summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'ssl')
-rw-r--r--ssl/packet.c2
-rw-r--r--ssl/packet_locl.h18
-rw-r--r--ssl/s3_lib.c4
-rw-r--r--ssl/statem/statem_clnt.c10
-rw-r--r--ssl/statem/statem_dtls.c4
-rw-r--r--ssl/statem/statem_lib.c2
-rw-r--r--ssl/t1_ext.c2
-rw-r--r--ssl/t1_lib.c60
8 files changed, 58 insertions, 44 deletions
diff --git a/ssl/packet.c b/ssl/packet.c
index 7d80ebc689..6199469969 100644
--- a/ssl/packet.c
+++ b/ssl/packet.c
@@ -234,7 +234,7 @@ int WPACKET_start_sub_packet(WPACKET *pkt)
return WPACKET_start_sub_packet_len__(pkt, 0);
}
-int WPACKET_put_bytes(WPACKET *pkt, unsigned int val, size_t size)
+int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t size)
{
unsigned char *data;
diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h
index 0ec5a389ce..c51d8922a8 100644
--- a/ssl/packet_locl.h
+++ b/ssl/packet_locl.h
@@ -701,9 +701,23 @@ int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len,
* Write the value stored in |val| into the WPACKET. The value will consume
* |bytes| amount of storage. An error will occur if |val| cannot be
* accommodated in |bytes| storage, e.g. attempting to write the value 256 into
- * 1 byte will fail.
+ * 1 byte will fail. Don't call this directly. Use the convenience macros below
+ * instead.
*/
-int WPACKET_put_bytes(WPACKET *pkt, unsigned int val, size_t bytes);
+int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t bytes);
+
+/*
+ * Convenience macros for calling WPACKET_put_bytes with different
+ * lengths
+ */
+#define WPACKET_put_bytes_u8(pkt, val) \
+ WPACKET_put_bytes__((pkt), (val), 1)
+#define WPACKET_put_bytes_u16(pkt, val) \
+ WPACKET_put_bytes__((pkt), (val), 2)
+#define WPACKET_put_bytes_u24(pkt, val) \
+ WPACKET_put_bytes__((pkt), (val)), 3)
+#define WPACKET_put_bytes_u32(pkt, val) \
+ WPACKET_sub_allocate_bytes__((pkt), (val), 4)
/* Set a maximum size that we will not allow the WPACKET to grow beyond */
int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 3749b2c8f7..2a4dc6d7a9 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2798,7 +2798,7 @@ int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
int ssl3_set_handshake_header2(SSL *s, WPACKET *pkt, int htype)
{
/* Set the content type and 3 bytes for the message len */
- if (!WPACKET_put_bytes(pkt, htype, 1)
+ if (!WPACKET_put_bytes_u8(pkt, htype)
|| !WPACKET_start_sub_packet_u24(pkt))
return 0;
@@ -3598,7 +3598,7 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
return 1;
}
- if (!WPACKET_put_bytes(pkt, c->id & 0xffff, 2))
+ if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
return 0;
*len = 2;
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 95af064269..bb7219f369 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -782,7 +782,7 @@ int tls_construct_client_hello(SSL *s)
* client_version in client hello and not resetting it to
* the negotiated version.
*/
- if (!WPACKET_put_bytes(&pkt, s->client_version, 2)
+ if (!WPACKET_put_bytes_u16(&pkt, s->client_version)
|| !WPACKET_memcpy(&pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
goto err;
@@ -834,7 +834,7 @@ int tls_construct_client_hello(SSL *s)
int compnum = sk_SSL_COMP_num(s->ctx->comp_methods);
for (i = 0; i < compnum; i++) {
comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
- if (!WPACKET_put_bytes(&pkt, comp->id, 1)) {
+ if (!WPACKET_put_bytes_u8(&pkt, comp->id)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -842,7 +842,7 @@ int tls_construct_client_hello(SSL *s)
}
#endif
/* Add the NULL method */
- if (!WPACKET_put_bytes(&pkt, 0, 1) || !WPACKET_close(&pkt)) {
+ if (!WPACKET_put_bytes_u8(&pkt, 0) || !WPACKET_close(&pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -2424,8 +2424,8 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt, int *al)
goto err;
}
- if (!WPACKET_put_bytes(pkt, V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED, 1)
- || (msglen >= 0x80 && !WPACKET_put_bytes(pkt, 0x81, 1))
+ if (!WPACKET_put_bytes_u8(pkt, V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)
+ || (msglen >= 0x80 && !WPACKET_put_bytes_u8(pkt, 0x81))
|| !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index 3146f77b0d..f892f0f82e 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -876,7 +876,7 @@ int dtls_construct_change_cipher_spec(SSL *s)
WPACKET pkt;
if (!WPACKET_init(&pkt, s->init_buf)
- || !WPACKET_put_bytes(&pkt, SSL3_MT_CCS, 1)) {
+ || !WPACKET_put_bytes_u8(&pkt, SSL3_MT_CCS)) {
SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -887,7 +887,7 @@ int dtls_construct_change_cipher_spec(SSL *s)
if (s->version == DTLS1_BAD_VER) {
s->d1->next_handshake_write_seq++;
- if (!WPACKET_put_bytes(&pkt, s->d1->handshake_write_seq, 2)) {
+ if (!WPACKET_put_bytes_u16(&pkt, s->d1->handshake_write_seq)) {
SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);
goto err;
}
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 81491a2e5d..3ffe4e5751 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -272,7 +272,7 @@ int tls_construct_change_cipher_spec(SSL *s)
WPACKET pkt;
if (!WPACKET_init(&pkt, s->init_buf)
- || !WPACKET_put_bytes(&pkt, SSL3_MT_CCS, 1)
+ || !WPACKET_put_bytes_u8(&pkt, SSL3_MT_CCS)
|| !WPACKET_finish(&pkt)) {
WPACKET_cleanup(&pkt);
ossl_statem_set_error(s);
diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c
index 664906c1c2..099a0ae086 100644
--- a/ssl/t1_ext.c
+++ b/ssl/t1_ext.c
@@ -171,7 +171,7 @@ int custom_ext_add(SSL *s, int server, WPACKET *pkt, int *al)
continue; /* skip this extension */
}
- if (!WPACKET_put_bytes(pkt, meth->ext_type, 2)
+ if (!WPACKET_put_bytes_u16(pkt, meth->ext_type)
|| !WPACKET_start_sub_packet_u16(pkt)
|| (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
|| !WPACKET_close(pkt)) {
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index eea78029da..035353c330 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1039,7 +1039,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
/* Add RI if renegotiating */
if (s->renegotiate) {
- if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_renegotiate, 2)
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate)
|| !WPACKET_sub_memcpy_u16(pkt, s->s3->previous_client_finished,
s->s3->previous_client_finished_len)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
@@ -1052,12 +1052,12 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
if (s->tlsext_hostname != NULL) {
/* Add TLS extension servername to the Client Hello message */
- if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_server_name, 2)
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name)
/* Sub-packet for server_name extension */
|| !WPACKET_start_sub_packet_u16(pkt)
/* Sub-packet for servername list (always 1 hostname)*/
|| !WPACKET_start_sub_packet_u16(pkt)
- || !WPACKET_put_bytes(pkt, TLSEXT_NAMETYPE_host_name, 1)
+ || !WPACKET_put_bytes_u8(pkt, TLSEXT_NAMETYPE_host_name)
|| !WPACKET_sub_memcpy_u16(pkt, s->tlsext_hostname,
strlen(s->tlsext_hostname))
|| !WPACKET_close(pkt)
@@ -1069,7 +1069,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
#ifndef OPENSSL_NO_SRP
/* Add SRP username if there is one */
if (s->srp_ctx.login != NULL) {
- if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_srp, 2)
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_srp)
/* Sub-packet for SRP extension */
|| !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_start_sub_packet_u8(pkt)
@@ -1096,7 +1096,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
tls1_get_formatlist(s, &pformats, &num_formats);
- if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_ec_point_formats, 2)
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats)
/* Sub-packet for formats extension */
|| !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_sub_memcpy_u8(pkt, pformats, num_formats)
@@ -1114,7 +1114,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
return 0;
}
- if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_elliptic_curves, 2)
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_elliptic_curves)
/* Sub-packet for curves extension */
|| !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_start_sub_packet_u16(pkt)) {
@@ -1124,8 +1124,8 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
/* Copy curve ID if supported */
for (i = 0; i < num_curves; i++, pcurves += 2) {
if (tls_curve_allowed(s, pcurves, SSL_SECOP_CURVE_SUPPORTED)) {
- if (!WPACKET_put_bytes(pkt, pcurves[0], 1)
- || !WPACKET_put_bytes(pkt, pcurves[1], 1)) {
+ if (!WPACKET_put_bytes_u8(pkt, pcurves[0])
+ || !WPACKET_put_bytes_u8(pkt, pcurves[1])) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
ERR_R_INTERNAL_ERROR);
return 0;
@@ -1160,7 +1160,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
s->tlsext_session_ticket->data == NULL)
goto skip_ext;
- if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_session_ticket, 2)
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket)
|| !WPACKET_sub_memcpy_u16(pkt, s->session->tlsext_tick,
ticklen)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
@@ -1175,7 +1175,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
salglen = tls12_get_psigalgs(s, &salg);
- if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_signature_algorithms, 2)
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signature_algorithms)
/* Sub-packet for sig-algs extension */
|| !WPACKET_start_sub_packet_u16(pkt)
/* Sub-packet for the actual list */
@@ -1191,10 +1191,10 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
int i;
- if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_status_request, 2)
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request)
/* Sub-packet for status request extension */
|| !WPACKET_start_sub_packet_u16(pkt)
- || !WPACKET_put_bytes(pkt, TLSEXT_STATUSTYPE_ocsp, 1)
+ || !WPACKET_put_bytes_u8(pkt, TLSEXT_STATUSTYPE_ocsp)
/* Sub-packet for the ids */
|| !WPACKET_start_sub_packet_u16(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
@@ -1255,10 +1255,10 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
else
mode = SSL_DTLSEXT_HB_ENABLED;
- if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_heartbeat, 2)
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_heartbeat)
/* Sub-packet for Hearbeat extension */
|| !WPACKET_start_sub_packet_u16(pkt)
- || !WPACKET_put_bytes(pkt, mode, 1)
+ || !WPACKET_put_bytes_u8(pkt, mode)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
@@ -1272,8 +1272,8 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
* The client advertises an empty extension to indicate its support
* for Next Protocol Negotiation
*/
- if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_next_proto_neg, 2)
- || !WPACKET_put_bytes(pkt, 0, 2)) {
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg)
+ || !WPACKET_put_bytes_u16(pkt, 0)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -1286,8 +1286,8 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
* (see longer comment below)
*/
if (s->alpn_client_proto_list && !s->s3->tmp.finish_md_len) {
- if (!WPACKET_put_bytes(pkt,
- TLSEXT_TYPE_application_layer_protocol_negotiation, 2)
+ if (!WPACKET_put_bytes_u16(pkt,
+ TLSEXT_TYPE_application_layer_protocol_negotiation)
/* Sub-packet ALPN extension */
|| !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_sub_memcpy_u16(pkt, s->alpn_client_proto_list,
@@ -1304,7 +1304,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
SRTP_PROTECTION_PROFILE *prof;
int i, ct;
- if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_use_srtp, 2)
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp)
/* Sub-packet for SRTP extension */
|| !WPACKET_start_sub_packet_u16(pkt)
/* Sub-packet for the protection profile list */
@@ -1315,7 +1315,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
ct = sk_SRTP_PROTECTION_PROFILE_num(clnt);
for (i = 0; i < ct; i++) {
prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
- if (prof == NULL || !WPACKET_put_bytes(pkt, prof->id, 2)) {
+ if (prof == NULL || !WPACKET_put_bytes_u16(pkt, prof->id)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -1333,24 +1333,24 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
return 0;
}
- if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_encrypt_then_mac, 2)
- || !WPACKET_put_bytes(pkt, 0, 2)) {
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac)
+ || !WPACKET_put_bytes_u16(pkt, 0)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
#ifndef OPENSSL_NO_CT
if (s->ct_validation_callback != NULL) {
- if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_signed_certificate_timestamp, 2)
- || !WPACKET_put_bytes(pkt, 0, 2)) {
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signed_certificate_timestamp)
+ || !WPACKET_put_bytes_u16(pkt, 0)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
}
#endif
- if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_extended_master_secret, 2)
- || !WPACKET_put_bytes(pkt, 0, 2)) {
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
+ || !WPACKET_put_bytes_u16(pkt, 0)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -1377,7 +1377,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
else
hlen = 0;
- if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_padding, 2)
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_padding)
|| !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
@@ -3131,7 +3131,7 @@ int tls12_get_sigandhash(WPACKET *pkt, const EVP_PKEY *pk, const EVP_MD *md)
sig_id = tls12_get_sigid(pk);
if (sig_id == -1)
return 0;
- if (!WPACKET_put_bytes(pkt, md_id, 1) || !WPACKET_put_bytes(pkt, sig_id, 1))
+ if (!WPACKET_put_bytes_u8(pkt, md_id) || !WPACKET_put_bytes_u8(pkt, sig_id))
return 0;
return 1;
@@ -3352,8 +3352,8 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
for (i = 0; i < psiglen; i += 2, psig += 2) {
if (tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, psig)) {
- if (!WPACKET_put_bytes(pkt, psig[0], 1)
- || !WPACKET_put_bytes(pkt, psig[1], 1))
+ if (!WPACKET_put_bytes_u8(pkt, psig[0])
+ || !WPACKET_put_bytes_u8(pkt, psig[1]))
return 0;
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-13 12:19:24 +0000