Convert ssl3_get_client_certificate to CBS.

ok miod@ jsing@
author: doug <> 2015-07-14 05:16:47 +0000
committer: doug <> 2015-07-14 05:16:47 +0000
commit: 2ebaf4821a79597e95b3e494a8fb15aa4ca1cc12 (patch)
tree: 5a55cb8fb49eaaf943d8d20e7459cc8399905038
parent: ab8fee4a197bd05ef0521b71e04c32e20f8d271f (diff)
download: openbsd-2ebaf4821a79597e95b3e494a8fb15aa4ca1cc12.tar.gz
openbsd-2ebaf4821a79597e95b3e494a8fb15aa4ca1cc12.tar.bz2
openbsd-2ebaf4821a79597e95b3e494a8fb15aa4ca1cc12.zip
2 files changed, 38 insertions, 30 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index ab8e74e63a..e70f8af440 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.109 2015/06/20 17:04:07 doug Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.110 2015/07/14 05:16:47 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2335,10 +2335,11 @@ end:
 int
 ssl3_get_client_certificate(SSL *s)
 {
+        CBS cbs, client_certs;
        int i, ok, al, ret = -1;
        X509 *x = NULL;
-        unsigned long l, nc, llen, n;
+        long n;
-        const unsigned char *p, *q;
+        const unsigned char *q;
        STACK_OF(X509) *sk = NULL;
        n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
@@ -2376,7 +2377,11 @@ ssl3_get_client_certificate(SSL *s)
                    SSL_R_WRONG_MESSAGE_TYPE);
                goto f_err;
        }
-        p = (const unsigned char *)s->init_msg;
+        if (n < 0)
+                goto truncated;
+        CBS_init(&cbs, s->init_msg, n);
        if ((sk = sk_X509_new_null()) == NULL) {
                SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
@@ -2384,28 +2389,28 @@ ssl3_get_client_certificate(SSL *s)
                goto err;
        }
-        if (3 > n)
+        if (!CBS_get_u24_length_prefixed(&cbs, &client_certs) ||
-                goto truncated;
+            CBS_len(&cbs) != 0)
-        n2l3(p, llen);
-        if (llen + 3 != n)
                goto truncated;
-        for (nc = 0; nc < llen;) {
-                n2l3(p, l);
+        while (CBS_len(&client_certs) > 0) {
-                if (l + nc + 3 > llen) {
+                CBS cert;
+                if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) {
                        al = SSL_AD_DECODE_ERROR;
                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
                            SSL_R_CERT_LENGTH_MISMATCH);
                        goto f_err;
                }
-                q = p;
+                q = CBS_data(&cert);
-                x = d2i_X509(NULL, &p, l);
+                x = d2i_X509(NULL, &q, CBS_len(&cert));
                if (x == NULL) {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
                            ERR_R_ASN1_LIB);
                        goto err;
                }
-                if (p != (q + l)) {
+                if (q != CBS_data(&cert) + CBS_len(&cert)) {
                        al = SSL_AD_DECODE_ERROR;
                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
                            SSL_R_CERT_LENGTH_MISMATCH);
@@ -2417,7 +2422,6 @@ ssl3_get_client_certificate(SSL *s)
                        goto err;
                }
                x = NULL;
-                nc += l + 3;
        }
        if (sk_X509_num(sk) <= 0) {
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index ab8e74e63a..e70f8af440 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.109 2015/06/20 17:04:07 doug Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.110 2015/07/14 05:16:47 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2335,10 +2335,11 @@ end:
 int
 ssl3_get_client_certificate(SSL *s)
 {
+        CBS cbs, client_certs;
        int i, ok, al, ret = -1;
        X509 *x = NULL;
-        unsigned long l, nc, llen, n;
+        long n;
-        const unsigned char *p, *q;
+        const unsigned char *q;
        STACK_OF(X509) *sk = NULL;
        n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
@@ -2376,7 +2377,11 @@ ssl3_get_client_certificate(SSL *s)
                    SSL_R_WRONG_MESSAGE_TYPE);
                goto f_err;
        }
-        p = (const unsigned char *)s->init_msg;
+        if (n < 0)
+                goto truncated;
+        CBS_init(&cbs, s->init_msg, n);
        if ((sk = sk_X509_new_null()) == NULL) {
                SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
@@ -2384,28 +2389,28 @@ ssl3_get_client_certificate(SSL *s)
                goto err;
        }
-        if (3 > n)
+        if (!CBS_get_u24_length_prefixed(&cbs, &client_certs) ||
-                goto truncated;
+            CBS_len(&cbs) != 0)
-        n2l3(p, llen);
-        if (llen + 3 != n)
                goto truncated;
-        for (nc = 0; nc < llen;) {
-                n2l3(p, l);
+        while (CBS_len(&client_certs) > 0) {
-                if (l + nc + 3 > llen) {
+                CBS cert;
+                if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) {
                        al = SSL_AD_DECODE_ERROR;
                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
                            SSL_R_CERT_LENGTH_MISMATCH);
                        goto f_err;
                }
-                q = p;
+                q = CBS_data(&cert);
-                x = d2i_X509(NULL, &p, l);
+                x = d2i_X509(NULL, &q, CBS_len(&cert));
                if (x == NULL) {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
                            ERR_R_ASN1_LIB);
                        goto err;
                }
-                if (p != (q + l)) {
+                if (q != CBS_data(&cert) + CBS_len(&cert)) {
                        al = SSL_AD_DECODE_ERROR;
                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
                            SSL_R_CERT_LENGTH_MISMATCH);
@@ -2417,7 +2422,6 @@ ssl3_get_client_certificate(SSL *s)
                        goto err;
                }
                x = NULL;
-                nc += l + 3;
        }
        if (sk_X509_num(sk) <= 0) {
author	doug <>	2015-07-14 05:16:47 +0000
committer	doug <>	2015-07-14 05:16:47 +0000
commit	2ebaf4821a79597e95b3e494a8fb15aa4ca1cc12 (patch)
tree	5a55cb8fb49eaaf943d8d20e7459cc8399905038
parent	ab8fee4a197bd05ef0521b71e04c32e20f8d271f (diff)
download	openbsd-2ebaf4821a79597e95b3e494a8fb15aa4ca1cc12.tar.gz openbsd-2ebaf4821a79597e95b3e494a8fb15aa4ca1cc12.tar.bz2 openbsd-2ebaf4821a79597e95b3e494a8fb15aa4ca1cc12.zip

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index ab8e74e63a..e70f8af440 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.109 2015/06/20 17:04:07 doug Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.110 2015/07/14 05:16:47 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2335,10 +2335,11 @@ end:
2335	int	2335	int
2336	ssl3_get_client_certificate(SSL *s)	2336	ssl3_get_client_certificate(SSL *s)
2337	{	2337	{
		2338	CBS cbs, client_certs;
2338	int i, ok, al, ret = -1;	2339	int i, ok, al, ret = -1;
2339	X509 *x = NULL;	2340	X509 *x = NULL;
2340	unsigned long l, nc, llen, n;	2341	long n;
2341	const unsigned char p, q;	2342	const unsigned char *q;
2342	STACK_OF(X509) *sk = NULL;	2343	STACK_OF(X509) *sk = NULL;
2343		2344
2344	n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,	2345	n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
@@ -2376,7 +2377,11 @@ ssl3_get_client_certificate(SSL *s)
2376	SSL_R_WRONG_MESSAGE_TYPE);	2377	SSL_R_WRONG_MESSAGE_TYPE);
2377	goto f_err;	2378	goto f_err;
2378	}	2379	}
2379	p = (const unsigned char *)s->init_msg;	2380
		2381	if (n < 0)
		2382	goto truncated;
		2383
		2384	CBS_init(&cbs, s->init_msg, n);
2380		2385
2381	if ((sk = sk_X509_new_null()) == NULL) {	2386	if ((sk = sk_X509_new_null()) == NULL) {
2382	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,	2387	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
@@ -2384,28 +2389,28 @@ ssl3_get_client_certificate(SSL *s)
2384	goto err;	2389	goto err;
2385	}	2390	}
2386		2391
2387	if (3 > n)	2392	if (!CBS_get_u24_length_prefixed(&cbs, &client_certs) \|\|
2388	goto truncated;	2393	CBS_len(&cbs) != 0)
2389	n2l3(p, llen);
2390	if (llen + 3 != n)
2391	goto truncated;	2394	goto truncated;
2392	for (nc = 0; nc < llen;) {	2395
2393	n2l3(p, l);	2396	while (CBS_len(&client_certs) > 0) {
2394	if (l + nc + 3 > llen) {	2397	CBS cert;
		2398
		2399	if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) {
2395	al = SSL_AD_DECODE_ERROR;	2400	al = SSL_AD_DECODE_ERROR;
2396	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,	2401	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2397	SSL_R_CERT_LENGTH_MISMATCH);	2402	SSL_R_CERT_LENGTH_MISMATCH);
2398	goto f_err;	2403	goto f_err;
2399	}	2404	}
2400		2405
2401	q = p;	2406	q = CBS_data(&cert);
2402	x = d2i_X509(NULL, &p, l);	2407	x = d2i_X509(NULL, &q, CBS_len(&cert));
2403	if (x == NULL) {	2408	if (x == NULL) {
2404	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,	2409	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2405	ERR_R_ASN1_LIB);	2410	ERR_R_ASN1_LIB);
2406	goto err;	2411	goto err;
2407	}	2412	}
2408	if (p != (q + l)) {	2413	if (q != CBS_data(&cert) + CBS_len(&cert)) {
2409	al = SSL_AD_DECODE_ERROR;	2414	al = SSL_AD_DECODE_ERROR;
2410	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,	2415	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2411	SSL_R_CERT_LENGTH_MISMATCH);	2416	SSL_R_CERT_LENGTH_MISMATCH);
@@ -2417,7 +2422,6 @@ ssl3_get_client_certificate(SSL *s)
2417	goto err;	2422	goto err;
2418	}	2423	}
2419	x = NULL;	2424	x = NULL;
2420	nc += l + 3;
2421	}	2425	}
2422		2426
2423	if (sk_X509_num(sk) <= 0) {	2427	if (sk_X509_num(sk) <= 0) {


diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index ab8e74e63a..e70f8af440 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.109 2015/06/20 17:04:07 doug Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.110 2015/07/14 05:16:47 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2335,10 +2335,11 @@ end:
2335	int	2335	int
2336	ssl3_get_client_certificate(SSL *s)	2336	ssl3_get_client_certificate(SSL *s)
2337	{	2337	{
		2338	CBS cbs, client_certs;
2338	int i, ok, al, ret = -1;	2339	int i, ok, al, ret = -1;
2339	X509 *x = NULL;	2340	X509 *x = NULL;
2340	unsigned long l, nc, llen, n;	2341	long n;
2341	const unsigned char p, q;	2342	const unsigned char *q;
2342	STACK_OF(X509) *sk = NULL;	2343	STACK_OF(X509) *sk = NULL;
2343		2344
2344	n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,	2345	n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
@@ -2376,7 +2377,11 @@ ssl3_get_client_certificate(SSL *s)
2376	SSL_R_WRONG_MESSAGE_TYPE);	2377	SSL_R_WRONG_MESSAGE_TYPE);
2377	goto f_err;	2378	goto f_err;
2378	}	2379	}
2379	p = (const unsigned char *)s->init_msg;	2380
		2381	if (n < 0)
		2382	goto truncated;
		2383
		2384	CBS_init(&cbs, s->init_msg, n);
2380		2385
2381	if ((sk = sk_X509_new_null()) == NULL) {	2386	if ((sk = sk_X509_new_null()) == NULL) {
2382	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,	2387	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
@@ -2384,28 +2389,28 @@ ssl3_get_client_certificate(SSL *s)
2384	goto err;	2389	goto err;
2385	}	2390	}
2386		2391
2387	if (3 > n)	2392	if (!CBS_get_u24_length_prefixed(&cbs, &client_certs) \|\|
2388	goto truncated;	2393	CBS_len(&cbs) != 0)
2389	n2l3(p, llen);
2390	if (llen + 3 != n)
2391	goto truncated;	2394	goto truncated;
2392	for (nc = 0; nc < llen;) {	2395
2393	n2l3(p, l);	2396	while (CBS_len(&client_certs) > 0) {
2394	if (l + nc + 3 > llen) {	2397	CBS cert;
		2398
		2399	if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) {
2395	al = SSL_AD_DECODE_ERROR;	2400	al = SSL_AD_DECODE_ERROR;
2396	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,	2401	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2397	SSL_R_CERT_LENGTH_MISMATCH);	2402	SSL_R_CERT_LENGTH_MISMATCH);
2398	goto f_err;	2403	goto f_err;
2399	}	2404	}
2400		2405
2401	q = p;	2406	q = CBS_data(&cert);
2402	x = d2i_X509(NULL, &p, l);	2407	x = d2i_X509(NULL, &q, CBS_len(&cert));
2403	if (x == NULL) {	2408	if (x == NULL) {
2404	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,	2409	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2405	ERR_R_ASN1_LIB);	2410	ERR_R_ASN1_LIB);
2406	goto err;	2411	goto err;
2407	}	2412	}
2408	if (p != (q + l)) {	2413	if (q != CBS_data(&cert) + CBS_len(&cert)) {
2409	al = SSL_AD_DECODE_ERROR;	2414	al = SSL_AD_DECODE_ERROR;
2410	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,	2415	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2411	SSL_R_CERT_LENGTH_MISMATCH);	2416	SSL_R_CERT_LENGTH_MISMATCH);
@@ -2417,7 +2422,6 @@ ssl3_get_client_certificate(SSL *s)
2417	goto err;	2422	goto err;
2418	}	2423	}
2419	x = NULL;	2424	x = NULL;
2420	nc += l + 3;
2421	}	2425	}
2422		2426
2423	if (sk_X509_num(sk) <= 0) {	2427	if (sk_X509_num(sk) <= 0) {