diff options
| author |   jsing <jsing@openbsd.org> | 2016-12-07 13:40:17 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2016-12-07 13:40:17 +0000 |
| commit | 7db88bcfd4eb2ce3311f3063fdad923217e9eae1 (patch) | |
| tree | f3fd6132ebc7d01bb132d3b7242de5f18ee4e3c5 /lib/libssl/s3_clnt.c | |
| parent | Rename function discover_interfaces into get_interface and change its (diff) | |
| download | wireguard-openbsd-7db88bcfd4eb2ce3311f3063fdad923217e9eae1.tar.xz wireguard-openbsd-7db88bcfd4eb2ce3311f3063fdad923217e9eae1.zip | |
Convert ssl3_send_client_kex_dhe() to CBB.
ok doug@
Diffstat (limited to 'lib/libssl/s3_clnt.c')
| -rw-r--r-- | lib/libssl/s3_clnt.c | 37 |
1 files changed, 23 insertions, 14 deletions
diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index c88835b91e5..136bd4c6b4b 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.151 2016/12/06 13:42:32 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.152 2016/12/07 13:40:17 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1938,13 +1938,14 @@ err: } static int -ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p, - int *outlen) +ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb) { DH *dh_srvr = NULL, *dh_clnt = NULL; unsigned char *key = NULL; - int key_size, n; + int key_size, key_len; + unsigned char *data; int ret = -1; + CBB dh_Yc; /* Ensure that we have an ephemeral key for DHE. */ if (sess_cert->peer_dh_tmp == NULL) { @@ -1970,8 +1971,8 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p, ERR_R_MALLOC_FAILURE); goto err; } - n = DH_compute_key(key, dh_srvr->pub_key, dh_clnt); - if (n <= 0) { + key_len = DH_compute_key(key, dh_srvr->pub_key, dh_clnt); + if (key_len <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); goto err; } @@ -1979,15 +1980,16 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p, /* Generate master key from the result. */ s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, key, n); + s->session->master_key, key, key_len); - /* Send off the data. */ - n = BN_num_bytes(dh_clnt->pub_key); - s2n(n, p); - BN_bn2bin(dh_clnt->pub_key, p); - n += 2; + if (!CBB_add_u16_length_prefixed(cbb, &dh_Yc)) + goto err; + if (!CBB_add_space(&dh_Yc, &data, BN_num_bytes(dh_clnt->pub_key))) + goto err; + BN_bn2bin(dh_clnt->pub_key, data); + if (!CBB_flush(cbb)) + goto err; - *outlen = n; ret = 1; err: @@ -2264,8 +2266,15 @@ ssl3_send_client_key_exchange(SSL *s) goto err; n = (int)outlen; } else if (alg_k & SSL_kDHE) { - if (ssl3_send_client_kex_dhe(s, sess_cert, p, &n) != 1) + if (!CBB_init_fixed(&cbb, p, bufend - p)) + goto err; + if (ssl3_send_client_kex_dhe(s, sess_cert, &cbb) != 1) + goto err; + if (!CBB_finish(&cbb, NULL, &outlen)) + goto err; + if (outlen > INT_MAX) goto err; + n = (int)outlen; } else if (alg_k & SSL_kECDHE) { if (ssl3_send_client_kex_ecdhe(s, sess_cert, p, &n) != 1) |