Clean up TLSv1.2 certificate request handshake data.

Currently cert_req is used by clients and cert_request is used by servers. Replace this by a single cert_request used by either client or server. Remove the certificate types as they are currently unused. This also fixes a bug whereby if the number of certificate types exceeds SSL3_CT_NUMBER the number of bytes read in is insufficient, which will break decoding. ok inoguchi@ tb@
author: jsing <> 2021-04-21 19:27:56 +0000
committer: jsing <> 2021-04-21 19:27:56 +0000
commit: c0fa404c22925c9af0bc614df8099126ce54eee8 (patch)
tree: 00c27f46eb336858aa2f95e55eb1b6f71cb3c869 /src/lib/libssl/s3_lib.c
parent: 82f5c0f3ecd6365b1fe8cbd40e7c8bf23ee55632 (diff)
download: openbsd-c0fa404c22925c9af0bc614df8099126ce54eee8.tar.gz
openbsd-c0fa404c22925c9af0bc614df8099126ce54eee8.tar.bz2
openbsd-c0fa404c22925c9af0bc614df8099126ce54eee8.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 6563de5be2..9dd6343b84 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.207 2021/04/19 16:47:25 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.208 2021/04/21 19:27:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1570,7 +1570,7 @@ ssl3_free(SSL *s)
        freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len);
        tls13_clienthello_hash_clear(&S3I(s)->hs.tls13);
-        sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
+        sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free);
        tls1_transcript_free(s);
        tls1_transcript_hash_free(s);
@@ -1591,7 +1591,7 @@ ssl3_clear(SSL *s)
        size_t           rlen, wlen;
        tls1_cleanup_key_block(s);
-        sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
+        sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free);
        DH_free(S3I(s)->tmp.dh);
        S3I(s)->tmp.dh = NULL;
author	jsing <>	2021-04-21 19:27:56 +0000
committer	jsing <>	2021-04-21 19:27:56 +0000
commit	c0fa404c22925c9af0bc614df8099126ce54eee8 (patch)
tree	00c27f46eb336858aa2f95e55eb1b6f71cb3c869 /src/lib/libssl/s3_lib.c
parent	82f5c0f3ecd6365b1fe8cbd40e7c8bf23ee55632 (diff)
download	openbsd-c0fa404c22925c9af0bc614df8099126ce54eee8.tar.gz openbsd-c0fa404c22925c9af0bc614df8099126ce54eee8.tar.bz2 openbsd-c0fa404c22925c9af0bc614df8099126ce54eee8.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 6563de5be2..9dd6343b84 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.207 2021/04/19 16:47:25 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.208 2021/04/21 19:27:56 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1570,7 +1570,7 @@ ssl3_free(SSL *s)
1570	freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len);	1570	freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len);
1571	tls13_clienthello_hash_clear(&S3I(s)->hs.tls13);	1571	tls13_clienthello_hash_clear(&S3I(s)->hs.tls13);
1572		1572
1573	sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);	1573	sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free);
1574		1574
1575	tls1_transcript_free(s);	1575	tls1_transcript_free(s);
1576	tls1_transcript_hash_free(s);	1576	tls1_transcript_hash_free(s);
@@ -1591,7 +1591,7 @@ ssl3_clear(SSL *s)
1591	size_t rlen, wlen;	1591	size_t rlen, wlen;
1592		1592
1593	tls1_cleanup_key_block(s);	1593	tls1_cleanup_key_block(s);
1594	sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);	1594	sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free);
1595		1595
1596	DH_free(S3I(s)->tmp.dh);	1596	DH_free(S3I(s)->tmp.dh);
1597	S3I(s)->tmp.dh = NULL;	1597	S3I(s)->tmp.dh = NULL;