diff options
| author | Matt Caswell <matt@openssl.org> | 2016-09-29 17:40:13 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-09-29 18:07:45 +0200 |
| commit | cc59ad1073c49cbb173708d7377df06ad3786f4c (patch) | |
| tree | 4e7c2ccf54a21fc9d3d4b0b5a03ad3db25cfcbbb /ssl | |
| parent | Fix mis-named macro in packet_locl.h (diff) | |
| download | openssl-cc59ad1073c49cbb173708d7377df06ad3786f4c.tar.xz openssl-cc59ad1073c49cbb173708d7377df06ad3786f4c.zip | |
Convert CertStatus message construction to WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_err.c | 1 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 41 |
2 files changed, 15 insertions, 27 deletions
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index e6c73208a4..9539e674e1 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -239,6 +239,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { "tls_client_key_exchange_post_work"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST), "tls_construct_certificate_request"}, + {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERT_STATUS), "tls_construct_cert_status"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC), "tls_construct_change_cipher_spec"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_DHE), "tls_construct_cke_dhe"}, diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index e361738f27..3fbc4ad590 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3125,36 +3125,23 @@ int tls_construct_new_session_ticket(SSL *s) int tls_construct_cert_status(SSL *s) { - unsigned char *p; - size_t msglen; - - /*- - * Grow buffer if need be: the length calculation is as - * follows handshake_header_length + - * 1 (ocsp response type) + 3 (ocsp response length) - * + (ocsp response) - */ - msglen = 4 + s->tlsext_ocsp_resplen; - if (!BUF_MEM_grow(s->init_buf, SSL_HM_HEADER_LENGTH(s) + msglen)) - goto err; - - p = ssl_handshake_start(s); - - /* status type */ - *(p++) = s->tlsext_status_type; - /* length of OCSP response */ - l2n3(s->tlsext_ocsp_resplen, p); - /* actual response */ - memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); + WPACKET pkt; - if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_STATUS, msglen)) - goto err; + if (!WPACKET_init(&pkt, s->init_buf) + || !ssl_set_handshake_header2(s, &pkt, + SSL3_MT_CERTIFICATE_STATUS) + || !WPACKET_put_bytes_u8(&pkt, s->tlsext_status_type) + || !WPACKET_sub_memcpy_u24(&pkt, s->tlsext_ocsp_resp, + s->tlsext_ocsp_resplen) + || !ssl_close_construct_packet(s, &pkt)) { + SSLerr(SSL_F_TLS_CONSTRUCT_CERT_STATUS, ERR_R_INTERNAL_ERROR); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + ossl_statem_set_error(s); + WPACKET_cleanup(&pkt); + return 0; + } return 1; - - err: - ossl_statem_set_error(s); - return 0; } #ifndef OPENSSL_NO_NEXTPROTONEG |