PACKETise Certificate Status message
Process the Certificate Status message using the PACKET API Reviewed-by: Emilia Käsper <emilia@openssl.org>
This commit is contained in:
Matt Caswell
parent
bc6616a434
commit
ac63710a3d
@ -2271,7 +2271,8 @@ int ssl3_get_cert_status(SSL *s)
|
|||||||
{
|
{
|
||||||
int ok, al;
|
int ok, al;
|
||||||
unsigned long resplen, n;
|
unsigned long resplen, n;
|
||||||
const unsigned char *p;
|
unsigned int type;
|
||||||
|
PACKET pkt;
|
||||||
|
|
||||||
n = s->method->ssl_get_message(s,
|
n = s->method->ssl_get_message(s,
|
||||||
SSL3_ST_CR_CERT_STATUS_A,
|
SSL3_ST_CR_CERT_STATUS_A,
|
||||||
@ -2280,31 +2281,36 @@ int ssl3_get_cert_status(SSL *s)
|
|||||||
|
|
||||||
if (!ok)
|
if (!ok)
|
||||||
return ((int)n);
|
return ((int)n);
|
||||||
if (n < 4) {
|
|
||||||
/* need at least status type + length */
|
if (!PACKET_buf_init(&pkt, s->init_msg, n)) {
|
||||||
al = SSL_AD_DECODE_ERROR;
|
al = SSL_AD_INTERNAL_ERROR;
|
||||||
SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
|
SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_INTERNAL_ERROR);
|
||||||
goto f_err;
|
goto f_err;
|
||||||
}
|
}
|
||||||
p = (unsigned char *)s->init_msg;
|
if (!PACKET_get_1(&pkt, &type)
|
||||||
if (*p++ != TLSEXT_STATUSTYPE_ocsp) {
|
|| type != TLSEXT_STATUSTYPE_ocsp) {
|
||||||
al = SSL_AD_DECODE_ERROR;
|
al = SSL_AD_DECODE_ERROR;
|
||||||
SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE);
|
SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE);
|
||||||
goto f_err;
|
goto f_err;
|
||||||
}
|
}
|
||||||
n2l3(p, resplen);
|
if (!PACKET_get_net_3(&pkt, &resplen)
|
||||||
if (resplen + 4 != n) {
|
|| PACKET_remaining(&pkt) != resplen) {
|
||||||
al = SSL_AD_DECODE_ERROR;
|
al = SSL_AD_DECODE_ERROR;
|
||||||
SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
|
SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
|
||||||
goto f_err;
|
goto f_err;
|
||||||
}
|
}
|
||||||
OPENSSL_free(s->tlsext_ocsp_resp);
|
OPENSSL_free(s->tlsext_ocsp_resp);
|
||||||
s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
|
s->tlsext_ocsp_resp = OPENSSL_malloc(resplen);
|
||||||
if (!s->tlsext_ocsp_resp) {
|
if (!s->tlsext_ocsp_resp) {
|
||||||
al = SSL_AD_INTERNAL_ERROR;
|
al = SSL_AD_INTERNAL_ERROR;
|
||||||
SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
|
SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
|
||||||
goto f_err;
|
goto f_err;
|
||||||
}
|
}
|
||||||
|
if (!PACKET_copy_bytes(&pkt, s->tlsext_ocsp_resp, resplen)) {
|
||||||
|
al = SSL_AD_DECODE_ERROR;
|
||||||
|
SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
|
||||||
|
goto f_err;
|
||||||
|
}
|
||||||
s->tlsext_ocsp_resplen = resplen;
|
s->tlsext_ocsp_resplen = resplen;
|
||||||
if (s->ctx->tlsext_status_cb) {
|
if (s->ctx->tlsext_status_cb) {
|
||||||
int ret;
|
int ret;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user