diff options
| author | doug <> | 2015-07-14 03:27:20 +0000 |
|---|---|---|
| committer | doug <> | 2015-07-14 03:27:20 +0000 |
| commit | a92cc6d16d3d886b25d33b061f3eab33e11b2fc0 (patch) | |
| tree | a325e8ca8bdf9ac6435d8b06226e2dd1eab8bad7 | |
| parent | 20370e95db02db2f050c62a4529b8215c33fb2ed (diff) | |
| download | openbsd-a92cc6d16d3d886b25d33b061f3eab33e11b2fc0.tar.gz openbsd-a92cc6d16d3d886b25d33b061f3eab33e11b2fc0.tar.bz2 openbsd-a92cc6d16d3d886b25d33b061f3eab33e11b2fc0.zip | |
Convert ssl3_get_server_certificate to CBS.
ok miod@
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 35 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_clnt.c | 35 |
2 files changed, 36 insertions, 34 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index cf8b2ec41d..1bbe2e686b 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.114 2015/06/24 09:44:18 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.115 2015/07/14 03:27:20 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -970,10 +970,10 @@ int | |||
| 970 | ssl3_get_server_certificate(SSL *s) | 970 | ssl3_get_server_certificate(SSL *s) |
| 971 | { | 971 | { |
| 972 | int al, i, ok, ret = -1; | 972 | int al, i, ok, ret = -1; |
| 973 | unsigned long n, nc, llen, l; | 973 | long n; |
| 974 | CBS cbs, cert_list; | ||
| 974 | X509 *x = NULL; | 975 | X509 *x = NULL; |
| 975 | const unsigned char *q, *p; | 976 | const unsigned char *q; |
| 976 | unsigned char *d; | ||
| 977 | STACK_OF(X509) *sk = NULL; | 977 | STACK_OF(X509) *sk = NULL; |
| 978 | SESS_CERT *sc; | 978 | SESS_CERT *sc; |
| 979 | EVP_PKEY *pkey = NULL; | 979 | EVP_PKEY *pkey = NULL; |
| @@ -995,7 +995,8 @@ ssl3_get_server_certificate(SSL *s) | |||
| 995 | SSL_R_BAD_MESSAGE_TYPE); | 995 | SSL_R_BAD_MESSAGE_TYPE); |
| 996 | goto f_err; | 996 | goto f_err; |
| 997 | } | 997 | } |
| 998 | p = d = (unsigned char *)s->init_msg; | 998 | |
| 999 | CBS_init(&cbs, s->init_msg, n); | ||
| 999 | 1000 | ||
| 1000 | if ((sk = sk_X509_new_null()) == NULL) { | 1001 | if ((sk = sk_X509_new_null()) == NULL) { |
| 1001 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 1002 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
| @@ -1003,35 +1004,37 @@ ssl3_get_server_certificate(SSL *s) | |||
| 1003 | goto err; | 1004 | goto err; |
| 1004 | } | 1005 | } |
| 1005 | 1006 | ||
| 1006 | if (p + 3 - d > n) | 1007 | if (n < 0 || CBS_len(&cbs) < 3) |
| 1007 | goto truncated; | 1008 | goto truncated; |
| 1008 | n2l3(p, llen); | 1009 | if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) || |
| 1009 | if (llen + 3 != n) { | 1010 | CBS_len(&cbs) != 0) { |
| 1010 | al = SSL_AD_DECODE_ERROR; | 1011 | al = SSL_AD_DECODE_ERROR; |
| 1011 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 1012 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
| 1012 | SSL_R_LENGTH_MISMATCH); | 1013 | SSL_R_LENGTH_MISMATCH); |
| 1013 | goto f_err; | 1014 | goto f_err; |
| 1014 | } | 1015 | } |
| 1015 | for (nc = 0; nc < llen; ) { | 1016 | |
| 1016 | if (p + 3 - d > n) | 1017 | while (CBS_len(&cert_list) > 0) { |
| 1018 | CBS cert; | ||
| 1019 | |||
| 1020 | if (CBS_len(&cert_list) < 3) | ||
| 1017 | goto truncated; | 1021 | goto truncated; |
| 1018 | n2l3(p, l); | 1022 | if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) { |
| 1019 | if ((l + nc + 3) > llen) { | ||
| 1020 | al = SSL_AD_DECODE_ERROR; | 1023 | al = SSL_AD_DECODE_ERROR; |
| 1021 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 1024 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
| 1022 | SSL_R_CERT_LENGTH_MISMATCH); | 1025 | SSL_R_CERT_LENGTH_MISMATCH); |
| 1023 | goto f_err; | 1026 | goto f_err; |
| 1024 | } | 1027 | } |
| 1025 | 1028 | ||
| 1026 | q = p; | 1029 | q = CBS_data(&cert); |
| 1027 | x = d2i_X509(NULL, &q, l); | 1030 | x = d2i_X509(NULL, &q, CBS_len(&cert)); |
| 1028 | if (x == NULL) { | 1031 | if (x == NULL) { |
| 1029 | al = SSL_AD_BAD_CERTIFICATE; | 1032 | al = SSL_AD_BAD_CERTIFICATE; |
| 1030 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 1033 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
| 1031 | ERR_R_ASN1_LIB); | 1034 | ERR_R_ASN1_LIB); |
| 1032 | goto f_err; | 1035 | goto f_err; |
| 1033 | } | 1036 | } |
| 1034 | if (q != (p + l)) { | 1037 | if (q != CBS_data(&cert) + CBS_len(&cert)) { |
| 1035 | al = SSL_AD_DECODE_ERROR; | 1038 | al = SSL_AD_DECODE_ERROR; |
| 1036 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 1039 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
| 1037 | SSL_R_CERT_LENGTH_MISMATCH); | 1040 | SSL_R_CERT_LENGTH_MISMATCH); |
| @@ -1043,8 +1046,6 @@ ssl3_get_server_certificate(SSL *s) | |||
| 1043 | goto err; | 1046 | goto err; |
| 1044 | } | 1047 | } |
| 1045 | x = NULL; | 1048 | x = NULL; |
| 1046 | nc += l + 3; | ||
| 1047 | p = q; | ||
| 1048 | } | 1049 | } |
| 1049 | 1050 | ||
| 1050 | i = ssl_verify_cert_chain(s, sk); | 1051 | i = ssl_verify_cert_chain(s, sk); |
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index cf8b2ec41d..1bbe2e686b 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.114 2015/06/24 09:44:18 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.115 2015/07/14 03:27:20 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -970,10 +970,10 @@ int | |||
| 970 | ssl3_get_server_certificate(SSL *s) | 970 | ssl3_get_server_certificate(SSL *s) |
| 971 | { | 971 | { |
| 972 | int al, i, ok, ret = -1; | 972 | int al, i, ok, ret = -1; |
| 973 | unsigned long n, nc, llen, l; | 973 | long n; |
| 974 | CBS cbs, cert_list; | ||
| 974 | X509 *x = NULL; | 975 | X509 *x = NULL; |
| 975 | const unsigned char *q, *p; | 976 | const unsigned char *q; |
| 976 | unsigned char *d; | ||
| 977 | STACK_OF(X509) *sk = NULL; | 977 | STACK_OF(X509) *sk = NULL; |
| 978 | SESS_CERT *sc; | 978 | SESS_CERT *sc; |
| 979 | EVP_PKEY *pkey = NULL; | 979 | EVP_PKEY *pkey = NULL; |
| @@ -995,7 +995,8 @@ ssl3_get_server_certificate(SSL *s) | |||
| 995 | SSL_R_BAD_MESSAGE_TYPE); | 995 | SSL_R_BAD_MESSAGE_TYPE); |
| 996 | goto f_err; | 996 | goto f_err; |
| 997 | } | 997 | } |
| 998 | p = d = (unsigned char *)s->init_msg; | 998 | |
| 999 | CBS_init(&cbs, s->init_msg, n); | ||
| 999 | 1000 | ||
| 1000 | if ((sk = sk_X509_new_null()) == NULL) { | 1001 | if ((sk = sk_X509_new_null()) == NULL) { |
| 1001 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 1002 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
| @@ -1003,35 +1004,37 @@ ssl3_get_server_certificate(SSL *s) | |||
| 1003 | goto err; | 1004 | goto err; |
| 1004 | } | 1005 | } |
| 1005 | 1006 | ||
| 1006 | if (p + 3 - d > n) | 1007 | if (n < 0 || CBS_len(&cbs) < 3) |
| 1007 | goto truncated; | 1008 | goto truncated; |
| 1008 | n2l3(p, llen); | 1009 | if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) || |
| 1009 | if (llen + 3 != n) { | 1010 | CBS_len(&cbs) != 0) { |
| 1010 | al = SSL_AD_DECODE_ERROR; | 1011 | al = SSL_AD_DECODE_ERROR; |
| 1011 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 1012 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
| 1012 | SSL_R_LENGTH_MISMATCH); | 1013 | SSL_R_LENGTH_MISMATCH); |
| 1013 | goto f_err; | 1014 | goto f_err; |
| 1014 | } | 1015 | } |
| 1015 | for (nc = 0; nc < llen; ) { | 1016 | |
| 1016 | if (p + 3 - d > n) | 1017 | while (CBS_len(&cert_list) > 0) { |
| 1018 | CBS cert; | ||
| 1019 | |||
| 1020 | if (CBS_len(&cert_list) < 3) | ||
| 1017 | goto truncated; | 1021 | goto truncated; |
| 1018 | n2l3(p, l); | 1022 | if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) { |
| 1019 | if ((l + nc + 3) > llen) { | ||
| 1020 | al = SSL_AD_DECODE_ERROR; | 1023 | al = SSL_AD_DECODE_ERROR; |
| 1021 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 1024 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
| 1022 | SSL_R_CERT_LENGTH_MISMATCH); | 1025 | SSL_R_CERT_LENGTH_MISMATCH); |
| 1023 | goto f_err; | 1026 | goto f_err; |
| 1024 | } | 1027 | } |
| 1025 | 1028 | ||
| 1026 | q = p; | 1029 | q = CBS_data(&cert); |
| 1027 | x = d2i_X509(NULL, &q, l); | 1030 | x = d2i_X509(NULL, &q, CBS_len(&cert)); |
| 1028 | if (x == NULL) { | 1031 | if (x == NULL) { |
| 1029 | al = SSL_AD_BAD_CERTIFICATE; | 1032 | al = SSL_AD_BAD_CERTIFICATE; |
| 1030 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 1033 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
| 1031 | ERR_R_ASN1_LIB); | 1034 | ERR_R_ASN1_LIB); |
| 1032 | goto f_err; | 1035 | goto f_err; |
| 1033 | } | 1036 | } |
| 1034 | if (q != (p + l)) { | 1037 | if (q != CBS_data(&cert) + CBS_len(&cert)) { |
| 1035 | al = SSL_AD_DECODE_ERROR; | 1038 | al = SSL_AD_DECODE_ERROR; |
| 1036 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 1039 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
| 1037 | SSL_R_CERT_LENGTH_MISMATCH); | 1040 | SSL_R_CERT_LENGTH_MISMATCH); |
| @@ -1043,8 +1046,6 @@ ssl3_get_server_certificate(SSL *s) | |||
| 1043 | goto err; | 1046 | goto err; |
| 1044 | } | 1047 | } |
| 1045 | x = NULL; | 1048 | x = NULL; |
| 1046 | nc += l + 3; | ||
| 1047 | p = q; | ||
| 1048 | } | 1049 | } |
| 1049 | 1050 | ||
| 1050 | i = ssl_verify_cert_chain(s, sk); | 1051 | i = ssl_verify_cert_chain(s, sk); |