int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt)
{
OSSL_STATEM *st = &s->statem;
+ int (*confunc) (SSL *s, WPACKET *pkt) = NULL;
+ int ret = 1, mt;
- switch (st->hand_state) {
- default:
- /* Shouldn't happen */
- return 0;
+ if (st->hand_state == TLS_ST_CW_CHANGE) {
+ /* Special case becase it is a different content type */
+ if (SSL_IS_DTLS(s))
+ return dtls_construct_change_cipher_spec(s, pkt);
- case TLS_ST_CW_CLNT_HELLO:
- return tls_construct_client_hello(s, pkt);
+ return tls_construct_change_cipher_spec(s, pkt);
+ } else {
+ switch (st->hand_state) {
+ default:
+ /* Shouldn't happen */
+ return 0;
- case TLS_ST_CW_CERT:
- return tls_construct_client_certificate(s, pkt);
+ case TLS_ST_CW_CLNT_HELLO:
+ confunc = tls_construct_client_hello;
+ mt = SSL3_MT_CLIENT_HELLO;
+ break;
- case TLS_ST_CW_KEY_EXCH:
- return tls_construct_client_key_exchange(s, pkt);
+ case TLS_ST_CW_CERT:
+ confunc = tls_construct_client_certificate;
+ mt = SSL3_MT_CERTIFICATE;
+ break;
- case TLS_ST_CW_CERT_VRFY:
- return tls_construct_client_verify(s, pkt);
+ case TLS_ST_CW_KEY_EXCH:
+ confunc = tls_construct_client_key_exchange;
+ mt = SSL3_MT_CLIENT_KEY_EXCHANGE;
+ break;
- case TLS_ST_CW_CHANGE:
- if (SSL_IS_DTLS(s))
- return dtls_construct_change_cipher_spec(s, pkt);
- else
- return tls_construct_change_cipher_spec(s, pkt);
+ case TLS_ST_CW_CERT_VRFY:
+ confunc = tls_construct_client_verify;
+ mt = SSL3_MT_CERTIFICATE_VERIFY;
+ break;
#if !defined(OPENSSL_NO_NEXTPROTONEG)
- case TLS_ST_CW_NEXT_PROTO:
- return tls_construct_next_proto(s, pkt);
+ case TLS_ST_CW_NEXT_PROTO:
+ confunc = tls_construct_next_proto;
+ mt = SSL3_MT_NEXT_PROTO;
+ break;
#endif
- case TLS_ST_CW_FINISHED:
- return tls_construct_finished(s, pkt,
- s->method->
- ssl3_enc->client_finished_label,
- s->method->
- ssl3_enc->client_finished_label_len);
+ case TLS_ST_CW_FINISHED:
+ mt = SSL3_MT_FINISHED;
+ break;
+ }
+
+ if (!ssl_set_handshake_header(s, pkt, mt)) {
+ SSLerr(SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ if (st->hand_state == TLS_ST_CW_FINISHED)
+ ret = tls_construct_finished(s, pkt,
+ s->method->
+ ssl3_enc->client_finished_label,
+ s->method->
+ ssl3_enc->client_finished_label_len);
+ else
+ ret = confunc(s, pkt);
+
+ if (!ret || !ssl_close_construct_packet(s, pkt)) {
+ SSLerr(SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
}
+ return 1;
}
/*
if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random)) <= 0)
return 0;
- if (!ssl_set_handshake_header(s, pkt, SSL3_MT_CLIENT_HELLO)) {
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
/*-
* version indicates the negotiated version: for example from
* an SSLv2/v3 compatible client hello). The client_version
return 0;
}
- if (!ssl_close_construct_packet(s, pkt)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
return 1;
}
unsigned long alg_k;
int al = -1;
- if (!ssl_set_handshake_header(s, pkt, SSL3_MT_CLIENT_KEY_EXCHANGE)) {
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
if ((alg_k & SSL_PSK)
goto err;
}
- if (!ssl_close_construct_packet(s, pkt)) {
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
return 1;
err:
if (al != -1)
void *hdata;
unsigned char *sig = NULL;
- if (!ssl_set_handshake_header(s, pkt, SSL3_MT_CERTIFICATE_VERIFY)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
mctx = EVP_MD_CTX_new();
if (mctx == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_MALLOC_FAILURE);
if (!ssl3_digest_cached_records(s, 0))
goto err;
- if (!ssl_close_construct_packet(s, pkt)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
OPENSSL_free(sig);
EVP_MD_CTX_free(mctx);
return 1;
size_t len, padding_len;
unsigned char *padding = NULL;
- if (!ssl_set_handshake_header(s, pkt, SSL3_MT_NEXT_PROTO)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
len = s->next_proto_negotiated_len;
padding_len = 32 - ((len + 2) % 32);
memset(padding, 0, padding_len);
- if (!ssl_close_construct_packet(s, pkt)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
return 1;
err:
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt)
{
OSSL_STATEM *st = &s->statem;
+ int (*confunc) (SSL *s, WPACKET *pkt) = NULL;
+ int ret = 1, mt;
- switch (st->hand_state) {
- default:
- /* Shouldn't happen */
- return 0;
+ if (st->hand_state == TLS_ST_SW_CHANGE) {
+ /* Special case becase it is a different content type */
+ if (SSL_IS_DTLS(s))
+ return dtls_construct_change_cipher_spec(s, pkt);
- case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+ return tls_construct_change_cipher_spec(s, pkt);
+ } else if (st->hand_state == DTLS_ST_SW_HELLO_VERIFY_REQUEST) {
+ /* Special case because we don't call ssl_close_construct_packet() */
return dtls_construct_hello_verify_request(s, pkt);
+ } else {
+ switch (st->hand_state) {
+ default:
+ /* Shouldn't happen */
+ return 0;
- case TLS_ST_SW_HELLO_REQ:
- return tls_construct_hello_request(s, pkt);
+ case TLS_ST_SW_HELLO_REQ:
+ /* No construction function needed */
+ mt = SSL3_MT_HELLO_REQUEST;
+ break;
- case TLS_ST_SW_SRVR_HELLO:
- return tls_construct_server_hello(s, pkt);
+ case TLS_ST_SW_SRVR_HELLO:
+ confunc = tls_construct_server_hello;
+ mt = SSL3_MT_SERVER_HELLO;
+ break;
- case TLS_ST_SW_CERT:
- return tls_construct_server_certificate(s, pkt);
+ case TLS_ST_SW_CERT:
+ confunc = tls_construct_server_certificate;
+ mt = SSL3_MT_CERTIFICATE;
+ break;
- case TLS_ST_SW_KEY_EXCH:
- return tls_construct_server_key_exchange(s, pkt);
+ case TLS_ST_SW_KEY_EXCH:
+ confunc = tls_construct_server_key_exchange;
+ mt = SSL3_MT_SERVER_KEY_EXCHANGE;
+ break;
- case TLS_ST_SW_CERT_REQ:
- return tls_construct_certificate_request(s, pkt);
+ case TLS_ST_SW_CERT_REQ:
+ confunc = tls_construct_certificate_request;
+ mt = SSL3_MT_CERTIFICATE_REQUEST;
+ break;
- case TLS_ST_SW_SRVR_DONE:
- return tls_construct_server_done(s, pkt);
+ case TLS_ST_SW_SRVR_DONE:
+ confunc = tls_construct_server_done;
+ mt = SSL3_MT_SERVER_DONE;
+ break;
- case TLS_ST_SW_SESSION_TICKET:
- return tls_construct_new_session_ticket(s, pkt);
+ case TLS_ST_SW_SESSION_TICKET:
+ confunc = tls_construct_new_session_ticket;
+ mt = SSL3_MT_NEWSESSION_TICKET;
+ break;
- case TLS_ST_SW_CERT_STATUS:
- return tls_construct_cert_status(s, pkt);
+ case TLS_ST_SW_CERT_STATUS:
+ confunc = tls_construct_cert_status;
+ mt = SSL3_MT_CERTIFICATE_STATUS;
+ break;
- case TLS_ST_SW_CHANGE:
- if (SSL_IS_DTLS(s))
- return dtls_construct_change_cipher_spec(s, pkt);
- else
- return tls_construct_change_cipher_spec(s, pkt);
+ case TLS_ST_SW_FINISHED:
+ mt = SSL3_MT_FINISHED;
+ break;
+ }
- case TLS_ST_SW_FINISHED:
- return tls_construct_finished(s, pkt,
- s->method->
- ssl3_enc->server_finished_label,
- s->method->
- ssl3_enc->server_finished_label_len);
+ if (!ssl_set_handshake_header(s, pkt, mt)) {
+ SSLerr(SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ if (st->hand_state == TLS_ST_SW_FINISHED)
+ ret = tls_construct_finished(s, pkt,
+ s->method->
+ ssl3_enc->server_finished_label,
+ s->method->
+ ssl3_enc->server_finished_label_len);
+ else if (confunc != NULL)
+ ret = confunc(s, pkt);
+
+ if (!ret || !ssl_close_construct_packet(s, pkt)) {
+ SSLerr(SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
}
+ return 1;
}
/*
}
#endif
-int tls_construct_hello_request(SSL *s, WPACKET *pkt)
-{
- if (!ssl_set_handshake_header(s, pkt, SSL3_MT_HELLO_REQUEST)
- || !ssl_close_construct_packet(s, pkt)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- return 1;
-}
-
int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
unsigned char cookie_len)
{
int sl, compm, al = SSL_AD_INTERNAL_ERROR;
size_t len;
- if (!ssl_set_handshake_header(s, pkt, SSL3_MT_SERVER_HELLO)
- || !WPACKET_put_bytes_u16(pkt, s->version)
+ if (!WPACKET_put_bytes_u16(pkt, s->version)
/*
* Random stuff. Filling of the server_random takes place in
* tls_process_client_hello()
|| !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len)
|| !WPACKET_put_bytes_u8(pkt, compm)
|| !ssl_prepare_serverhello_tlsext(s)
- || !ssl_add_serverhello_tlsext(s, pkt, &al)
- || !ssl_close_construct_packet(s, pkt)) {
+ || !ssl_add_serverhello_tlsext(s, pkt, &al)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
goto err;
}
int tls_construct_server_done(SSL *s, WPACKET *pkt)
{
- if (!ssl_set_handshake_header(s, pkt, SSL3_MT_SERVER_DONE)
- || !ssl_close_construct_packet(s, pkt)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_DONE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
if (!s->s3->tmp.cert_request) {
- if (!ssl3_digest_cached_records(s, 0))
- goto err;
+ if (!ssl3_digest_cached_records(s, 0)) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ return 0;
+ }
}
return 1;
-
- err:
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
- return 0;
}
int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
size_t paramlen, paramoffset;
- if (!ssl_set_handshake_header(s, pkt,
- SSL3_MT_SERVER_KEY_EXCHANGE)
- || !WPACKET_get_total_written(pkt, ¶moffset)) {
+ if (!WPACKET_get_total_written(pkt, ¶moffset)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
}
}
}
- if (!ssl_close_construct_packet(s, pkt)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto f_err;
- }
-
EVP_MD_CTX_free(md_ctx);
return 1;
f_err:
int i, nl;
STACK_OF(X509_NAME) *sk = NULL;
- if (!ssl_set_handshake_header(s, pkt,
- SSL3_MT_CERTIFICATE_REQUEST)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
-
/* get the list of acceptable cert types */
if (!WPACKET_start_sub_packet_u8(pkt)
|| !ssl3_get_req_cert_type(s, pkt)
}
/* else no CA names */
- if (!WPACKET_close(pkt)
- || !ssl_close_construct_packet(s, pkt)) {
+ if (!WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
goto err;
}
return 0;
}
- if (!ssl_set_handshake_header(s, pkt, SSL3_MT_NEWSESSION_TICKET)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
ctx = EVP_CIPHER_CTX_new();
hctx = HMAC_CTX_new();
if (ctx == NULL || hctx == NULL) {
|| hlen > EVP_MAX_MD_SIZE
|| !WPACKET_allocate_bytes(pkt, hlen, &macdata2)
|| macdata1 != macdata2
- || !WPACKET_close(pkt)
- || !ssl_close_construct_packet(s, pkt)) {
+ || !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
goto err;
}
int tls_construct_cert_status(SSL *s, WPACKET *pkt)
{
- if (!ssl_set_handshake_header(s, pkt, SSL3_MT_CERTIFICATE_STATUS)
- || !WPACKET_put_bytes_u8(pkt, s->tlsext_status_type)
+ if (!WPACKET_put_bytes_u8(pkt, s->tlsext_status_type)
|| !WPACKET_sub_memcpy_u24(pkt, s->tlsext_ocsp_resp,
- s->tlsext_ocsp_resplen)
- || !ssl_close_construct_packet(s, pkt)) {
+ s->tlsext_ocsp_resplen)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CERT_STATUS, ERR_R_INTERNAL_ERROR);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return 0;
projects / oweals / openssl.git / commitdiff