[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Thu Aug 13 08:33:15 UTC 2015
The branch master has been updated
via df758a8569efe9e124baaa16aba4ac3fc35bbd9d (commit)
from 2acdef5e97977958e9bb3b4a139039599ef1aefe (commit)
- Log -----------------------------------------------------------------
commit df758a8569efe9e124baaa16aba4ac3fc35bbd9d
Author: Matt Caswell <matt at openssl.org>
Date: Tue Aug 4 20:10:06 2015 +0100
PACKETise Server Certificate processing
Use the PACKET API to process an incoming server Certificate message.
Reviewed-by: Emilia Käsper <emilia at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_clnt.c | 31 +++++++++++++++++--------------
1 file changed, 17 insertions(+), 14 deletions(-)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 01a0a8c..4ebd7aa 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1232,12 +1232,12 @@ int ssl3_get_server_hello(SSL *s)
int ssl3_get_server_certificate(SSL *s)
{
int al, i, ok, ret = -1, exp_idx;
- unsigned long n, nc, llen, l;
+ unsigned long n, cert_list_len, cert_len;
X509 *x = NULL;
- const unsigned char *q, *p;
- unsigned char *d;
+ unsigned char *certstart, *certbytes;
STACK_OF(X509) *sk = NULL;
EVP_PKEY *pkey = NULL;
+ PACKET pkt;
n = s->method->ssl_get_message(s,
SSL3_ST_CR_CERT_A,
@@ -1257,36 +1257,41 @@ int ssl3_get_server_certificate(SSL *s)
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_BAD_MESSAGE_TYPE);
goto f_err;
}
- p = d = (unsigned char *)s->init_msg;
+
+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
if ((sk = sk_X509_new_null()) == NULL) {
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
goto err;
}
- n2l3(p, llen);
- if (llen + 3 != n) {
+ if (!PACKET_get_net_3(&pkt, &cert_list_len)
+ || PACKET_remaining(&pkt) != cert_list_len) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
- for (nc = 0; nc < llen;) {
- n2l3(p, l);
- if ((l + nc + 3) > llen) {
+ while (PACKET_remaining(&pkt)) {
+ if (!PACKET_get_net_3(&pkt, &cert_len)
+ || !PACKET_get_bytes(&pkt, &certbytes, cert_len)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
SSL_R_CERT_LENGTH_MISMATCH);
goto f_err;
}
- q = p;
- x = d2i_X509(NULL, &q, l);
+ certstart = certbytes;
+ x = d2i_X509(NULL, (const unsigned char **)&certbytes, cert_len);
if (x == NULL) {
al = SSL_AD_BAD_CERTIFICATE;
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_ASN1_LIB);
goto f_err;
}
- if (q != (p + l)) {
+ if (certbytes != (certstart + cert_len)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
SSL_R_CERT_LENGTH_MISMATCH);
@@ -1297,8 +1302,6 @@ int ssl3_get_server_certificate(SSL *s)
goto err;
}
x = NULL;
- nc += l + 3;
- p = q;
}
i = ssl_verify_cert_chain(s, sk);
More information about the openssl-commits
mailing list