diff options
| author | doug <> | 2015-07-19 07:34:52 +0000 |
|---|---|---|
| committer | doug <> | 2015-07-19 07:34:52 +0000 |
| commit | 8e19e5bdab3eb3bf6118bc7b81c7f207f48b7c48 (patch) | |
| tree | 1fdbc1db5b478c4a48da647cbcf7414bf6770dfb | |
| parent | 11e1a704b0141f0bc09002ae44c62941ba74c537 (diff) | |
| download | openbsd-8e19e5bdab3eb3bf6118bc7b81c7f207f48b7c48.tar.gz openbsd-8e19e5bdab3eb3bf6118bc7b81c7f207f48b7c48.tar.bz2 openbsd-8e19e5bdab3eb3bf6118bc7b81c7f207f48b7c48.zip | |
Convert ssl3_get_certificate_request to CBS.
ok miod@
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 64 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_clnt.c | 64 |
2 files changed, 66 insertions, 62 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index ee964407ee..9a5ef826f6 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.119 2015/07/15 22:22:54 beck Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.120 2015/07/19 07:34:52 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1537,11 +1537,11 @@ int | |||
| 1537 | ssl3_get_certificate_request(SSL *s) | 1537 | ssl3_get_certificate_request(SSL *s) |
| 1538 | { | 1538 | { |
| 1539 | int ok, ret = 0; | 1539 | int ok, ret = 0; |
| 1540 | unsigned long n, nc, l; | 1540 | long n; |
| 1541 | unsigned int llen, ctype_num, i; | 1541 | uint8_t ctype_num; |
| 1542 | CBS cert_request, ctypes, rdn_list; | ||
| 1542 | X509_NAME *xn = NULL; | 1543 | X509_NAME *xn = NULL; |
| 1543 | const unsigned char *p, *q; | 1544 | const unsigned char *q; |
| 1544 | unsigned char *d; | ||
| 1545 | STACK_OF(X509_NAME) *ca_sk = NULL; | 1545 | STACK_OF(X509_NAME) *ca_sk = NULL; |
| 1546 | 1546 | ||
| 1547 | n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A, | 1547 | n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A, |
| @@ -1583,7 +1583,9 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1583 | } | 1583 | } |
| 1584 | } | 1584 | } |
| 1585 | 1585 | ||
| 1586 | p = d = (unsigned char *)s->init_msg; | 1586 | if (n < 0) |
| 1587 | goto truncated; | ||
| 1588 | CBS_init(&cert_request, s->init_msg, n); | ||
| 1587 | 1589 | ||
| 1588 | if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { | 1590 | if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { |
| 1589 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1591 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| @@ -1592,77 +1594,80 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1592 | } | 1594 | } |
| 1593 | 1595 | ||
| 1594 | /* get the certificate types */ | 1596 | /* get the certificate types */ |
| 1595 | if (1 > n) | 1597 | if (!CBS_get_u8(&cert_request, &ctype_num)) |
| 1596 | goto truncated; | 1598 | goto truncated; |
| 1597 | ctype_num= *(p++); | 1599 | |
| 1598 | if (ctype_num > SSL3_CT_NUMBER) | 1600 | if (ctype_num > SSL3_CT_NUMBER) |
| 1599 | ctype_num = SSL3_CT_NUMBER; | 1601 | ctype_num = SSL3_CT_NUMBER; |
| 1600 | if (p + ctype_num - d > n) { | 1602 | if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) || |
| 1603 | !CBS_write_bytes(&ctypes, s->s3->tmp.ctype, | ||
| 1604 | sizeof(s->s3->tmp.ctype), NULL)) { | ||
| 1601 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1605 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1602 | SSL_R_DATA_LENGTH_TOO_LONG); | 1606 | SSL_R_DATA_LENGTH_TOO_LONG); |
| 1603 | goto err; | 1607 | goto err; |
| 1604 | } | 1608 | } |
| 1605 | 1609 | ||
| 1606 | for (i = 0; i < ctype_num; i++) | ||
| 1607 | s->s3->tmp.ctype[i] = p[i]; | ||
| 1608 | p += ctype_num; | ||
| 1609 | if (SSL_USE_SIGALGS(s)) { | 1610 | if (SSL_USE_SIGALGS(s)) { |
| 1610 | if (p + 2 - d > n) { | 1611 | CBS sigalgs; |
| 1612 | |||
| 1613 | if (CBS_len(&cert_request) < 2) { | ||
| 1611 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1614 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1612 | SSL_R_DATA_LENGTH_TOO_LONG); | 1615 | SSL_R_DATA_LENGTH_TOO_LONG); |
| 1613 | goto err; | 1616 | goto err; |
| 1614 | } | 1617 | } |
| 1615 | n2s(p, llen); | 1618 | |
| 1616 | /* Check we have enough room for signature algorithms and | 1619 | /* Check we have enough room for signature algorithms and |
| 1617 | * following length value. | 1620 | * following length value. |
| 1618 | */ | 1621 | */ |
| 1619 | if ((unsigned long)(p - d + llen + 2) > n) { | 1622 | if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) { |
| 1620 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | 1623 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); |
| 1621 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1624 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1622 | SSL_R_DATA_LENGTH_TOO_LONG); | 1625 | SSL_R_DATA_LENGTH_TOO_LONG); |
| 1623 | goto err; | 1626 | goto err; |
| 1624 | } | 1627 | } |
| 1625 | if ((llen & 1) || !tls1_process_sigalgs(s, p, llen)) { | 1628 | if ((CBS_len(&sigalgs) & 1) || |
| 1629 | !tls1_process_sigalgs(s, CBS_data(&sigalgs), | ||
| 1630 | CBS_len(&sigalgs))) { | ||
| 1626 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | 1631 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); |
| 1627 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1632 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1628 | SSL_R_SIGNATURE_ALGORITHMS_ERROR); | 1633 | SSL_R_SIGNATURE_ALGORITHMS_ERROR); |
| 1629 | goto err; | 1634 | goto err; |
| 1630 | } | 1635 | } |
| 1631 | p += llen; | ||
| 1632 | } | 1636 | } |
| 1633 | 1637 | ||
| 1634 | /* get the CA RDNs */ | 1638 | /* get the CA RDNs */ |
| 1635 | if (p + 2 - d > n) { | 1639 | if (CBS_len(&cert_request) < 2) { |
| 1636 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1640 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1637 | SSL_R_DATA_LENGTH_TOO_LONG); | 1641 | SSL_R_DATA_LENGTH_TOO_LONG); |
| 1638 | goto err; | 1642 | goto err; |
| 1639 | } | 1643 | } |
| 1640 | n2s(p, llen); | ||
| 1641 | 1644 | ||
| 1642 | if ((unsigned long)(p - d + llen) != n) { | 1645 | if (!CBS_get_u16_length_prefixed(&cert_request, &rdn_list) || |
| 1646 | CBS_len(&cert_request) != 0) { | ||
| 1643 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | 1647 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); |
| 1644 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1648 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1645 | SSL_R_LENGTH_MISMATCH); | 1649 | SSL_R_LENGTH_MISMATCH); |
| 1646 | goto err; | 1650 | goto err; |
| 1647 | } | 1651 | } |
| 1648 | 1652 | ||
| 1649 | for (nc = 0; nc < llen; ) { | 1653 | while (CBS_len(&rdn_list) > 0) { |
| 1650 | if (p + 2 - d > n) { | 1654 | CBS rdn; |
| 1655 | |||
| 1656 | if (CBS_len(&rdn_list) < 2) { | ||
| 1651 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1657 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1652 | SSL_R_DATA_LENGTH_TOO_LONG); | 1658 | SSL_R_DATA_LENGTH_TOO_LONG); |
| 1653 | goto err; | 1659 | goto err; |
| 1654 | } | 1660 | } |
| 1655 | n2s(p, l); | 1661 | |
| 1656 | if ((l + nc + 2) > llen) { | 1662 | if (!CBS_get_u16_length_prefixed(&rdn_list, &rdn)) { |
| 1657 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | 1663 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); |
| 1658 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1664 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1659 | SSL_R_CA_DN_TOO_LONG); | 1665 | SSL_R_CA_DN_TOO_LONG); |
| 1660 | goto err; | 1666 | goto err; |
| 1661 | } | 1667 | } |
| 1662 | 1668 | ||
| 1663 | q = p; | 1669 | q = CBS_data(&rdn); |
| 1664 | 1670 | if ((xn = d2i_X509_NAME(NULL, &q, CBS_len(&rdn))) == NULL) { | |
| 1665 | if ((xn = d2i_X509_NAME(NULL, &q, l)) == NULL) { | ||
| 1666 | ssl3_send_alert(s, SSL3_AL_FATAL, | 1671 | ssl3_send_alert(s, SSL3_AL_FATAL, |
| 1667 | SSL_AD_DECODE_ERROR); | 1672 | SSL_AD_DECODE_ERROR); |
| 1668 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1673 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| @@ -1670,7 +1675,7 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1670 | goto err; | 1675 | goto err; |
| 1671 | } | 1676 | } |
| 1672 | 1677 | ||
| 1673 | if (q != (p + l)) { | 1678 | if (q != CBS_data(&rdn) + CBS_len(&rdn)) { |
| 1674 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | 1679 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); |
| 1675 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1680 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1676 | SSL_R_CA_DN_LENGTH_MISMATCH); | 1681 | SSL_R_CA_DN_LENGTH_MISMATCH); |
| @@ -1681,9 +1686,6 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1681 | ERR_R_MALLOC_FAILURE); | 1686 | ERR_R_MALLOC_FAILURE); |
| 1682 | goto err; | 1687 | goto err; |
| 1683 | } | 1688 | } |
| 1684 | |||
| 1685 | p += l; | ||
| 1686 | nc += l + 2; | ||
| 1687 | } | 1689 | } |
| 1688 | 1690 | ||
| 1689 | /* we should setup a certificate to return.... */ | 1691 | /* we should setup a certificate to return.... */ |
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index ee964407ee..9a5ef826f6 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.119 2015/07/15 22:22:54 beck Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.120 2015/07/19 07:34:52 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1537,11 +1537,11 @@ int | |||
| 1537 | ssl3_get_certificate_request(SSL *s) | 1537 | ssl3_get_certificate_request(SSL *s) |
| 1538 | { | 1538 | { |
| 1539 | int ok, ret = 0; | 1539 | int ok, ret = 0; |
| 1540 | unsigned long n, nc, l; | 1540 | long n; |
| 1541 | unsigned int llen, ctype_num, i; | 1541 | uint8_t ctype_num; |
| 1542 | CBS cert_request, ctypes, rdn_list; | ||
| 1542 | X509_NAME *xn = NULL; | 1543 | X509_NAME *xn = NULL; |
| 1543 | const unsigned char *p, *q; | 1544 | const unsigned char *q; |
| 1544 | unsigned char *d; | ||
| 1545 | STACK_OF(X509_NAME) *ca_sk = NULL; | 1545 | STACK_OF(X509_NAME) *ca_sk = NULL; |
| 1546 | 1546 | ||
| 1547 | n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A, | 1547 | n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A, |
| @@ -1583,7 +1583,9 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1583 | } | 1583 | } |
| 1584 | } | 1584 | } |
| 1585 | 1585 | ||
| 1586 | p = d = (unsigned char *)s->init_msg; | 1586 | if (n < 0) |
| 1587 | goto truncated; | ||
| 1588 | CBS_init(&cert_request, s->init_msg, n); | ||
| 1587 | 1589 | ||
| 1588 | if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { | 1590 | if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { |
| 1589 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1591 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| @@ -1592,77 +1594,80 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1592 | } | 1594 | } |
| 1593 | 1595 | ||
| 1594 | /* get the certificate types */ | 1596 | /* get the certificate types */ |
| 1595 | if (1 > n) | 1597 | if (!CBS_get_u8(&cert_request, &ctype_num)) |
| 1596 | goto truncated; | 1598 | goto truncated; |
| 1597 | ctype_num= *(p++); | 1599 | |
| 1598 | if (ctype_num > SSL3_CT_NUMBER) | 1600 | if (ctype_num > SSL3_CT_NUMBER) |
| 1599 | ctype_num = SSL3_CT_NUMBER; | 1601 | ctype_num = SSL3_CT_NUMBER; |
| 1600 | if (p + ctype_num - d > n) { | 1602 | if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) || |
| 1603 | !CBS_write_bytes(&ctypes, s->s3->tmp.ctype, | ||
| 1604 | sizeof(s->s3->tmp.ctype), NULL)) { | ||
| 1601 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1605 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1602 | SSL_R_DATA_LENGTH_TOO_LONG); | 1606 | SSL_R_DATA_LENGTH_TOO_LONG); |
| 1603 | goto err; | 1607 | goto err; |
| 1604 | } | 1608 | } |
| 1605 | 1609 | ||
| 1606 | for (i = 0; i < ctype_num; i++) | ||
| 1607 | s->s3->tmp.ctype[i] = p[i]; | ||
| 1608 | p += ctype_num; | ||
| 1609 | if (SSL_USE_SIGALGS(s)) { | 1610 | if (SSL_USE_SIGALGS(s)) { |
| 1610 | if (p + 2 - d > n) { | 1611 | CBS sigalgs; |
| 1612 | |||
| 1613 | if (CBS_len(&cert_request) < 2) { | ||
| 1611 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1614 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1612 | SSL_R_DATA_LENGTH_TOO_LONG); | 1615 | SSL_R_DATA_LENGTH_TOO_LONG); |
| 1613 | goto err; | 1616 | goto err; |
| 1614 | } | 1617 | } |
| 1615 | n2s(p, llen); | 1618 | |
| 1616 | /* Check we have enough room for signature algorithms and | 1619 | /* Check we have enough room for signature algorithms and |
| 1617 | * following length value. | 1620 | * following length value. |
| 1618 | */ | 1621 | */ |
| 1619 | if ((unsigned long)(p - d + llen + 2) > n) { | 1622 | if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) { |
| 1620 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | 1623 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); |
| 1621 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1624 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1622 | SSL_R_DATA_LENGTH_TOO_LONG); | 1625 | SSL_R_DATA_LENGTH_TOO_LONG); |
| 1623 | goto err; | 1626 | goto err; |
| 1624 | } | 1627 | } |
| 1625 | if ((llen & 1) || !tls1_process_sigalgs(s, p, llen)) { | 1628 | if ((CBS_len(&sigalgs) & 1) || |
| 1629 | !tls1_process_sigalgs(s, CBS_data(&sigalgs), | ||
| 1630 | CBS_len(&sigalgs))) { | ||
| 1626 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | 1631 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); |
| 1627 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1632 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1628 | SSL_R_SIGNATURE_ALGORITHMS_ERROR); | 1633 | SSL_R_SIGNATURE_ALGORITHMS_ERROR); |
| 1629 | goto err; | 1634 | goto err; |
| 1630 | } | 1635 | } |
| 1631 | p += llen; | ||
| 1632 | } | 1636 | } |
| 1633 | 1637 | ||
| 1634 | /* get the CA RDNs */ | 1638 | /* get the CA RDNs */ |
| 1635 | if (p + 2 - d > n) { | 1639 | if (CBS_len(&cert_request) < 2) { |
| 1636 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1640 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1637 | SSL_R_DATA_LENGTH_TOO_LONG); | 1641 | SSL_R_DATA_LENGTH_TOO_LONG); |
| 1638 | goto err; | 1642 | goto err; |
| 1639 | } | 1643 | } |
| 1640 | n2s(p, llen); | ||
| 1641 | 1644 | ||
| 1642 | if ((unsigned long)(p - d + llen) != n) { | 1645 | if (!CBS_get_u16_length_prefixed(&cert_request, &rdn_list) || |
| 1646 | CBS_len(&cert_request) != 0) { | ||
| 1643 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | 1647 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); |
| 1644 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1648 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1645 | SSL_R_LENGTH_MISMATCH); | 1649 | SSL_R_LENGTH_MISMATCH); |
| 1646 | goto err; | 1650 | goto err; |
| 1647 | } | 1651 | } |
| 1648 | 1652 | ||
| 1649 | for (nc = 0; nc < llen; ) { | 1653 | while (CBS_len(&rdn_list) > 0) { |
| 1650 | if (p + 2 - d > n) { | 1654 | CBS rdn; |
| 1655 | |||
| 1656 | if (CBS_len(&rdn_list) < 2) { | ||
| 1651 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1657 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1652 | SSL_R_DATA_LENGTH_TOO_LONG); | 1658 | SSL_R_DATA_LENGTH_TOO_LONG); |
| 1653 | goto err; | 1659 | goto err; |
| 1654 | } | 1660 | } |
| 1655 | n2s(p, l); | 1661 | |
| 1656 | if ((l + nc + 2) > llen) { | 1662 | if (!CBS_get_u16_length_prefixed(&rdn_list, &rdn)) { |
| 1657 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | 1663 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); |
| 1658 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1664 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1659 | SSL_R_CA_DN_TOO_LONG); | 1665 | SSL_R_CA_DN_TOO_LONG); |
| 1660 | goto err; | 1666 | goto err; |
| 1661 | } | 1667 | } |
| 1662 | 1668 | ||
| 1663 | q = p; | 1669 | q = CBS_data(&rdn); |
| 1664 | 1670 | if ((xn = d2i_X509_NAME(NULL, &q, CBS_len(&rdn))) == NULL) { | |
| 1665 | if ((xn = d2i_X509_NAME(NULL, &q, l)) == NULL) { | ||
| 1666 | ssl3_send_alert(s, SSL3_AL_FATAL, | 1671 | ssl3_send_alert(s, SSL3_AL_FATAL, |
| 1667 | SSL_AD_DECODE_ERROR); | 1672 | SSL_AD_DECODE_ERROR); |
| 1668 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1673 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| @@ -1670,7 +1675,7 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1670 | goto err; | 1675 | goto err; |
| 1671 | } | 1676 | } |
| 1672 | 1677 | ||
| 1673 | if (q != (p + l)) { | 1678 | if (q != CBS_data(&rdn) + CBS_len(&rdn)) { |
| 1674 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | 1679 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); |
| 1675 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1680 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, |
| 1676 | SSL_R_CA_DN_LENGTH_MISMATCH); | 1681 | SSL_R_CA_DN_LENGTH_MISMATCH); |
| @@ -1681,9 +1686,6 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1681 | ERR_R_MALLOC_FAILURE); | 1686 | ERR_R_MALLOC_FAILURE); |
| 1682 | goto err; | 1687 | goto err; |
| 1683 | } | 1688 | } |
| 1684 | |||
| 1685 | p += l; | ||
| 1686 | nc += l + 2; | ||
| 1687 | } | 1689 | } |
| 1688 | 1690 | ||
| 1689 | /* we should setup a certificate to return.... */ | 1691 | /* we should setup a certificate to return.... */ |