diff options
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/packet.c | 2 | ||||
-rw-r--r-- | ssl/packet_locl.h | 18 | ||||
-rw-r--r-- | ssl/s3_lib.c | 4 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 10 | ||||
-rw-r--r-- | ssl/statem/statem_dtls.c | 4 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 2 | ||||
-rw-r--r-- | ssl/t1_ext.c | 2 | ||||
-rw-r--r-- | ssl/t1_lib.c | 60 |
8 files changed, 58 insertions, 44 deletions
diff --git a/ssl/packet.c b/ssl/packet.c index 7d80ebc689..6199469969 100644 --- a/ssl/packet.c +++ b/ssl/packet.c @@ -234,7 +234,7 @@ int WPACKET_start_sub_packet(WPACKET *pkt) return WPACKET_start_sub_packet_len__(pkt, 0); } -int WPACKET_put_bytes(WPACKET *pkt, unsigned int val, size_t size) +int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t size) { unsigned char *data; diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h index 0ec5a389ce..c51d8922a8 100644 --- a/ssl/packet_locl.h +++ b/ssl/packet_locl.h @@ -701,9 +701,23 @@ int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len, * Write the value stored in |val| into the WPACKET. The value will consume * |bytes| amount of storage. An error will occur if |val| cannot be * accommodated in |bytes| storage, e.g. attempting to write the value 256 into - * 1 byte will fail. + * 1 byte will fail. Don't call this directly. Use the convenience macros below + * instead. */ -int WPACKET_put_bytes(WPACKET *pkt, unsigned int val, size_t bytes); +int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t bytes); + +/* + * Convenience macros for calling WPACKET_put_bytes with different + * lengths + */ +#define WPACKET_put_bytes_u8(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 1) +#define WPACKET_put_bytes_u16(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 2) +#define WPACKET_put_bytes_u24(pkt, val) \ + WPACKET_put_bytes__((pkt), (val)), 3) +#define WPACKET_put_bytes_u32(pkt, val) \ + WPACKET_sub_allocate_bytes__((pkt), (val), 4) /* Set a maximum size that we will not allow the WPACKET to grow beyond */ int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3749b2c8f7..2a4dc6d7a9 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2798,7 +2798,7 @@ int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) int ssl3_set_handshake_header2(SSL *s, WPACKET *pkt, int htype) { /* Set the content type and 3 bytes for the message len */ - if (!WPACKET_put_bytes(pkt, htype, 1) + if (!WPACKET_put_bytes_u8(pkt, htype) || !WPACKET_start_sub_packet_u24(pkt)) return 0; @@ -3598,7 +3598,7 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) return 1; } - if (!WPACKET_put_bytes(pkt, c->id & 0xffff, 2)) + if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff)) return 0; *len = 2; diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 95af064269..bb7219f369 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -782,7 +782,7 @@ int tls_construct_client_hello(SSL *s) * client_version in client hello and not resetting it to * the negotiated version. */ - if (!WPACKET_put_bytes(&pkt, s->client_version, 2) + if (!WPACKET_put_bytes_u16(&pkt, s->client_version) || !WPACKET_memcpy(&pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); goto err; @@ -834,7 +834,7 @@ int tls_construct_client_hello(SSL *s) int compnum = sk_SSL_COMP_num(s->ctx->comp_methods); for (i = 0; i < compnum; i++) { comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); - if (!WPACKET_put_bytes(&pkt, comp->id, 1)) { + if (!WPACKET_put_bytes_u8(&pkt, comp->id)) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); goto err; } @@ -842,7 +842,7 @@ int tls_construct_client_hello(SSL *s) } #endif /* Add the NULL method */ - if (!WPACKET_put_bytes(&pkt, 0, 1) || !WPACKET_close(&pkt)) { + if (!WPACKET_put_bytes_u8(&pkt, 0) || !WPACKET_close(&pkt)) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); goto err; } @@ -2424,8 +2424,8 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt, int *al) goto err; } - if (!WPACKET_put_bytes(pkt, V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED, 1) - || (msglen >= 0x80 && !WPACKET_put_bytes(pkt, 0x81, 1)) + if (!WPACKET_put_bytes_u8(pkt, V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) + || (msglen >= 0x80 && !WPACKET_put_bytes_u8(pkt, 0x81)) || !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR); diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 3146f77b0d..f892f0f82e 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -876,7 +876,7 @@ int dtls_construct_change_cipher_spec(SSL *s) WPACKET pkt; if (!WPACKET_init(&pkt, s->init_buf) - || !WPACKET_put_bytes(&pkt, SSL3_MT_CCS, 1)) { + || !WPACKET_put_bytes_u8(&pkt, SSL3_MT_CCS)) { SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR); goto err; } @@ -887,7 +887,7 @@ int dtls_construct_change_cipher_spec(SSL *s) if (s->version == DTLS1_BAD_VER) { s->d1->next_handshake_write_seq++; - if (!WPACKET_put_bytes(&pkt, s->d1->handshake_write_seq, 2)) { + if (!WPACKET_put_bytes_u16(&pkt, s->d1->handshake_write_seq)) { SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR); goto err; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 81491a2e5d..3ffe4e5751 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -272,7 +272,7 @@ int tls_construct_change_cipher_spec(SSL *s) WPACKET pkt; if (!WPACKET_init(&pkt, s->init_buf) - || !WPACKET_put_bytes(&pkt, SSL3_MT_CCS, 1) + || !WPACKET_put_bytes_u8(&pkt, SSL3_MT_CCS) || !WPACKET_finish(&pkt)) { WPACKET_cleanup(&pkt); ossl_statem_set_error(s); diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index 664906c1c2..099a0ae086 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -171,7 +171,7 @@ int custom_ext_add(SSL *s, int server, WPACKET *pkt, int *al) continue; /* skip this extension */ } - if (!WPACKET_put_bytes(pkt, meth->ext_type, 2) + if (!WPACKET_put_bytes_u16(pkt, meth->ext_type) || !WPACKET_start_sub_packet_u16(pkt) || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen)) || !WPACKET_close(pkt)) { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index eea78029da..035353c330 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1039,7 +1039,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) /* Add RI if renegotiating */ if (s->renegotiate) { - if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_renegotiate, 2) + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) || !WPACKET_sub_memcpy_u16(pkt, s->s3->previous_client_finished, s->s3->previous_client_finished_len)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); @@ -1052,12 +1052,12 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) if (s->tlsext_hostname != NULL) { /* Add TLS extension servername to the Client Hello message */ - if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_server_name, 2) + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name) /* Sub-packet for server_name extension */ || !WPACKET_start_sub_packet_u16(pkt) /* Sub-packet for servername list (always 1 hostname)*/ || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes(pkt, TLSEXT_NAMETYPE_host_name, 1) + || !WPACKET_put_bytes_u8(pkt, TLSEXT_NAMETYPE_host_name) || !WPACKET_sub_memcpy_u16(pkt, s->tlsext_hostname, strlen(s->tlsext_hostname)) || !WPACKET_close(pkt) @@ -1069,7 +1069,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) #ifndef OPENSSL_NO_SRP /* Add SRP username if there is one */ if (s->srp_ctx.login != NULL) { - if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_srp, 2) + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_srp) /* Sub-packet for SRP extension */ || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u8(pkt) @@ -1096,7 +1096,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) tls1_get_formatlist(s, &pformats, &num_formats); - if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_ec_point_formats, 2) + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats) /* Sub-packet for formats extension */ || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_sub_memcpy_u8(pkt, pformats, num_formats) @@ -1114,7 +1114,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) return 0; } - if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_elliptic_curves, 2) + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_elliptic_curves) /* Sub-packet for curves extension */ || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u16(pkt)) { @@ -1124,8 +1124,8 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) /* Copy curve ID if supported */ for (i = 0; i < num_curves; i++, pcurves += 2) { if (tls_curve_allowed(s, pcurves, SSL_SECOP_CURVE_SUPPORTED)) { - if (!WPACKET_put_bytes(pkt, pcurves[0], 1) - || !WPACKET_put_bytes(pkt, pcurves[1], 1)) { + if (!WPACKET_put_bytes_u8(pkt, pcurves[0]) + || !WPACKET_put_bytes_u8(pkt, pcurves[1])) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return 0; @@ -1160,7 +1160,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) s->tlsext_session_ticket->data == NULL) goto skip_ext; - if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_session_ticket, 2) + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket) || !WPACKET_sub_memcpy_u16(pkt, s->session->tlsext_tick, ticklen)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); @@ -1175,7 +1175,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) salglen = tls12_get_psigalgs(s, &salg); - if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_signature_algorithms, 2) + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signature_algorithms) /* Sub-packet for sig-algs extension */ || !WPACKET_start_sub_packet_u16(pkt) /* Sub-packet for the actual list */ @@ -1191,10 +1191,10 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) { int i; - if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_status_request, 2) + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request) /* Sub-packet for status request extension */ || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes(pkt, TLSEXT_STATUSTYPE_ocsp, 1) + || !WPACKET_put_bytes_u8(pkt, TLSEXT_STATUSTYPE_ocsp) /* Sub-packet for the ids */ || !WPACKET_start_sub_packet_u16(pkt)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); @@ -1255,10 +1255,10 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) else mode = SSL_DTLSEXT_HB_ENABLED; - if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_heartbeat, 2) + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_heartbeat) /* Sub-packet for Hearbeat extension */ || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes(pkt, mode, 1) + || !WPACKET_put_bytes_u8(pkt, mode) || !WPACKET_close(pkt)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return 0; @@ -1272,8 +1272,8 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) * The client advertises an empty extension to indicate its support * for Next Protocol Negotiation */ - if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_next_proto_neg, 2) - || !WPACKET_put_bytes(pkt, 0, 2)) { + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg) + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return 0; } @@ -1286,8 +1286,8 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) * (see longer comment below) */ if (s->alpn_client_proto_list && !s->s3->tmp.finish_md_len) { - if (!WPACKET_put_bytes(pkt, - TLSEXT_TYPE_application_layer_protocol_negotiation, 2) + if (!WPACKET_put_bytes_u16(pkt, + TLSEXT_TYPE_application_layer_protocol_negotiation) /* Sub-packet ALPN extension */ || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_sub_memcpy_u16(pkt, s->alpn_client_proto_list, @@ -1304,7 +1304,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) SRTP_PROTECTION_PROFILE *prof; int i, ct; - if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_use_srtp, 2) + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp) /* Sub-packet for SRTP extension */ || !WPACKET_start_sub_packet_u16(pkt) /* Sub-packet for the protection profile list */ @@ -1315,7 +1315,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); for (i = 0; i < ct; i++) { prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); - if (prof == NULL || !WPACKET_put_bytes(pkt, prof->id, 2)) { + if (prof == NULL || !WPACKET_put_bytes_u16(pkt, prof->id)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return 0; } @@ -1333,24 +1333,24 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) return 0; } - if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_encrypt_then_mac, 2) - || !WPACKET_put_bytes(pkt, 0, 2)) { + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac) + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return 0; } #ifndef OPENSSL_NO_CT if (s->ct_validation_callback != NULL) { - if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_signed_certificate_timestamp, 2) - || !WPACKET_put_bytes(pkt, 0, 2)) { + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signed_certificate_timestamp) + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return 0; } } #endif - if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_extended_master_secret, 2) - || !WPACKET_put_bytes(pkt, 0, 2)) { + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) + || !WPACKET_put_bytes_u16(pkt, 0)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return 0; } @@ -1377,7 +1377,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) else hlen = 0; - if (!WPACKET_put_bytes(pkt, TLSEXT_TYPE_padding, 2) + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_padding) || !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return 0; @@ -3131,7 +3131,7 @@ int tls12_get_sigandhash(WPACKET *pkt, const EVP_PKEY *pk, const EVP_MD *md) sig_id = tls12_get_sigid(pk); if (sig_id == -1) return 0; - if (!WPACKET_put_bytes(pkt, md_id, 1) || !WPACKET_put_bytes(pkt, sig_id, 1)) + if (!WPACKET_put_bytes_u8(pkt, md_id) || !WPACKET_put_bytes_u8(pkt, sig_id)) return 0; return 1; @@ -3352,8 +3352,8 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, for (i = 0; i < psiglen; i += 2, psig += 2) { if (tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, psig)) { - if (!WPACKET_put_bytes(pkt, psig[0], 1) - || !WPACKET_put_bytes(pkt, psig[1], 1)) + if (!WPACKET_put_bytes_u8(pkt, psig[0]) + || !WPACKET_put_bytes_u8(pkt, psig[1])) return 0; } } |