fix buf for TLS and beyond */
- if (s->version > SSL3_VERSION) {
- s2n(*len, q);
- *len += 2;
+ if (s->version > SSL3_VERSION && !WPACKET_close(pkt)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR);
+ goto err;
}
s->s3->tmp.pms = pms;
#endif
}
-static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al)
+static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt, int *al)
{
#ifndef OPENSSL_NO_DH
DH *dh_clnt = NULL;
const BIGNUM *pub_key;
EVP_PKEY *ckey = NULL, *skey = NULL;
+ unsigned char *keybytes = NULL;
skey = s->s3->peer_tmp;
- if (skey == NULL) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR);
- return 0;
- }
+ if (skey == NULL)
+ goto err;
+
ckey = ssl_generate_pkey(skey);
dh_clnt = EVP_PKEY_get0_DH(ckey);
- if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR);
- EVP_PKEY_free(ckey);
- return 0;
- }
+ if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0)
+ goto err;
/* send off the data */
DH_get0_key(dh_clnt, &pub_key, NULL);
- *len = BN_num_bytes(pub_key);
- s2n(*len, *p);
- BN_bn2bin(pub_key, *p);
- *len += 2;
+ if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key), &keybytes))
+ goto err;
+
+ BN_bn2bin(pub_key, keybytes);
EVP_PKEY_free(ckey);
return 1;
-#else
+ err:
+ EVP_PKEY_free(ckey);
+#endif
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR);
*al = SSL_AD_INTERNAL_ERROR;
return 0;
-#endif
}
-static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al)
+static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt, int *al)
{
#ifndef OPENSSL_NO_EC
unsigned char *encodedPoint = NULL;
int encoded_pt_len = 0;
EVP_PKEY *ckey = NULL, *skey = NULL;
+ int ret = 0;
skey = s->s3->peer_tmp;
if (skey == NULL) {
goto err;
}
- EVP_PKEY_free(ckey);
- ckey = NULL;
-
- *len = encoded_pt_len;
-
- /* length of encoded point */
- **p = *len;
- *p += 1;
- /* copy the point */
- memcpy(*p, encodedPoint, *len);
- /* increment len to account for length field */
- *len += 1;
-
- OPENSSL_free(encodedPoint);
+ if (!WPACKET_sub_memcpy_u8(pkt, encodedPoint, encoded_pt_len)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
- return 1;
+ ret = 1;
err:
+ OPENSSL_free(encodedPoint);
EVP_PKEY_free(ckey);
- return 0;
+ return ret;
#else
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR);
*al = SSL_AD_INTERNAL_ERROR;
#endif
}
-static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
+static int tls_construct_cke_gost(SSL *s, WPACKET *pkt, int *al)
{
#ifndef OPENSSL_NO_GOST
/* GOST key exchange message creation */
/*
* Encapsulate it into sequence
*/
- *((*p)++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
msglen = 255;
if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_LIBRARY_BUG);
goto err;
}
- if (msglen >= 0x80) {
- *((*p)++) = 0x81;
- *((*p)++) = msglen & 0xff;
- *len = msglen + 3;
- } else {
- *((*p)++) = msglen & 0xff;
- *len = msglen + 2;
+
+ if (!WPACKET_put_bytes(pkt, V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED, 1)
+ || (msglen >= 0x80 && !WPACKET_put_bytes(pkt, 0x81, 1))
+ || !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) {
+ *al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
+ goto err;
}
- memcpy(*p, tmp, msglen);
+
/* Check if pubkey from client certificate was used */
if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
NULL) > 0) {
#endif
}
-static int tls_construct_cke_srp(SSL *s, unsigned char **p, int *len, int *al)
+static int tls_construct_cke_srp(SSL *s, WPACKET *pkt, int *al)
{
#ifndef OPENSSL_NO_SRP
- if (s->srp_ctx.A != NULL) {
- /* send off the data */
- *len = BN_num_bytes(s->srp_ctx.A);
- s2n(*len, *p);
- BN_bn2bin(s->srp_ctx.A, *p);
- *len += 2;
- } else {
+ unsigned char *abytes = NULL;
+
+ if (s->srp_ctx.A == NULL
+ || !WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(s->srp_ctx.A),
+ &abytes)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_INTERNAL_ERROR);
return 0;
}
+ BN_bn2bin(s->srp_ctx.A, abytes);
+
OPENSSL_free(s->session->srp_username);
s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
if (s->session->srp_username == NULL) {
int tls_construct_client_key_exchange(SSL *s)
{
- unsigned char *p;
- int len;
- size_t pskhdrlen = 0;
unsigned long alg_k;
int al = -1;
+ WPACKET pkt;
- alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+ if (!WPACKET_init(&pkt, s->init_buf)) {
+ /* Should not happen */
+ SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
- p = ssl_handshake_start(s);
+ if (!ssl_set_handshake_header2(s, &pkt, SSL3_MT_CLIENT_KEY_EXCHANGE)) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
if ((alg_k & SSL_PSK)
- && !tls_construct_cke_psk_preamble(s, &p, &pskhdrlen, &al))
+ && !tls_construct_cke_psk_preamble(s, &pkt, &al))
goto err;
- if (alg_k & SSL_kPSK) {
- len = 0;
- } else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
- if (!tls_construct_cke_rsa(s, &p, &len, &al))
+ if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
+ if (!tls_construct_cke_rsa(s, &pkt, &al))
goto err;
} else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
- if (!tls_construct_cke_dhe(s, &p, &len, &al))
+ if (!tls_construct_cke_dhe(s, &pkt, &al))
goto err;
} else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
- if (!tls_construct_cke_ecdhe(s, &p, &len, &al))
+ if (!tls_construct_cke_ecdhe(s, &pkt, &al))
goto err;
} else if (alg_k & SSL_kGOST) {
- if (!tls_construct_cke_gost(s, &p, &len, &al))
+ if (!tls_construct_cke_gost(s, &pkt, &al))
goto err;
} else if (alg_k & SSL_kSRP) {
- if (!tls_construct_cke_srp(s, &p, &len, &al))
+ if (!tls_construct_cke_srp(s, &pkt, &al))
goto err;
} else {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
goto err;
}
- len += pskhdrlen;
-
- if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, len)) {
+ if (!ssl_close_construct_packet(s, &pkt)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
s->s3->tmp.psk = NULL;
#endif
+ WPACKET_cleanup(&pkt);
ossl_statem_set_error(s);
return 0;
}
int tls_construct_client_verify(SSL *s)
{
- unsigned char *p;
EVP_PKEY *pkey;
const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
EVP_MD_CTX *mctx;
unsigned u = 0;
- unsigned long n = 0;
long hdatalen = 0;
void *hdata;
+ unsigned char *sig = NULL;
+ WPACKET pkt;
+
+ if (!WPACKET_init(&pkt, s->init_buf)) {
+ /* Should not happen */
+ SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (!ssl_set_handshake_header2(s, &pkt, SSL3_MT_CERTIFICATE_VERIFY)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
mctx = EVP_MD_CTX_new();
if (mctx == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
-
- p = ssl_handshake_start(s);
pkey = s->cert->key->privatekey;
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
- if (SSL_USE_SIGALGS(s)) {
- if (!tls12_get_sigandhash(p, pkey, md)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- p += 2;
- n = 2;
+ if (SSL_USE_SIGALGS(s)&& !tls12_get_sigandhash(&pkt, pkey, md)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+ goto err;
}
#ifdef SSL_DEBUG
fprintf(stderr, "Using client alg %s\n", EVP_MD_name(md));
#endif
+ sig = OPENSSL_malloc(EVP_PKEY_size(pkey));
+ if (sig == NULL) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
if (!EVP_SignInit_ex(mctx, md, NULL)
|| !EVP_SignUpdate(mctx, hdata, hdatalen)
|| (s->version == SSL3_VERSION
&& !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
s->session->master_key_length,
s->session->master_key))
- || !EVP_SignFinal(mctx, p + 2, &u, pkey)) {
+ || !EVP_SignFinal(mctx, sig, &u, pkey)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_EVP_LIB);
goto err;
}
if (pktype == NID_id_GostR3410_2001
|| pktype == NID_id_GostR3410_2012_256
|| pktype == NID_id_GostR3410_2012_512)
- BUF_reverse(p + 2, NULL, u);
+ BUF_reverse(sig, NULL, u);
}
#endif
- s2n(u, p);
- n += u + 2;
+ if (!WPACKET_sub_memcpy_u16(&pkt, sig, u)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
/* Digest cached records and discard handshake buffer */
if (!ssl3_digest_cached_records(s, 0))
goto err;
- if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n)) {
+
+ if (!ssl_close_construct_packet(s, &pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
+ OPENSSL_free(sig);
EVP_MD_CTX_free(mctx);
return 1;
err:
+ WPACKET_cleanup(&pkt);
+ OPENSSL_free(sig);
EVP_MD_CTX_free(mctx);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return 0;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
int tls_construct_next_proto(SSL *s)
{
- unsigned int len, padding_len;
- unsigned char *d;
+ size_t len, padding_len;
+ unsigned char *padding = NULL;
+ WPACKET pkt;
+
+ if (!WPACKET_init(&pkt, s->init_buf)) {
+ /* Should not happen */
+ SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (!ssl_set_handshake_header2(s, &pkt, SSL3_MT_NEXT_PROTO)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
len = s->next_proto_negotiated_len;
padding_len = 32 - ((len + 2) % 32);
- d = (unsigned char *)s->init_buf->data;
- d[4] = len;
- memcpy(d + 5, s->next_proto_negotiated, len);
- d[5 + len] = padding_len;
- memset(d + 6 + len, 0, padding_len);
- *(d++) = SSL3_MT_NEXT_PROTO;
- l2n3(2 + len + padding_len, d);
- s->init_num = 4 + 2 + len + padding_len;
- s->init_off = 0;
+
+ if (!WPACKET_sub_memcpy_u8(&pkt, s->next_proto_negotiated, len)
+ || !WPACKET_sub_allocate_bytes_u8(&pkt, padding_len, &padding)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ memset(padding, 0, padding_len);
+
+ if (!ssl_close_construct_packet(s, &pkt)) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
return 1;
+ err:
+ WPACKET_cleanup(&pkt);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ return 0;
}
#endif