Convert CCS construction to WPACKET
authorMatt Caswell <matt@openssl.org>
Tue, 20 Sep 2016 11:26:46 +0000 (12:26 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 20 Sep 2016 13:17:50 +0000 (14:17 +0100)
Reviewed-by: Rich Salz <rsalz@openssl.org>
ssl/statem/statem_dtls.c
ssl/statem/statem_lib.c

index b9a53b0..3146f77 100644 (file)
@@ -873,19 +873,33 @@ static int dtls_get_reassembled_message(SSL *s, long *len)
  */
 int dtls_construct_change_cipher_spec(SSL *s)
 {
-    unsigned char *p;
+    WPACKET pkt;
+
+    if (!WPACKET_init(&pkt, s->init_buf)
+            || !WPACKET_put_bytes(&pkt, SSL3_MT_CCS, 1)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
 
-    p = (unsigned char *)s->init_buf->data;
-    *p++ = SSL3_MT_CCS;
     s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
     s->init_num = DTLS1_CCS_HEADER_LENGTH;
 
     if (s->version == DTLS1_BAD_VER) {
         s->d1->next_handshake_write_seq++;
-        s2n(s->d1->handshake_write_seq, p);
+
+        if (!WPACKET_put_bytes(&pkt, s->d1->handshake_write_seq, 2)) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
         s->init_num += 2;
     }
 
+    if (!WPACKET_finish(&pkt)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
     s->init_off = 0;
 
     dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
@@ -894,10 +908,16 @@ int dtls_construct_change_cipher_spec(SSL *s)
     /* buffer the message to handle re-xmits */
     if (!dtls1_buffer_message(s, 1)) {
         SSLerr(SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
-        return 0;
+        goto err    ;
     }
 
     return 1;
+ err:
+    WPACKET_cleanup(&pkt);
+    ossl_statem_set_error(s);
+    ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+
+    return 0;
 }
 
 #ifndef OPENSSL_NO_SCTP
index eeed1d6..81491a2 100644 (file)
@@ -269,10 +269,18 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
 
 int tls_construct_change_cipher_spec(SSL *s)
 {
-    unsigned char *p;
+    WPACKET pkt;
+
+    if (!WPACKET_init(&pkt, s->init_buf)
+            || !WPACKET_put_bytes(&pkt, SSL3_MT_CCS, 1)
+            || !WPACKET_finish(&pkt)) {
+        WPACKET_cleanup(&pkt);
+        ossl_statem_set_error(s);
+        SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+        return 0;
+    }
 
-    p = (unsigned char *)s->init_buf->data;
-    *p = SSL3_MT_CCS;
     s->init_num = 1;
     s->init_off = 0;