WPACKET: don't write DER length when we don't want to

With endfirst writing, it could be that we want to abandon any zero length sub-packet. That's what WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH was supposed to make happen, but the DER length writing code didn't look at that flag. Now it does. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11703)
author: Richard Levitte <levitte@openssl.org> 2020-05-01 18:06:18 +0200
committer: Richard Levitte <levitte@openssl.org> 2020-05-04 05:50:06 +0200
commit: 12cbb8e0497bc4990cfb02f1b9ebe23df9b53a2c (patch)
tree: eee0c28f466cde273b6e1f4600ab7144ee6449bf /crypto/packet.c
parent: Fix reason code clash (diff)
download: openssl-12cbb8e0497bc4990cfb02f1b9ebe23df9b53a2c.tar.xz
openssl-12cbb8e0497bc4990cfb02f1b9ebe23df9b53a2c.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/crypto/packet.c b/crypto/packet.c
index 661b59e842..6db97a5434 100644
--- a/crypto/packet.c
+++ b/crypto/packet.c
@@ -265,7 +265,10 @@ static int wpacket_intern_close(WPACKET *pkt, WPACKET_SUB *sub, int doclose)
                 && !put_value(&buf[sub->packet_len], packlen,
                               sub->lenbytes))
             return 0;
-    } else if (pkt->endfirst && sub->parent != NULL) {
+    } else if (pkt->endfirst && sub->parent != NULL
+               && (packlen != 0
+                   || (sub->flags
+                       & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) == 0)) {
         size_t tmplen = packlen;
         size_t numlenbytes = 1;
author	Richard Levitte <levitte@openssl.org>	2020-05-01 18:06:18 +0200
committer	Richard Levitte <levitte@openssl.org>	2020-05-04 05:50:06 +0200
commit	12cbb8e0497bc4990cfb02f1b9ebe23df9b53a2c (patch)
tree	eee0c28f466cde273b6e1f4600ab7144ee6449bf /crypto/packet.c
parent	Fix reason code clash (diff)
download	openssl-12cbb8e0497bc4990cfb02f1b9ebe23df9b53a2c.tar.xz openssl-12cbb8e0497bc4990cfb02f1b9ebe23df9b53a2c.zip