diff options
| author |   jsing <jsing@openbsd.org> | 2020-02-21 16:15:56 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2020-02-21 16:15:56 +0000 |
| commit | 91a6bd555465bbacedb1b2798df09d9cfe63990d (patch) | |
| tree | 081b92859d48e1497d6f62dfc6a1a43436d94f5d | |
| parent | Remove some commented code, remove some pointless comments and move some (diff) | |
| download | wireguard-openbsd-91a6bd555465bbacedb1b2798df09d9cfe63990d.tar.xz wireguard-openbsd-91a6bd555465bbacedb1b2798df09d9cfe63990d.zip | |
Convert the DTLS header creation code to CBB.
Also consolidate it into the one place, since there is no reason to write
the epoch and sequence out later.
ok inoguchi@ tb@
| -rw-r--r-- | lib/libssl/d1_pkt.c | 47 |
1 files changed, 27 insertions, 20 deletions
diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index 5558c0e8722..2cb2d089c87 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.68 2020/02/21 16:13:16 jsing Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.69 2020/02/21 16:15:56 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -1178,12 +1178,15 @@ dtls1_write_bytes(SSL *s, int type, const void *buf, int len) int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) { - unsigned char *p, *pseq; + unsigned char *p; int i, mac_size, clear = 0; SSL3_RECORD *wr; SSL3_BUFFER *wb; SSL_SESSION *sess; int bs; + CBB cbb; + + memset(&cbb, 0, sizeof(cbb)); /* first check if there is a SSL3_BUFFER still being written * out. This will happen with non blocking IO */ @@ -1223,18 +1226,20 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) p = wb->buf; - /* write the header */ - - *(p++) = type&0xff; - wr->type = type; - - *(p++) = (s->version >> 8); - *(p++) = s->version&0xff; + if (!CBB_init_fixed(&cbb, p, DTLS1_RT_HEADER_LENGTH)) + goto err; - /* field where we are to write out packet epoch, seq num and len */ - pseq = p; + /* Write the header. */ + if (!CBB_add_u8(&cbb, type)) + goto err; + if (!CBB_add_u16(&cbb, s->version)) + goto err; + if (!CBB_add_u16(&cbb, D1I(s)->w_epoch)) + goto err; + if (!CBB_add_bytes(&cbb, &(S3I(s)->write_sequence[2]), 6)) + goto err; - p += 10; + p += DTLS1_RT_HEADER_LENGTH; /* lets setup the record stuff. */ @@ -1247,6 +1252,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) else bs = 0; + wr->type = type; wr->data = p + bs; /* make room for IV in case of CBC */ wr->length = (int)len; @@ -1283,17 +1289,15 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) /* ssl3_enc can only have an error on read */ s->method->internal->ssl3_enc->enc(s, 1); - s2n(D1I(s)->w_epoch, pseq); - memcpy(pseq, &(S3I(s)->write_sequence[2]), 6); - pseq += 6; - - /* record length after mac and block padding */ - s2n(wr->length, pseq); + if (!CBB_add_u16(&cbb, wr->length)) + goto err; + if (!CBB_finish(&cbb, NULL, NULL)) + goto err; /* we should now have * wr->data pointing to the encrypted data, which is * wr->length long */ - wr->type=type; /* not needed but helps for debugging */ + wr->type = type; /* not needed but helps for debugging */ wr->length += DTLS1_RT_HEADER_LENGTH; tls1_record_sequence_increment(S3I(s)->write_sequence); @@ -1310,7 +1314,10 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) /* we now just need to write the buffer */ return ssl3_write_pending(s, type, buf, len); -err: + + err: + CBB_cleanup(&cbb); + return -1; } |