[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Tue Aug 30 20:20:02 UTC 2016
The branch OpenSSL_1_0_2-stable has been updated
via 7c59fbfb26bd59ec173fb109cc6476988a31b165 (commit)
from 7fb82d06746f7503323a7846448e095bf8f5ef9e (commit)
- Log -----------------------------------------------------------------
commit 7c59fbfb26bd59ec173fb109cc6476988a31b165
Author: Matt Caswell <matt at openssl.org>
Date: Tue Aug 30 15:06:01 2016 +0100
Ensure the CertStatus message adds a DTLS message header where needed
The function tls_construct_cert_status() is called by both TLS and DTLS
code. However it only ever constructed a TLS message header for the message
which obviously failed in DTLS.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_srvr.c | 21 +++++++++------------
1 file changed, 9 insertions(+), 12 deletions(-)
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index b5eff98..7c19753 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3504,37 +3504,34 @@ int ssl3_send_cert_status(SSL *s)
{
if (s->state == SSL3_ST_SW_CERT_STATUS_A) {
unsigned char *p;
+ size_t msglen;
+
/*-
* Grow buffer if need be: the length calculation is as
- * follows 1 (message type) + 3 (message length) +
+ * follows handshake_header_length +
* 1 (ocsp response type) + 3 (ocsp response length)
* + (ocsp response)
*/
- if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) {
+ msglen = 4 + s->tlsext_ocsp_resplen;
+ if (!BUF_MEM_grow(s->init_buf, SSL_HM_HEADER_LENGTH(s) + msglen)) {
s->state = SSL_ST_ERR;
return -1;
}
- p = (unsigned char *)s->init_buf->data;
+ p = ssl_handshake_start(s);
- /* do the header */
- *(p++) = SSL3_MT_CERTIFICATE_STATUS;
- /* message length */
- l2n3(s->tlsext_ocsp_resplen + 4, p);
/* status type */
*(p++) = s->tlsext_status_type;
/* length of OCSP response */
l2n3(s->tlsext_ocsp_resplen, p);
/* actual response */
memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
- /* number of bytes to write */
- s->init_num = 8 + s->tlsext_ocsp_resplen;
- s->state = SSL3_ST_SW_CERT_STATUS_B;
- s->init_off = 0;
+
+ ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_STATUS, msglen);
}
/* SSL3_ST_SW_CERT_STATUS_B */
- return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+ return (ssl_do_write(s));
}
# ifndef OPENSSL_NO_NEXTPROTONEG
More information about the openssl-commits
mailing list