DTLS revision.
Revise DTLS code. There was a *lot* of code duplication in the
DTLS code that generates records. This makes it harder to maintain and
sometimes a TLS update is omitted by accident from the DTLS code.
Specifically almost all of the record generation functions have code like
this:
some_pointer = buffer + HANDSHAKE_HEADER_LENGTH;
... Record creation stuff ...
set_handshake_header(ssl, SSL_MT_SOMETHING, message_len);
...
write_handshake_message(ssl);
Where the "Record creation stuff" is identical between SSL/TLS and DTLS or
in some cases has very minor differences.
By adding a few fields to SSL3_ENC to include the header length, some flags
and function pointers for handshake header setting and handshake writing the
code can cope with both cases.
(cherry picked from commit 173e72e64c)
This commit is contained in:
Dr. Stephen Henson
@@ -896,63 +896,6 @@ f_err:
|
||||
return(-1);
|
||||
}
|
||||
|
||||
int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
|
||||
{
|
||||
unsigned char *p,*d;
|
||||
int i;
|
||||
unsigned long l;
|
||||
|
||||
if (s->state == a)
|
||||
{
|
||||
d=(unsigned char *)s->init_buf->data;
|
||||
p= &(d[DTLS1_HM_HEADER_LENGTH]);
|
||||
|
||||
i=s->method->ssl3_enc->final_finish_mac(s,
|
||||
sender,slen,s->s3->tmp.finish_md);
|
||||
s->s3->tmp.finish_md_len = i;
|
||||
memcpy(p, s->s3->tmp.finish_md, i);
|
||||
p+=i;
|
||||
l=i;
|
||||
|
||||
/* Copy the finished so we can use it for
|
||||
* renegotiation checks
|
||||
*/
|
||||
if(s->type == SSL_ST_CONNECT)
|
||||
{
|
||||
OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
|
||||
memcpy(s->s3->previous_client_finished,
|
||||
s->s3->tmp.finish_md, i);
|
||||
s->s3->previous_client_finished_len=i;
|
||||
}
|
||||
else
|
||||
{
|
||||
OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
|
||||
memcpy(s->s3->previous_server_finished,
|
||||
s->s3->tmp.finish_md, i);
|
||||
s->s3->previous_server_finished_len=i;
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_SYS_WIN16
|
||||
/* MSVC 1.5 does not clear the top bytes of the word unless
|
||||
* I do this.
|
||||
*/
|
||||
l&=0xffff;
|
||||
#endif
|
||||
|
||||
d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
|
||||
s->init_num=(int)l+DTLS1_HM_HEADER_LENGTH;
|
||||
s->init_off=0;
|
||||
|
||||
/* buffer the message to handle re-xmits */
|
||||
dtls1_buffer_message(s, 0);
|
||||
|
||||
s->state=b;
|
||||
}
|
||||
|
||||
/* SSL3_ST_SEND_xxxxxx_HELLO_B */
|
||||
return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
|
||||
}
|
||||
|
||||
/* for these 2 messages, we need to
|
||||
* ssl->enc_read_ctx re-init
|
||||
* ssl->s3->read_sequence zero
|
||||
@@ -993,27 +936,6 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
|
||||
return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
|
||||
}
|
||||
|
||||
unsigned long dtls1_output_cert_chain(SSL *s, CERT_PKEY *cpk)
|
||||
{
|
||||
unsigned char *p;
|
||||
unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
|
||||
BUF_MEM *buf=s->init_buf;
|
||||
|
||||
if (!ssl_add_cert_chain(s, cpk, &l))
|
||||
return 0;
|
||||
|
||||
l-= (3 + DTLS1_HM_HEADER_LENGTH);
|
||||
|
||||
p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
|
||||
l2n3(l,p);
|
||||
l+=3;
|
||||
p=(unsigned char *)&(buf->data[0]);
|
||||
p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
|
||||
|
||||
l+=DTLS1_HM_HEADER_LENGTH;
|
||||
return(l);
|
||||
}
|
||||
|
||||
int dtls1_read_failed(SSL *s, int code)
|
||||
{
|
||||
if ( code > 0)
|
||||
|
||||
Reference in New Issue
Block a user