From 2ebaf4821a79597e95b3e494a8fb15aa4ca1cc12 Mon Sep 17 00:00:00 2001
From: doug <>
Date: Tue, 14 Jul 2015 05:16:47 +0000
Subject: Convert ssl3_get_client_certificate to CBS.

ok miod@ jsing@
---
 src/lib/libssl/s3_srvr.c         | 34 +++++++++++++++++++---------------
 src/lib/libssl/src/ssl/s3_srvr.c | 34 +++++++++++++++++++---------------
 2 files changed, 38 insertions(+), 30 deletions(-)

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index ab8e74e63a..e70f8af440 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.109 2015/06/20 17:04:07 doug Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.110 2015/07/14 05:16:47 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2335,10 +2335,11 @@ end:
 int
 ssl3_get_client_certificate(SSL *s)
 {
+	CBS cbs, client_certs;
 	int i, ok, al, ret = -1;
 	X509 *x = NULL;
-	unsigned long l, nc, llen, n;
-	const unsigned char *p, *q;
+	long n;
+	const unsigned char *q;
 	STACK_OF(X509) *sk = NULL;
 
 	n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
@@ -2376,7 +2377,11 @@ ssl3_get_client_certificate(SSL *s)
 		    SSL_R_WRONG_MESSAGE_TYPE);
 		goto f_err;
 	}
-	p = (const unsigned char *)s->init_msg;
+
+	if (n < 0)
+		goto truncated;
+
+	CBS_init(&cbs, s->init_msg, n);
 
 	if ((sk = sk_X509_new_null()) == NULL) {
 		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
@@ -2384,28 +2389,28 @@ ssl3_get_client_certificate(SSL *s)
 		goto err;
 	}
 
-	if (3 > n)
-		goto truncated;
-	n2l3(p, llen);
-	if (llen + 3 != n)
+	if (!CBS_get_u24_length_prefixed(&cbs, &client_certs) ||
+	    CBS_len(&cbs) != 0)
 		goto truncated;
-	for (nc = 0; nc < llen;) {
-		n2l3(p, l);
-		if (l + nc + 3 > llen) {
+
+	while (CBS_len(&client_certs) > 0) {
+		CBS cert;
+
+		if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) {
 			al = SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
 			    SSL_R_CERT_LENGTH_MISMATCH);
 			goto f_err;
 		}
 
-		q = p;
-		x = d2i_X509(NULL, &p, l);
+		q = CBS_data(&cert);
+		x = d2i_X509(NULL, &q, CBS_len(&cert));
 		if (x == NULL) {
 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
 			    ERR_R_ASN1_LIB);
 			goto err;
 		}
-		if (p != (q + l)) {
+		if (q != CBS_data(&cert) + CBS_len(&cert)) {
 			al = SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
 			    SSL_R_CERT_LENGTH_MISMATCH);
@@ -2417,7 +2422,6 @@ ssl3_get_client_certificate(SSL *s)
 			goto err;
 		}
 		x = NULL;
-		nc += l + 3;
 	}
 
 	if (sk_X509_num(sk) <= 0) {
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index ab8e74e63a..e70f8af440 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.109 2015/06/20 17:04:07 doug Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.110 2015/07/14 05:16:47 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2335,10 +2335,11 @@ end:
 int
 ssl3_get_client_certificate(SSL *s)
 {
+	CBS cbs, client_certs;
 	int i, ok, al, ret = -1;
 	X509 *x = NULL;
-	unsigned long l, nc, llen, n;
-	const unsigned char *p, *q;
+	long n;
+	const unsigned char *q;
 	STACK_OF(X509) *sk = NULL;
 
 	n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
@@ -2376,7 +2377,11 @@ ssl3_get_client_certificate(SSL *s)
 		    SSL_R_WRONG_MESSAGE_TYPE);
 		goto f_err;
 	}
-	p = (const unsigned char *)s->init_msg;
+
+	if (n < 0)
+		goto truncated;
+
+	CBS_init(&cbs, s->init_msg, n);
 
 	if ((sk = sk_X509_new_null()) == NULL) {
 		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
@@ -2384,28 +2389,28 @@ ssl3_get_client_certificate(SSL *s)
 		goto err;
 	}
 
-	if (3 > n)
-		goto truncated;
-	n2l3(p, llen);
-	if (llen + 3 != n)
+	if (!CBS_get_u24_length_prefixed(&cbs, &client_certs) ||
+	    CBS_len(&cbs) != 0)
 		goto truncated;
-	for (nc = 0; nc < llen;) {
-		n2l3(p, l);
-		if (l + nc + 3 > llen) {
+
+	while (CBS_len(&client_certs) > 0) {
+		CBS cert;
+
+		if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) {
 			al = SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
 			    SSL_R_CERT_LENGTH_MISMATCH);
 			goto f_err;
 		}
 
-		q = p;
-		x = d2i_X509(NULL, &p, l);
+		q = CBS_data(&cert);
+		x = d2i_X509(NULL, &q, CBS_len(&cert));
 		if (x == NULL) {
 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
 			    ERR_R_ASN1_LIB);
 			goto err;
 		}
-		if (p != (q + l)) {
+		if (q != CBS_data(&cert) + CBS_len(&cert)) {
 			al = SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
 			    SSL_R_CERT_LENGTH_MISMATCH);
@@ -2417,7 +2422,6 @@ ssl3_get_client_certificate(SSL *s)
 			goto err;
 		}
 		x = NULL;
-		nc += l + 3;
 	}
 
 	if (sk_X509_num(sk) <= 0) {
-- 
cgit v1.2.3-55-g6feb