summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_both.c
diff options
context:
space:
mode:
authorjsing <>2015-09-12 15:03:39 +0000
committerjsing <>2015-09-12 15:03:39 +0000
commit5b9ca35cbf458add3c0c5e9326f133e7ab812cb9 (patch)
treef43b2c4f0a83343ac09872bb9dd4075c5d209246 /src/lib/libssl/s3_both.c
parent4dbec400d163cf80f90bc9f4b22a894e932174ec (diff)
downloadopenbsd-5b9ca35cbf458add3c0c5e9326f133e7ab812cb9.tar.gz
openbsd-5b9ca35cbf458add3c0c5e9326f133e7ab812cb9.tar.bz2
openbsd-5b9ca35cbf458add3c0c5e9326f133e7ab812cb9.zip
Move handshake message header length determination into a separate
ssl3_handshake_msg_hdr_len() function. Use this to correct several places that have magic numbers with header lengths hardcoded as '4'. ok beck@
Diffstat (limited to 'src/lib/libssl/s3_both.c')
-rw-r--r--src/lib/libssl/s3_both.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 49b1e50659..cfd0fb9b4b 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_both.c,v 1.47 2015/09/11 18:08:21 jsing Exp $ */ 1/* $OpenBSD: s3_both.c,v 1.48 2015/09/12 15:03:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -326,6 +326,7 @@ ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
326 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); 326 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
327 return (-1); 327 return (-1);
328 } 328 }
329 /* XXX */
329 p = (unsigned char *)&(buf->data[*l]); 330 p = (unsigned char *)&(buf->data[*l]);
330 l2n3(n, p); 331 l2n3(n, p);
331 i2d_X509(x, &p); 332 i2d_X509(x, &p);
@@ -338,10 +339,10 @@ unsigned long
338ssl3_output_cert_chain(SSL *s, X509 *x) 339ssl3_output_cert_chain(SSL *s, X509 *x)
339{ 340{
340 unsigned char *p; 341 unsigned char *p;
341 int i; 342 unsigned long l = ssl3_handshake_msg_hdr_len(s) + 3;
342 unsigned long l = 7;
343 BUF_MEM *buf; 343 BUF_MEM *buf;
344 int no_chain; 344 int no_chain;
345 int i;
345 346
346 if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs) 347 if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
347 no_chain = 1; 348 no_chain = 1;
@@ -350,7 +351,7 @@ ssl3_output_cert_chain(SSL *s, X509 *x)
350 351
351 /* TLSv1 sends a chain with nothing in it, instead of an alert */ 352 /* TLSv1 sends a chain with nothing in it, instead of an alert */
352 buf = s->init_buf; 353 buf = s->init_buf;
353 if (!BUF_MEM_grow_clean(buf, 10)) { 354 if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) + 6)) {
354 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB); 355 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
355 return (0); 356 return (0);
356 } 357 }
@@ -388,14 +389,14 @@ ssl3_output_cert_chain(SSL *s, X509 *x)
388 return (0); 389 return (0);
389 } 390 }
390 391
391 l -= 7; 392 l -= ssl3_handshake_msg_hdr_len(s) + 3;
392 p = (unsigned char *)&(buf->data[4]); 393 p = (unsigned char *)&(buf->data[4]);
393 l2n3(l, p); 394 l2n3(l, p);
394 l += 3; 395 l += 3;
395 p = (unsigned char *)&(buf->data[0]); 396 p = (unsigned char *)&(buf->data[0]);
396 *(p++) = SSL3_MT_CERTIFICATE; 397 *(p++) = SSL3_MT_CERTIFICATE;
397 l2n3(l, p); 398 l2n3(l, p);
398 l += 4; 399 l += 4; /* XXX */
399 return (l); 400 return (l);
400} 401}
401 402
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 13:04:31 +0000