return ret;
}
-int ssl_add_clienthello_tlsext(SSL *s, PACKETW *pkt, int *al)
+int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
{
- PACKETW spkt;
#ifndef OPENSSL_NO_EC
/* See if we support any ECC ciphersuites */
int using_ecc = 0;
/* Add RI if renegotiating */
if (s->renegotiate) {
- if (!PACKETW_put_bytes(pkt, TLSEXT_TYPE_renegotiate, 2)
- || !PACKETW_get_sub_packet_len(pkt, &spkt, 2)
- || !PACKETW_memcpy(&spkt, s->s3->previous_client_finished,
- s->s3->previous_client_finished_len)
- || !PACKETW_close(&spkt)) {
+ if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_renegotiate, 2)
+ || !WPACKET_sub_memcpy_u16(pkt, s->s3->previous_client_finished,
+ s->s3->previous_client_finished_len)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
if (s->tlsext_hostname != NULL) {
/* Add TLS extension servername to the Client Hello message */
- PACKETW slistpkt, hostpkt;
-
- if (!PACKETW_put_bytes(pkt, TLSEXT_TYPE_server_name, 2)
+ if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_server_name, 2)
/* Sub-packet for server_name extension */
- || !PACKETW_get_sub_packet_len(pkt, &spkt, 2)
+ || !WPACKET_start_sub_packet_u16(pkt)
/* Sub-packet for servername list (always 1 hostname)*/
- || !PACKETW_get_sub_packet_len(&spkt, &slistpkt, 2)
- || !PACKETW_put_bytes(&slistpkt, TLSEXT_NAMETYPE_host_name, 1)
- /* Sub-packet for a single hostname host name */
- || !PACKETW_get_sub_packet_len(&slistpkt, &hostpkt, 2)
- || !PACKETW_memcpy(&hostpkt, s->tlsext_hostname,
- strlen(s->tlsext_hostname))
- || !PACKETW_close(&hostpkt)
- || !PACKETW_close(&slistpkt)
- || !PACKETW_close(&spkt)) {
+ || !WPACKET_start_sub_packet_u16(pkt)
+ || !WPACKET_put_bytes(pkt, TLSEXT_NAMETYPE_host_name, 1)
+ || !WPACKET_sub_memcpy_u16(pkt, s->tlsext_hostname,
+ strlen(s->tlsext_hostname))
+ || !WPACKET_close(pkt)
+ || !WPACKET_close(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
#ifndef OPENSSL_NO_SRP
/* Add SRP username if there is one */
if (s->srp_ctx.login != NULL) {
- PACKETW loginpkt;
-
- if (!PACKETW_put_bytes(pkt, TLSEXT_TYPE_srp, 2)
+ if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_srp, 2)
/* Sub-packet for SRP extension */
- || !PACKETW_get_sub_packet_len(pkt, &spkt, 2)
- || !PACKETW_get_sub_packet_len(&spkt, &loginpkt, 1)
+ || !WPACKET_start_sub_packet_u16(pkt)
+ || !WPACKET_start_sub_packet_u8(pkt)
/* login must not be zero...internal error if so */
- || !PACKETW_set_flags(&loginpkt,
- OPENSSL_PACKETW_FLAGS_NON_ZERO_LENGTH)
- || !PACKETW_memcpy(&loginpkt, s->srp_ctx.login,
+ || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)
+ || !WPACKET_memcpy(pkt, s->srp_ctx.login,
strlen(s->srp_ctx.login))
- || !PACKETW_close(&loginpkt)
- || !PACKETW_close(&spkt)) {
+ || !WPACKET_close(pkt)
+ || !WPACKET_close(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
#ifndef OPENSSL_NO_EC
if (using_ecc) {
- PACKETW formatspkt, curveslistpkt;
-
/*
* Add TLS extension ECPointFormats to the ClientHello message
*/
tls1_get_formatlist(s, &pformats, &num_formats);
- if (!PACKETW_put_bytes(pkt, TLSEXT_TYPE_ec_point_formats, 2)
+ if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_ec_point_formats, 2)
/* Sub-packet for formats extension */
- || !PACKETW_get_sub_packet_len(pkt, &spkt, 2)
- || !PACKETW_get_sub_packet_len(&spkt, &formatspkt, 1)
- || !PACKETW_memcpy(&formatspkt, pformats, num_formats)
- || !PACKETW_close(&formatspkt)
- || !PACKETW_close(&spkt)) {
+ || !WPACKET_start_sub_packet_u16(pkt)
+ || !WPACKET_sub_memcpy_u8(pkt, pformats, num_formats)
+ || !WPACKET_close(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
return 0;
}
- if (!PACKETW_put_bytes(pkt, TLSEXT_TYPE_elliptic_curves, 2)
+ if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_elliptic_curves, 2)
/* Sub-packet for curves extension */
- || !PACKETW_get_sub_packet_len(pkt, &spkt, 2)
- || !PACKETW_get_sub_packet_len(&spkt, &curveslistpkt, 2)) {
+ || !WPACKET_start_sub_packet_u16(pkt)
+ || !WPACKET_start_sub_packet_u16(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
/* Copy curve ID if supported */
for (i = 0; i < num_curves; i++, pcurves += 2) {
if (tls_curve_allowed(s, pcurves, SSL_SECOP_CURVE_SUPPORTED)) {
- if (!PACKETW_put_bytes(&curveslistpkt, pcurves[0], 1)
- || !PACKETW_put_bytes(&curveslistpkt, pcurves[1], 1)) {
+ if (!WPACKET_put_bytes(pkt, pcurves[0], 1)
+ || !WPACKET_put_bytes(pkt, pcurves[1], 1)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
ERR_R_INTERNAL_ERROR);
return 0;
}
}
}
- if (!PACKETW_close(&curveslistpkt) || !PACKETW_close(&spkt)) {
+ if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
s->tlsext_session_ticket->data == NULL)
goto skip_ext;
- if (!PACKETW_put_bytes(pkt, TLSEXT_TYPE_session_ticket, 2)
- /* Sub-packet for ticket extension */
- || !PACKETW_get_sub_packet_len(pkt, &spkt, 2)
- || !PACKETW_memcpy(&spkt, s->session->tlsext_tick, ticklen)
- || !PACKETW_close(&spkt)) {
+ if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_session_ticket, 2)
+ || !WPACKET_sub_memcpy_u16(pkt, s->session->tlsext_tick,
+ ticklen)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
if (SSL_CLIENT_USE_SIGALGS(s)) {
size_t salglen;
const unsigned char *salg;
- PACKETW salgslistpkt;
salglen = tls12_get_psigalgs(s, &salg);
- if (!PACKETW_put_bytes(pkt, TLSEXT_TYPE_signature_algorithms, 2)
+ if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_signature_algorithms, 2)
/* Sub-packet for sig-algs extension */
- || !PACKETW_get_sub_packet_len(pkt, &spkt, 2)
+ || !WPACKET_start_sub_packet_u16(pkt)
/* Sub-packet for the actual list */
- || !PACKETW_get_sub_packet_len(&spkt, &salgslistpkt, 2)
- || !tls12_copy_sigalgs(s, &salgslistpkt, salg, salglen)
- || !PACKETW_close(&salgslistpkt)
- || !PACKETW_close(&spkt)) {
+ || !WPACKET_start_sub_packet_u16(pkt)
+ || !tls12_copy_sigalgs(s, pkt, salg, salglen)
+ || !WPACKET_close(pkt)
+ || !WPACKET_close(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
}
#ifndef OPENSSL_NO_OCSP
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
- PACKETW idspkt, extpkt;
int i;
- if (!PACKETW_put_bytes(pkt, TLSEXT_TYPE_status_request, 2)
+ if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_status_request, 2)
/* Sub-packet for status request extension */
- || !PACKETW_get_sub_packet_len(pkt, &spkt, 2)
- || !PACKETW_put_bytes(&spkt, TLSEXT_STATUSTYPE_ocsp, 1)
+ || !WPACKET_start_sub_packet_u16(pkt)
+ || !WPACKET_put_bytes(pkt, TLSEXT_STATUSTYPE_ocsp, 1)
/* Sub-packet for the ids */
- || !PACKETW_get_sub_packet_len(&spkt, &idspkt, 2)) {
+ || !WPACKET_start_sub_packet_u16(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
unsigned char *idbytes;
int idlen;
OCSP_RESPID *id;
- PACKETW idpkt;
id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
idlen = i2d_OCSP_RESPID(id, NULL);
if (idlen <= 0
/* Sub-packet for an individual id */
- || !PACKETW_get_sub_packet_len(&idspkt, &idpkt, 1)
- || !PACKETW_allocate_bytes(&idpkt, idlen, &idbytes)
- || i2d_OCSP_RESPID(id, &idbytes) != idlen
- || !PACKETW_close(&idpkt)) {
+ || !WPACKET_sub_allocate_bytes_u16(pkt, idlen, &idbytes)
+ || i2d_OCSP_RESPID(id, &idbytes) != idlen) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
}
- if (!PACKETW_close(&idspkt)
- || !PACKETW_get_sub_packet_len(&spkt, &extpkt, 2)) {
+ if (!WPACKET_close(pkt)
+ || !WPACKET_start_sub_packet_u16(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
- if (!PACKETW_allocate_bytes(&extpkt, extlen, &extbytes)
+ if (!WPACKET_allocate_bytes(pkt, extlen, &extbytes)
|| i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &extbytes)
!= extlen) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
}
- if (!PACKETW_close(&extpkt) || !PACKETW_close(&spkt)) {
+ if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
else
mode = SSL_DTLSEXT_HB_ENABLED;
- if (!PACKETW_put_bytes(pkt, TLSEXT_TYPE_heartbeat, 2)
+ if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_heartbeat, 2)
/* Sub-packet for Hearbeat extension */
- || !PACKETW_get_sub_packet_len(pkt, &spkt, 2)
- || !PACKETW_put_bytes(&spkt, mode, 1)
- || !PACKETW_close(&spkt)) {
+ || !WPACKET_start_sub_packet_u16(pkt)
+ || !WPACKET_put_bytes(pkt, mode, 1)
+ || !WPACKET_close(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
* The client advertises an empty extension to indicate its support
* for Next Protocol Negotiation
*/
- if (!PACKETW_put_bytes(pkt, TLSEXT_TYPE_next_proto_neg, 2)
- || !PACKETW_put_bytes(pkt, 0, 2)) {
+ if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_next_proto_neg, 2)
+ || !WPACKET_put_bytes(pkt, 0, 2)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
* (see longer comment below)
*/
if (s->alpn_client_proto_list && !s->s3->tmp.finish_md_len) {
- PACKETW plistpkt;
-
- if (!PACKETW_put_bytes(pkt,
+ if (!WPACKET_put_bytes(pkt,
TLSEXT_TYPE_application_layer_protocol_negotiation, 2)
/* Sub-packet ALPN extension */
- || !PACKETW_get_sub_packet_len(pkt, &spkt, 2)
- /* Sub-packet for ALPN proto list */
- || !PACKETW_get_sub_packet_len(&spkt, &plistpkt, 2)
- || !PACKETW_memcpy(&plistpkt, s->alpn_client_proto_list,
- s->alpn_client_proto_list_len)
- || !PACKETW_close(&plistpkt)
- || !PACKETW_close(&spkt)) {
+ || !WPACKET_start_sub_packet_u16(pkt)
+ || !WPACKET_sub_memcpy_u16(pkt, s->alpn_client_proto_list,
+ s->alpn_client_proto_list_len)
+ || !WPACKET_close(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0;
SRTP_PROTECTION_PROFILE *prof;
int i, ct;
- PACKETW plistpkt;
- if (!PACKETW_put_bytes(pkt, TLSEXT_TYPE_use_srtp, 2)
+ if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_use_srtp, 2)
/* Sub-packet for SRTP extension */
- || !PACKETW_get_sub_packet_len(pkt, &spkt, 2)
+ || !WPACKET_start_sub_packet_u16(pkt)
/* Sub-packet for the protection profile list */
- || !PACKETW_get_sub_packet_len(&spkt, &plistpkt, 2)) {
+ || !WPACKET_start_sub_packet_u16(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
ct = sk_SRTP_PROTECTION_PROFILE_num(clnt);
for (i = 0; i < ct; i++) {
prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
- if (prof == NULL || !PACKETW_put_bytes(&plistpkt, prof->id, 2)) {
+ if (prof == NULL || !WPACKET_put_bytes(pkt, prof->id, 2)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
}
- if (!PACKETW_close(&plistpkt) || !PACKETW_close(&spkt)) {
+ if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
return 0;
}
- if (!PACKETW_put_bytes(pkt, TLSEXT_TYPE_encrypt_then_mac, 2)
- || !PACKETW_put_bytes(pkt, 0, 2)) {
+ if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_encrypt_then_mac, 2)
+ || !WPACKET_put_bytes(pkt, 0, 2)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
#ifndef OPENSSL_NO_CT
if (s->ct_validation_callback != NULL) {
- if (!PACKETW_put_bytes(pkt, TLSEXT_TYPE_signed_certificate_timestamp, 2)
- || !PACKETW_put_bytes(pkt, 0, 2)) {
+ if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_signed_certificate_timestamp, 2)
+ || !WPACKET_put_bytes(pkt, 0, 2)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
}
#endif
- if (!PACKETW_put_bytes(pkt, TLSEXT_TYPE_extended_master_secret, 2)
- || !PACKETW_put_bytes(pkt, 0, 2)) {
+ if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_extended_master_secret, 2)
+ || !WPACKET_put_bytes(pkt, 0, 2)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
unsigned char *padbytes;
size_t hlen;
- if (!PACKETW_get_total_written(pkt, &hlen)) {
+ if (!WPACKET_get_total_written(pkt, &hlen)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
else
hlen = 0;
- if (!PACKETW_put_bytes(pkt, TLSEXT_TYPE_padding, 2)
- || !PACKETW_get_sub_packet_len(pkt, &spkt, 2)
- || !PACKETW_allocate_bytes(&spkt, hlen, &padbytes)) {
+ if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_padding, 2)
+ || !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
memset(padbytes, 0, hlen);
- if (!PACKETW_close(&spkt)) {
- SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
- return 0;
- }
}
}
return NID_undef;
}
-int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
+int tls12_get_sigandhash(WPACKET *pkt, const EVP_PKEY *pk, const EVP_MD *md)
+{
+ int sig_id, md_id;
+
+ if (md == NULL)
+ return 0;
+ md_id = tls12_find_id(EVP_MD_type(md), tls12_md, OSSL_NELEM(tls12_md));
+ if (md_id == -1)
+ return 0;
+ sig_id = tls12_get_sigid(pk);
+ if (sig_id == -1)
+ return 0;
+ if (!WPACKET_put_bytes(pkt, md_id, 1) || !WPACKET_put_bytes(pkt, sig_id, 1))
+ return 0;
+
+ return 1;
+}
+
+/*
+ * Old version of the tls12_get_sigandhash function used by code that has not
+ * yet been converted to WPACKET yet. It will be deleted once WPACKET conversion
+ * is complete.
+ * TODO - DELETE ME
+ */
+int tls12_get_sigandhash_old(unsigned char *p, const EVP_PKEY *pk,
+ const EVP_MD *md)
{
int sig_id, md_id;
if (!md)
/*
* Old version of the tls12_copy_sigalgs function used by code that has not
- * yet been converted to PACKETW yet. It will be deleted once PACKETW conversion
+ * yet been converted to WPACKET yet. It will be deleted once WPACKET conversion
* is complete.
* TODO - DELETE ME
*/
return tmpout - out;
}
-int tls12_copy_sigalgs(SSL *s, PACKETW *pkt,
+int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
const unsigned char *psig, size_t psiglen)
{
size_t i;
+
for (i = 0; i < psiglen; i += 2, psig += 2) {
if (tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, psig)) {
- if (!PACKETW_put_bytes(pkt, psig[0], 1)
- || !PACKETW_put_bytes(pkt, psig[1], 1))
+ if (!WPACKET_put_bytes(pkt, psig[0], 1)
+ || !WPACKET_put_bytes(pkt, psig[1], 1))
return 0;
}
}
projects / openssl.git / blobdiff