Loading include/openssl/ssl.h +1 −0 Original line number Diff line number Diff line Loading @@ -2220,6 +2220,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS1_SET_SERVER_SIGALGS 335 # define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 # define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372 # define SSL_F_TLS_CONSTRUCT_CERT_STATUS 429 # define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 427 # define SSL_F_TLS_CONSTRUCT_CKE_DHE 404 # define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405 Loading ssl/ssl_err.c +1 −0 Original line number Diff line number Diff line Loading @@ -239,6 +239,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { "tls_client_key_exchange_post_work"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST), "tls_construct_certificate_request"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERT_STATUS), "tls_construct_cert_status"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC), "tls_construct_change_cipher_spec"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_DHE), "tls_construct_cke_dhe"}, Loading ssl/statem/statem_srvr.c +14 −27 Original line number Diff line number Diff line Loading @@ -3125,38 +3125,25 @@ int tls_construct_new_session_ticket(SSL *s) int tls_construct_cert_status(SSL *s) { unsigned char *p; size_t msglen; /*- * Grow buffer if need be: the length calculation is as * follows handshake_header_length + * 1 (ocsp response type) + 3 (ocsp response length) * + (ocsp response) */ msglen = 4 + s->tlsext_ocsp_resplen; if (!BUF_MEM_grow(s->init_buf, SSL_HM_HEADER_LENGTH(s) + msglen)) goto err; p = ssl_handshake_start(s); /* status type */ *(p++) = s->tlsext_status_type; /* length of OCSP response */ l2n3(s->tlsext_ocsp_resplen, p); /* actual response */ memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_STATUS, msglen)) goto err; return 1; WPACKET pkt; err: if (!WPACKET_init(&pkt, s->init_buf) || !ssl_set_handshake_header2(s, &pkt, SSL3_MT_CERTIFICATE_STATUS) || !WPACKET_put_bytes_u8(&pkt, s->tlsext_status_type) || !WPACKET_sub_memcpy_u24(&pkt, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen) || !ssl_close_construct_packet(s, &pkt)) { SSLerr(SSL_F_TLS_CONSTRUCT_CERT_STATUS, ERR_R_INTERNAL_ERROR); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); ossl_statem_set_error(s); WPACKET_cleanup(&pkt); return 0; } return 1; } #ifndef OPENSSL_NO_NEXTPROTONEG /* * tls_process_next_proto reads a Next Protocol Negotiation handshake message. Loading Loading
include/openssl/ssl.h +1 −0 Original line number Diff line number Diff line Loading @@ -2220,6 +2220,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS1_SET_SERVER_SIGALGS 335 # define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 # define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372 # define SSL_F_TLS_CONSTRUCT_CERT_STATUS 429 # define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 427 # define SSL_F_TLS_CONSTRUCT_CKE_DHE 404 # define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405 Loading
ssl/ssl_err.c +1 −0 Original line number Diff line number Diff line Loading @@ -239,6 +239,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { "tls_client_key_exchange_post_work"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST), "tls_construct_certificate_request"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERT_STATUS), "tls_construct_cert_status"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC), "tls_construct_change_cipher_spec"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_DHE), "tls_construct_cke_dhe"}, Loading
ssl/statem/statem_srvr.c +14 −27 Original line number Diff line number Diff line Loading @@ -3125,38 +3125,25 @@ int tls_construct_new_session_ticket(SSL *s) int tls_construct_cert_status(SSL *s) { unsigned char *p; size_t msglen; /*- * Grow buffer if need be: the length calculation is as * follows handshake_header_length + * 1 (ocsp response type) + 3 (ocsp response length) * + (ocsp response) */ msglen = 4 + s->tlsext_ocsp_resplen; if (!BUF_MEM_grow(s->init_buf, SSL_HM_HEADER_LENGTH(s) + msglen)) goto err; p = ssl_handshake_start(s); /* status type */ *(p++) = s->tlsext_status_type; /* length of OCSP response */ l2n3(s->tlsext_ocsp_resplen, p); /* actual response */ memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_STATUS, msglen)) goto err; return 1; WPACKET pkt; err: if (!WPACKET_init(&pkt, s->init_buf) || !ssl_set_handshake_header2(s, &pkt, SSL3_MT_CERTIFICATE_STATUS) || !WPACKET_put_bytes_u8(&pkt, s->tlsext_status_type) || !WPACKET_sub_memcpy_u24(&pkt, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen) || !ssl_close_construct_packet(s, &pkt)) { SSLerr(SSL_F_TLS_CONSTRUCT_CERT_STATUS, ERR_R_INTERNAL_ERROR); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); ossl_statem_set_error(s); WPACKET_cleanup(&pkt); return 0; } return 1; } #ifndef OPENSSL_NO_NEXTPROTONEG /* * tls_process_next_proto reads a Next Protocol Negotiation handshake message. Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>